Responsible disclosure and commercial fingerprinting aren't contradictory.

Do you seriously not see the contradiction? I consider all methods that enable fingerprinting, as vulnerabilities that browsers should fix, if we did that it would destroy their business. On top of that a company like that shouldn't be allowed to exist in the first place as a legal entity and it very likely is already operating in a legal grey area in a lot of places. It's the difference between a security company that provides IDS signatures as a service that does responsible disclosure vs. a malware company that offers 0click exploits. Would you praise the NSO group if they did responsible disclosure?

Fucking HN sheep

	▲	flufluflufluffy 2 hours ago \| parent \| next [-]
		If you take their claim that they don’t use vulnerabilities in their products as true, then I don’t see a contradiction. If it isn’t true, then obviously there is a contradiction. But your considering of all methods that enable fingerprinting as vulnerabilities is your own opinion. There are definitely measurable signals that are based on a user’s behavior, rather than data exposed by the browser itself.
	▲	kube-system an hour ago \| parent \| prev [-]
		It's a little bit disingenuous to call intentional wont-fix features "vulnerabilities".