The "browser window prefers a specific size" part is infuriating to say the least. I wonder what the person who came up with this detail was thinking. Can't you just leave the window size up to the user but still keep the other changes?
I'd like to believe that all the other changes still contribute plenty towards obscuring the fingerprint, but there's no way I can adjust to manually having to resize the browser window every time I open a new one.
The TOR browser (based on FF) has this implemented for some time now. It resizes the window by a large (I think 50px) grid instead of single pixels. That way the window sizes are adjustable by the user, but still less unique than pixel adjusted.
Instead of changing window size, a browser could display site with a fixed with (e.g. 1280 pixels) centered inside a window. This way you can have your window fullscreen or any reasonable size but the site will "see" standard 1280 pixel wide screen.
Of course, 1280 pixels should not be hardcoded, there could be a choice between several popular sizes.
Right, but there are different monitor sizes out there (1366x768, 1920x1080, 2560x1440, 3840x2160) so that's still a fingerprinting vector. In addition, because of various user settings (eg. whether they're using compact theme or not, various OS settings), "full screen" on a 1920x1080 monitor for one person might result in a different viewport size for another. That also becomes another fingerprinting vector.
It's mainly a problem for macOS users, since we tend to adjust the application dock to quite individual preference. Windows users will with full-size window mostly end up in the same few groups. Linux users to a lesser degree.
I use tree style tabs and though my browser is full screened, I sometimes get popups from people and websites trying to be clever, thinking that the only reason a window seems full screen but isn't must obviously be those darned dev tools.
I quickly close websites like that (and blacklist them in my pihole if they're particularly offensive in their messaging) but for people like me these protections do actually help.
I'm not sure if that's still the case, but I definitely remember Tor Browser throwing a warning you when you try maximising the window for this reason.
Probably but there is a lot of space even on a 15" laptop screen. I usually have my browser windows half width. The other half is an editor, terminal, whatever. I'm full screen only for sites that actually use all the space. AWS and Google console, vSphere, spreadsheets, etc.
I'm not sure this would work, in general. A page will often render slightly differently based on the size of the window, so whatever size is "reported" to the webpage would end up being how big the page is rendered.
Only if there's active use of e.g. JavaScript or some server-side scripting that needs the info for some processing, for example using JavaScript to place a floating modal flush against bottom/right corner. The browser itself doesn't need to relay the dimensions "to the webpage" in order for HTML/CSS to render as any specific size, nor to achieve responsive/scaling UI design that adjusts to the window size.
What I'm trying to convey is that it's a misunderstanding that the server renders the page for the browser, and that reporting innerHeight/Width properties to the web server ("the webpage") is a requirement for having anything pop up on the screen.
I'd like to believe that all the other changes still contribute plenty towards obscuring the fingerprint, but there's no way I can adjust to manually having to resize the browser window every time I open a new one.