And I assume that different audio drivers and software will produce minutely different outputs. It's also possible that they're queueing a sound to be played then canceling the sound after reading the raw computed signal out of the buffer.
It was my understanding that these methods profile performance of the API which will execute at different speeds on different devices. The samples themselves shouldn't be different if they're using AudioBuffer and typed arrays.
True, but I think the technique points to the way that other timing attacks used as fingerprinting vectors can and will work. Profiling performance of network requests, image rendering time, etc will always be risks unless all Javascript features employ that kind of mitigation.
Sleezy sleezy crap.