Comment by scrollaway

4 years ago

It's far fetched to think that google added web midi in this way just for a couple of bits of entropy which are essentially worthless (no ad network cares about identifying like 0.01% of people, if even that. Yes it's very valuable entropy if you want to identify those people specifically, but who actually wants to do that?)

The point is not to identify the people using Web MIDI but to identify individual users, regardless of what information exactly identifies them. To that end, every single piece of entropy helps. A good approach to it in general is to opportunistically consume every available API that can possibly divulge identifying information.

A lot of people also do have a virtual MIDI device installed whether they know about it or not. The name of this device differs between different operating systems and operating system revisions.

Well, in this case, a porn site wants to tie what it shows you to what you liked last time you visited. They aren't after your identity per se. They are after a conversion. And since you might be using incognito mode (no lingering cookies), they care about fingerprinting for that.

Edit: I see the disconnect now. I'm not saying Google/chrome added the midi API for fingerprinting. I'm saying the screenshot way up this thread is an example of a site using it for that purpose.