Position needed: Side-channel timing attack on dictionary #9
Description
Scenario
I can detect whether a dictionary A has been used by creating a script that uses dictionary A and timing whether A needs to be downloaded.
If A is a dictionary used by https://mypoliticalparty.example, I can detect (once) whether the user has recently visited that site.
Is it a problem?
We can pretty much do this already by timing the load of any js file from https://mypoliticalparty.example . I think it's exactly the same problem, so this is not a new privacy leak.