@mumblegrepper *tucks sleeve* fine, let's do some taxonomy!
I don't think feedback is relevant, the first fuzzers didn't use that.
I see two techniques often mixed up with "classical" fuzzing:
1) Trying identifiers, e.g. IDOR, URL paths, subdomains, etc. My argument here is since our inputs never trigger "new control-flows" this is not fuzzing. (It's tricky how we define control-flow in this case, but I think you get the point).
2) Vuln scanning with magic strings. Now you are right to point out that magic strings are definitely part of fuzzing (e.g. 0, -1, INT_MAX), and this is where the lines get blurry. My current working definition here is that fuzzing starts somewhere when you are physically limited in trying all reasonable inputs (note that no real filesystem will require a trillion ../'s to detect a path traversal) and systematic algorithms (e.g. adding one more backslash) aren't effective, so you might as well start gambling.
WDYT?