Stack Exchange's removal of "last seen" has demonstrated that the time that users are active is considered private information. However, there are still a variety of ways to circumvent that, and I've found what I believe is a new one.
SE's websockets have a <userid>-topbar endpoint. This is used to update number of new items in the inbox and achievements dropdowns (though importantly it does not show the items themselves). However, unlike the POST requests that are used to actually retrieve the inbox items, the websocket doesn't need any authentication.
Thus, anyone can see how many unread items are in a user's inbox/achievements, and be notified precisely when the user checks their inbox, since the UnreadInboxCount, UnreadNonRepCount, and/or UnreadRepCount would go down to 0. By upvoting one of the users' posts a few dozen times, perhaps spread over several weeks, one could get a pretty good idea of when the user is active.
It would also be possible to get a (less accurate) estimate of how long a user has been inactive based on the amount of reputation they've gotten since last checking their inbox.
This isn't a huge issue, especially since the API still reveals the exact last seen time, but I do think it's worth pointing out.
<userid>-...endpoints still working? A few days ago I tried experiencing with this in hope to get real-time notification for mobile app, but I didn't get any response. I probably tested it wrongly though.-topbarone does, although I'm pretty sure-inboxdoesn't work anymore. SE still seems to be requesting-reputationso I'm guessing that still works.