The results in this short paper contain a false negative probability for the concrete numbers that are being used in practice. This is useful, but not directly applicable because they fail to account for the collision risk associated with duplicate values of the low entropy browser IDs that the API uses.

With the number of bits ($j$) in the browser identity being 11 or less the odds of a collision before hitting a threshold of 50 is quite high due to the birthday paradox ($2\cdot log(50) \approx 11.3$). That means that false negative chance could be quite a bit higher than the analysis suggests.

In #1000 I suggested an alternative design that isn't vulnerable to this particular problem.