Indexed databases are associated with a specific origin.
The fact that database names leak across different origins is an obvious privacy violation.
It lets arbitrary websites learn what websites the user visits in different tabs or windows.
This is possible because database names are typically unique and website-specific.
Moreover, FingerprintJS observed that in some cases, websites use unique user-specific identifiers in database names.
This means that authenticated users can be uniquely and precisely identified.
Some popular examples would be YouTube, Google Calendar, or Google Keep.
The Google User ID is an internal identifier generated by Google.
Note that these leaks do not require any specific user action.
The demo is available atsafarileaks.com.
Another alternative for Safari users on Macs is to temporarily switch to a different net web surfer.
Unfortunately, on iOS and iPadOS this is not an option as all browsers are affected.
source: www.techworm.net
