The `languagechange` event is noticeable on all open tabs
It turns out that there is the
languagechange event which is noticeable on all open tabs allowing to correlate activity of a user cross-domain and bypassing our unlinkability requirement.
Now, triggering that one can't be done remotely and is probably not done very often. But still we should find a way to make it much less obvious to third party scripts that a particular user made language related changes and has been on website A, B, and C.
Reported on HackerOne by tomvg.