I’m skeptical of these side channel attacks that rely on training a neural network on specific controlled scenarios on controlled hardware. I believe that with enough time and effort and the perfect circumstances where the user is only visiting their website and doing one other thing that the network was trained on it can match.

It does not seem useful as a general purpose side channel vector.

It depends what you mean by "general purpose." First, these things generalize more often than you'd expect. Second, even in the absence of generalization they're still useful for, e.g., fingerprinting activities to manufacture a unique ID where non previously existed.

That's basically just a research, theoretical attack vector. It doesn't mean it's viable for general purpose old school mass privacy invasion