Demo

The exploit should identify alice since her profile picture is shown in the victim's settings page (https://unsafe.polict.net/demo-web-tracking/settings, which is cross-origin) we are using as leaking endpoint.

Click "start", then:

Yes, it could have probably made stealthier :-)