This might MIGHT be working as intended? (It's not unthinkable for a nefarious dev to point a user to an automatically loading website with a javascript payload. At the very least, they can get the user's IP and/or digital thumbprint of OS/image-display-resolution/timezone.)
We will need to wait and see from official sources.