Mozilla employees
The possibility of re-identification was tested during a two-week experiment - data on visits in the first week were tried to be compared with data on the second week. It turned out that it was possible to re-identify 50% of users who visited 50 or more different domains. When visiting 150 or more different domains, the re-identification coverage increased to 80%. The check was performed on a sample of 10 sites to simulate data that large content providers can obtain (for example, Google can control access to 9823 sites out of these 10000, Facebook to 7348, Verizon to 5500).
This feature allows large owners of popular resources to identify users with a fairly high probability. For example, Google, Facebook, and Twitter, whose widgets are hosted on third-party sites, could theoretically re-identify approximately 80% of users.
You can also determine previously opened sites by indirect methods, for example, by enumerating popular domains in JavaScript code with an assessment of the difference in delays when loading resources - if the site was recently opened by the user, then the resource will be issued from the browser cache almost instantly. Previously, to determine the open pages could be used
Similar CSS-based browsing history methods were used in a similar study,
Source: opennet.ru