[JMTQp8lwXL]

Given that IP address, user agent, fonts, screen dimensions, and a few other data points easily found via JavaScript can create a fingerprint [0], isn't a bit disingenuous to suggest any browser can truly block tracking, especially if JavaScript is enabled?

I could use cURL to perform all web browsing, but my IP Address + User Agent could still be tracked by the website I visit.

With time, what seems to be occurring is a game of cat-and-mouse where trackers develop more powerful heuristics for creating fingerprints.

[0]: https://amiunique.org/

[asdkhadsj]

To extend your comment; Even your mouse movements can be used to form an identity of you. Not only that, your mouse movements even correlate to demographic information about you (eg age/gender/etc).

With that said, I think you're correct in that it'll be a game of cat and mouse, but I'm not sure what the alternative is. Are you implying that there is anything that can be done beyond the traditional cat and mouse? Because I feel that's the same with security, crypto, etc etc.

[JMTQp8lwXL]

Browsers need to rethink what is available via JavaScript. Scroll position, cursor location, etc. should not be readable. CSS Media queries for building responsive should still be fine to write, but the JavaScript API should be silent as to what styles are actually applied (to prevent workarounds for say, inferring the screen height/width from media query styles).

If we go back to basics, where I can make a network request, and the body includes a useful response (e.g., no need for running JS to populate the DOM, as is the case with SPAs that aren't server-side rendered), we can free ourselves from those more advanced heuristics.

It will likely always be cat-and-mouse, but we can rethink the universe of data available within the browser (that can be reported back via XHR requests), and make that universe much smaller.