I just checked and there are over 100 checks for "should I have different behavior here if I am resisting fingerprinting?" just in the C++ code in Firefox today. There are some more in the JS code but they're harder to search for.
Some simple examples:
* Various navigator APIs (oscpu, platform, etc) need to be disabled.
* Gamepad API needs to be disabled.
* Have to prevent reading canvas pixel data
* Have to block information about avaiable OpenGL extensions from WebGL
* Modifier keys on keyboard events need to be spoofed (because they can be used to guess at keyboard layout)
* Errors from the media stack (for <video> and <audio>) need to be blanked out.
* Something to do with voice synthesis APIs; I didn't look into details.
* Connection API needs to be neutered
* Various timing APIs hanging off "performance" need to be neutered.
* Presentation API needs to be neutered.
* Number of CPUs reported by the navigator API needs to be spoofed.
* Window sizing for window.open needs to be spoofed.
* Ability to measure the difference between the window.inner* and window.outer* APIs needs to be disabled.
* Mouse positions in mouse events need to be spoofed to make it look like the window is fullscreened.
Need to do something about fonts and the CSSOM (Element.getBoundingClientRect() for example), too.
Just shipping a standard bundled set of fonts and only allowing use of that doesn't suffice because anti-aliasing width differences could give away the used font renderer.
Some simple examples:
* Various navigator APIs (oscpu, platform, etc) need to be disabled.
* Gamepad API needs to be disabled.
* Have to prevent reading canvas pixel data
* Have to block information about avaiable OpenGL extensions from WebGL
* Modifier keys on keyboard events need to be spoofed (because they can be used to guess at keyboard layout)
* Errors from the media stack (for <video> and <audio>) need to be blanked out.
* Something to do with voice synthesis APIs; I didn't look into details.
* Connection API needs to be neutered
* Various timing APIs hanging off "performance" need to be neutered.
* Presentation API needs to be neutered.
* Number of CPUs reported by the navigator API needs to be spoofed.
* Window sizing for window.open needs to be spoofed.
* Ability to measure the difference between the window.inner* and window.outer* APIs needs to be disabled.
* Mouse positions in mouse events need to be spoofed to make it look like the window is fullscreened.
* Touch event positions need to be spoofed.
* Geolocation needs to be disabled.
And so on, and so forth.