Add device performance leaks.

[NDevTK]

Can be used to detect browser activity,
Allows more ways to leak data from other origins.

let old;
for(;;) {
let start = performance.now();
let time = performance.now() - start;
if (time - old > 0.4) console.log(time);
old = time;
}

Has been used for keystroke timing attacks using "Interrupt-timing" https://www.misc0110.net/web/files/keystroke_js_slides.pdf

[BitnomadLive]

They also published their code here:
https://github.com/IAIK/interruptjs
and the paper:
https://mlq.me/download/keystroke_js.pdf

[NDevTK]

Hi @BitnomadLive, Thanks for the feedback I did read this before however I have only just decided to reply!
I like this attack however its currently in a queue with #115 as a JavaScript traffic monitor would be nice for xsleaks. please make a article about this if your interested, it seems to be able to detect window.open and with a sharedarraybuffer it may get even better.

[terjanq]

I think the PoC would be for https://xsleaks.dev/docs/attacks/timing-attacks/execution-timing/#timing-the-event-loop, correct? We definitely could add a snippet there.

[NDevTK]

Yeah seems like the correct place for it.
The fact it can detect activity in a different tab seems useful.

[BitnomadLive]

Hi sorry for answering so late. I will have to read through #115 and I will add some of my thoughts.

[NDevTK]

ok :D