Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies. This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data. The analysis highlights that browser fingerprinting poses a complex challenge from both technical and privacy perspectives, as users often have no control over the collection and use of their data. In addition, it raises significant privacy concerns as users are often tracked without their knowledge or consent.
those values are in no way random enough to be sure you're tracking a single user. it could be one or 1000 you're tracking. just because there's theoretically enough bits, doesn't mean they are all used. you can't use it to log people in, for example, you'll end up with people in other peoples accounts occasionally. IMO it's just a big scare.
Because when you collect tracking data for sale you don't care about every specific data point. You sell the data that is clean enough and scrap the rest, that's why tor browser recommends using the same window size for everyone, for instance, to make you indistinguishable and useless as a data point
it will never be completely useless tho. it just means all tor browser users who use this window size will get the same ads. for advertisers it's still better than not knowing anything. they know there's a group of people and some of them are into dragon dildos and some like to buy used underwear for example and then everyone in the group gets related ads if an advertiser decides to use it.
Why is TLS fingerprinting not mentioned? This is what CloudFlare uses and it's highly effective (unfortunately). It doesn't even require any use of HTML, CSS or JavaScript, and so can even identify non-browser things.