First, I'll step back, I think, to explain a bit of the context. When we're talking about, say, tracking, there can be some technologies that are explicitly for tracking, such as cookies. One of the evolutions we've seen is the development of what we call a synthetic fingerprint. It's just a unique digital number that is synthesized by a third party, probably to attempt to track. It can also be used for anti-fraud and some other reasons, but certainly it is fit for the purposes of tracking.
You're right. Some researchers, by looking at variations in sensor manufacture, identified that there was the ability to try to synthesize one of these unique identifiers. Fingerprinting, much like anti-tracking, is going to be something that will continually evolve and that we're committed to staying in front of. When you ask how it was used, I don't have any data that it was used at all, but I also can't assure you that it was not.
We introduced a number of mitigations in our most recent update, which the researchers have confirmed have blocked their version of the attack, but again, I'd put this in the context of fingerprinting being an evolving area, so I choose my word “mitigations” also carefully. Without actually removing sensors out of the device, there will continue to be a risk there. We're also going to continue to work to mitigate that risk and stay on top of it.