Should include mention of ephemeral fingerprinting

[JensenPaul]

I think it might be wise to include mention of an additional type of fingerprinting in section 3 of the doc: ephemeral fingerprinting. I use the term ephemeral fingerprinting to mean correlating web observable property changes concurrently observable by multiple sites to join cross-site identities. A thorough explanation that perhaps we can merge into this document is here: https://github.com/asankah/ephemeral-fingerprinting

[npdoty]

This is also noted in the Target Privacy Threat Model doc, related to simultaneous firing of events: https://github.com/w3cping/privacy-threat-model/issues/11

Should this be added as a new type of fingerprinting, or a sub-category of active fingerprinting, or a distinct data source (as listed in https://w3c.github.io/fingerprinting-guidance/#identifying)?

[samuelweiler]

Two answers: 1) new type and 2) something of the last - more of "be aware of sources that may be ephemeral". It's at least partly a new type because things that might not be identifying in and of themselves (what sound is playing in your room AT THIS MOMENT) is suddenly interesting.

[samuelweiler]

@npdoty Devices and Sensors Working Group, at TPAC, flagged the lack of docs on ephemeral fingerprinting. We should probably address this issue.

[hober]

If the fingerprinting guide adopts a change along these lines, I'd love to incorporate it by reference in the Privacy & Security Questionnaire!