jakearchibald
commented
3 years ago @samuelweiler can you provide some more detail? I'm not sure what kind of fingerprints counts as 'ephemeral', or how that could be achieved with a service worker. I assume by timers you mean setTimeout and setInterval, but I'm not sure what counts as 'context-dependent'.
It might be helpful if you could frame it relative to another form of origin storage, eg describe what fingerprinting capability service worker offers beyond localStorage.
Service worker is part of origin storage, so if you ask the browser to clear a site's storage, the service worker goes too.
At first glance, I'm not clear on whether events can be fired based only on context-dependent timers or also based on external things. If the latter, then presumable service workers could be a vector for ephemeral fingerprinting. Even if there's not an issue, this should be written up in the privacy considerations section, providing justification for why it's not an issue.