In light of recent changes to Google policy allowing the use for third-party fingerprinting as a supercession of third-party cookies (which are considerably easier to detect and block), I wanted to take some time to explain what fingerprinting is, how it works, what possible mitigations exist, and present some ideas of how privacy-concerned digital citizens can move forward.
You may be familiar with the idea that fingerprints in the physical world at a crime scene are later used as admissible evidence of who committed a crime. That is, fingerprints are unique enough to identify someone and determine guilt beyond a reasonable doubt! What we denote "fingerprinting" is a variety of techniques that developers of web applications can use to do something very similar - track your identity (and thus associate it with your activity) across sessions and across websites. Notably, you don't have to be authenticated to a service for fingerprinting to work - they know who you are whether you are using an account or not.
The traditional way that websites tracked users was to use specific cookies. Not all cookies are used for tracking - for example, when you save your password to prevent the need for repeated authentication on a website, a cookie is the means of accomplishing this. Fingerprinting began as an attempt to track without the need for cookies. This need has been exacerbated with developments like Apple's ATT, which allowed users to opt out of tracking cookies on a system-wide level without the need for more technical configuration in the process.
You can see your browser's fingerprint right now by using the EFF's Cover Your Tracks tool.
There are many different methods which can be used to generate a fingerprint that is unique to your browser. In most cases, many different methods are used and the results combined. What the methods tend to have in common is to use seemingly innocuous metrics in cleverly abusive ways. Here is a brief and entirely noncomprehensive list of ways you might be fingerprinted:
"If you change the world in even the slightest way, then you have leaked information about yourself in principle."
The above quote comes from Gwern's brilliant Information Theory-based analysis of anonymity in the anime series Death Note. It applies here really well: the actions that one takes to mitigate and resist fingerprinting, if not taken with extreme care, may actually result in you being easier to fingerprint.
Many people use browser extensions such as CanvasBlocker to prevent fingerprinting. However, one must keep in mind that without care, websites will (usually) be able to determine which extensions are installed. If you have 20 different privacy-focused extensions installed, your set of extensions is likely unique to you. Especially when combined with the other aforementioned fingerprinting data, this is hurting you more than it helps.
The most important action you can take to resist fingerprinting on desktops and laptops is to use a privacy-focused browser with fingerprinting protection built in. This essentially leaves you the choice between Brave, LibreWolf, Mullvad Browser, or Tor. (Have a look here and you'll see why I only mention these.) Note that Firefox alone is not resistant to fingerprinting, though it can be hardened (this is exactly what both LibreWolf and Mullvad do). Tor accomplishes their fingerprinting resistance differently than the others out of necessity due to the nature of the network - you can read about this here.
This isn't an article about which web browser is best - that is not only a topic with a level of contention close to the editor war, but it is also a matter of your own circumstances. What is important is that if you care about resisting fingerprinting, you use one of these browsers. My personal choice is LibreWolf. You should additionally always use adblocking, and consider doing so on a network-wide basis through something like a Pi-hole to help mitigate fingerprinting on other devices.
It is much harder to resist fingerprinting on mobile devices such as smartphones and tablets. On iOS, every browser is a descendant of Apple's own core browser components, severely limiting what can be done. On Android, anything that you do is already going to be compromised by Google regardless of what browser you use (unless you are running something like Graphene, in which case you don't need this article!).
My only advice here is to try to limit how much browsing you do on mobile devices and keep it to the desktop when possible.
It was the power of users collectively rising up and adopting anti-tracking technologies like adblocking that, at least in Google's view, rendered third-party cookies obsolete. If we wish to do the same for fingerprinting, we must all shift to using browsers which are resistant to fingerprinting, to the point where the amount gained from fingerprinting is minimal.
The best things that we can do are to first and foremost ensure that our own devices and configurations are resistant to this invasive and downright creepy technology. Apart from that, it's helpful to spread the word. Fingerprinting is a covert technology - it runs invisibly in the background when you browse hoping you'll never even know it exists - if we spread the word, I think we will find that folks are willing to step up their privacy game accordingly. The name of the game is spreading awareness.
The landmark paper on fingerprinting "The Web Never Forgets"