With a rich set of APIs websites are closer to applications than documents these days, which means they also have a wealth of ways of spying on you.
The seminal research paper from 2016 by the University of Illinois notes:
Modern smartphones contain motion sensors, such as accelerometers and gyroscopes. These sensors have many useful applications; however, they can also be used to uniquely identify a phone by measuring anomalies in the signals, which are a result of manufacturing imperfections. Such measurements can be conducted surreptitiously by web page publishers or advertisers and can thus be used to track users across applications, websites, and visits. We analyze how well sensor fingerprinting works under realworld constraints. We first develop a highly accurate fingerprinting mechanism that combines multiple motion sensors and makes use of inaudible audio stimulation to improve detection. We evaluate this mechanism using measurements from a large collection of smartphones, in both lab and public conditions.
Now Google is working to counter the technology with an option to block websites from accessing your gyroscope, accelerometer and light sensor data, with the feature showing up in the latest Chrome Canary build.
Access to sensors is enabled by default, but Chrome will now show an indicator (above) when a site is using them, allowing you to block access site by site.
On Android it is only possible to block all sites from accessing your motion data. This is by design due to less user interface surface but this may change in a future UI update.
The feature is being targetted for roll-out in Chrome 75, and should, therefore, reach the public in quite a few months.