Following up from #20

The privacy risks associated with these high res timestamps are documented in the draft, as well as some of the issues (e.x. #56), and a long list of research papers (happy to provide citations, but they're already linked to elsewhere in the repo).

The usefulness of the timestamps are also well documented in #56, and it seems like there are cases where these would be very useful to web users.

However, these cases seem to be the rare case, and not what users will encounter on the vast majority of pages. And the most compelling examples of the usefulness of these timestamps are gated behind permission prompts (fullscreen API for games, USB inputs and WebVR for VR uses, etc).

I suggest only making these timestamps available when the user has approved one of the following permissions (using the permissions in Chrome currently):

• Fullscreen
• MIDI
• USB Devices

Could also add to the above list, if there are other permissions that'd be relevant. But it seems like this would be a way of blocking the privacy violating uses of these timestamps (at least in the common case) while also making them available in the cases where they're likely to be useful.