Minimize fingerprintability of scroll interval/rate

Scroll behavior can vary across devices, configurations, and hands. The scrolling behavior on small vs. large touchpads (with two-finger scrolling), "clicky" mouse wheels with different scroll intervals, smooth "rolling" mouse wheels, key-taps, and key repeats (with different repeat rates) are all different.

With JavaScript or lazy loading, a page can track where a user has scrolled. JS could track whether a user scrolls in discrete or continuous increments, in long sweeping gestures or short bursts, at variable or continuous speeds, etc. There should be a good amount of entropy available.

Possible mitigations:

• Tor Browser: have scrolling only function in fixed or percent-based increments on "Safer" or "Safest" mode.
• Tor Browser: have scrolling only work with keyboard input on "Safest" mode, as it has less variability (I think).
• Users: use Whonix/Kicksecure default settings with its keystroke anonymizer.
• Users: stick to using pgup/pgdn buttons with letterboxing enabled.