Continuing the discussion from Navigator.timeZone:
I think this is a fantastic approach to fingerprintable info in general. What's the UA consensus / standardization around this?
Should there maybe be a standard (OWASP?) assigning "fingerprinting potentiation scores" to the distinctive properties (saying which function calls the UA should treat as accumulating suspicion)?
Could the community (eg. FSF) turn this into a browser extension (maybe using Object.observe() on
navigator), akin to HTTPS Everywhere?
Also, perhaps after a certain number of suspicion triggers are raised, the browser goes into "lockdown" (eg. functions start returning the same values as private browsing) until the site's integrity can be assessed?