Hence why Firefox fully implemented the privacy disaster known as the AudioContext API, which leaks sensitive information about your audio peripherals without your consent or notification, even on sites with no audio whatsoever.
It's abused almost exclusively by ad networks, including Google's DoubleClick on major sites like StackOverflow.
These new APIs are used almost entirely for fingerprinting, and this was implemented after the Chrome team claimed they would carefully consider the security ramifications of new APIs. I guess it doesn't matter if the business unit next door prints money as a result.
Sure do. StackOverflow's Google ad partner explicitly allows the abuse of AudioContext and other audio APIs for tracking purposes, ruining user security. [1]
These APIs leak sensitive information about your peripherals without your consent or notification [2], and is used rampantly on Google's ad network.
Try it yourself and see. Simply open up the browser console and type: (new AudioContext())
Google Chrome developers have claimed that they consider privacy and security while implementing APIs, while they actively tear down privacy and destroy security (which benefits Google's ad unit). The separation between Google Chrome's security team and DoubleClick, is, in my opinion, non-existent. As another example, DoubleClick has a hard-coded backdoor in Chrome that sends a unique browser install ID as telemetry via headers to DoubleClick domains in all requests. [3]
It's abused almost exclusively by ad networks, including Google's DoubleClick on major sites like StackOverflow.
These new APIs are used almost entirely for fingerprinting, and this was implemented after the Chrome team claimed they would carefully consider the security ramifications of new APIs. I guess it doesn't matter if the business unit next door prints money as a result.