Privacy guidance please - browser fingerprinting defences

Brave is the best for anti-finerprinting but it not the best best. It does a great of anti-fingerpriting to the point that it does not cause compatibility issues or breakage for end users which they do not like.
The official tor browser is the best best. Brave blocks/fools ‘naive’ scripts easily. Finerprinting as far as I know is done by third party scripts, meaning if you are visiting any website it will load third party scripts for analytics. Brave blocks alll these tracking and finerpritning scripts by default. Meaning whatever we are doing here is pretty much meaningless to some extent in actual web browsing.

Amiunqiue.org is the not the correct indicator. If you see on their website, linux is rated 50%, firefox is rated 50% which is not possible.
Linux should be 2% and fiefox 5%.
The database is based on amiunique user data. Users of amiunique will obviously be privacy freaks instead of your average user you see watching youtube next to you.

As you say and want, if we are talking about only fignrrpitning and not includiing privacy and security with it then
10.) Do not install any extensions
11.) Follow above point 2.) and 8.)
12.) As you are on Mac, changing UA will not be good. If you were on linux, UA should be changed to the one of windows like hardened fireofx, librwolf, tor browser.
13.) Change your OS timezone to UTC. Brave picks its timezone from the OS unlike fireofx which has its internal directory.

The guts of useful fingerprinting defenses are not to make everyone look the same, or to make everyone looking different; both of those are fundamentally not possible without massive breakage. What makes Brave’s defenses uniquely strong is that for naive fingerprinters, we feed them enough randomization that they can’t reidentify people (everyone looks different). And for sophisticated fingerprinters, the randomization forces those fingerprinters to ignore the random-but-high-entropy inputs, and only consume a much smaller number of inputs, reducing identifiability and putting users into large anonymity sets for sites with non-trival numbers of visitors. All that is to say, fingerprint.js is doing a crummy job on their unpopular site (again, see the false positive); if they tried to do the same from popular, real-world sites like the ones they advertise at the bottom, their success rate would be even worse.

2.) Fingerprintjs is not exactly the way real word websites work to track, fingerprint users**. But sites like fingerprintjs, coveryourtracks, amiunique, creepjs can be good starting point to see browsers fingerprinting, and I tested brave with such sites too.

Fingerprintjs particularly uses:-
i.) User Agent
ii.) Probability
iii.) Device Timezone (Most Imp)
iv.) Browser/Device Language

3.) Normal default firefox got fingerprinted (ID’ed) easily. But, if firefox hardened to its extent, it could pass the test from fingerprintjs. For hardening it easily, I used arkenfox.js and created a new hardened firefox profile. Arkenfox.js and Tor browser got fingerprinted in similar way, as the base firefox/gecko is hardened similarly. Both of them beat fingerprintjs, but tor needed to be safer mode rather than standard mode to beat it. Opera and Edge have their own UA, and it seemed it made them both more unique.

a.) arkenfox and tor user agent is changed from Linux firefox to windows firefox.
b.) The anti-boting probability was affected as everyone looked the same.
c.) Device timezone is override and changed to 0+ GMT without affecting device timezone itself.
d.) Browser language by default was changed to English (US).
Other data is made same for all users (resisting) or afaik Canvas and Webgl are randomized like Brave does.

4.)
a.) Brave UA is the same as chrome (which is a good thing). On Linux, Brave UA by default is configured for Linux itself, making it more unique. Linux is smaller compared to windows, and on top of that, majority of users on Linux seem to prefer gecko browsers over chromium browsers.
If we consider UA data from amiunique (it may not be perfect real world data), brave/chrome similarity ratio on Linux were around 1%, while default firefox on linux similarity ratio to 8%. Arkenfox/tor on linux uses Windows UA making it around 15%. If UA of brave/chrome on linux is changed to brave/chrome Windows via web store extension, it is around 7%.
When I changed the UA from linux to brave, it hard a hard time ID’ing me. Only half of the time it could correctly ID me. Even chrome with Ubo could evade it to some extent.

b.) With the extension, I was changing the UA per session. UA was changed to more recent versions of chromium rather than old ones. Due to it the anti-boting probability was also affected but to smaller extent.

c.) Device timezone was notorious of all of them (in relation to fingerprintjs, other fingerprinting data collectors like coveryourtracks, creepjs or real world may be different). If device timezone was changed repeatedly per session or changed to GMT (0+) even without changing UA, it had a hard time getting ID’ed.

d.) I checked my browser language, and it was English (Regional), English (UK) and English (US). I removed the other two and made English (US) as my main language on browser and on OS itself as it most used browser/device language. Naturally, you cannot randomize language as a normal English speaker user is not gonna understand Japanese and vice versa. It seemed to have affected fingerprinting and reduced my uniqueness during individual trials.

5.) After combining all of these things, fingerprintjs could not ID me in any way.