As long as neither the user, nor the site operators can opt out of this, it’s a little bit creepy.
It’s Chrome sending telemetry back to Google from user’s behavior. From a user’s perspective, yeah, I want an opt-out.
From a site operator’s perspective, I don’t see the problem. Change this to Googlebot (the search index crawler) and it seems 100% benign and actually really useful. Then it’s just an IP downloading your site’s CSS.
I wouldn’t expect any less from a browser designed to watch everything you do.
I think there are two parts to this: public and non-public websites/apps. For the public part, I don’t see much harm. The HTML and CSS is already out there anyway, anyone can scan it.
The non-public part is a different story. Essentially they are leaking information from environments that are supposed to be private and protected. That is awful. So I can’t even trust the browser to keep things secret after I logged in somewhere with my password, or 2FA. They will probably defend this by saying that it is anonymous and aggregated, etc. But already the idea that that can take this information and do with it whatever want without even asking or notifying is incredibly arrogant and subverted.
There’s a ton of very popular alias-webkit-*. Is that some Blink internal leaking? Or is some popular site or embed overdoing prefixes?
I suspect counting page loads may be heavily skewed towards a few popular sites. webkit-line-clamp is on 1/3rd of page loads. It’s a property I’d expect used on top sites with user-generated content, but rather niche anywhere else.
Given this 4 yo bug, I think it’s a internal Blink detail leaking.