Have you heard about SnailLoad?

Stefan Gast of Team CoreSec just published the first fully remote website- and video-fingerprinting attack working via arbitrary TCP (Transmission Control Protocol). SnailLoad does not require any attacker code on the victim machine, any TCP connection is enough.

If you want to try out the demo yourself or watch the music video the team created, check out 🐌