Is there a serious discussion of the privacy implications of this feature somewhere we can read instead? I'm not completely understanding the scenario. The one given is that you can probe a page for text (e.g. "cancer" in the example) by looking at resources requested. But doing that naively seems to require access to the unencrypted HTTP traffic between the endpoints, which would give you that data anyway.
Is there a serious discussion of the privacy implications of this feature somewhere we can read instead? I'm not completely understanding the scenario. The one given is that you can probe a page for text (e.g. "cancer" in the example) by looking at resources requested. But doing that naively seems to require access to the unencrypted HTTP traffic between the endpoints, which would give you that data anyway.
What's the actual attack vector here?