Could fingerprinting be easily avoided by randomizing all of these parameters? Sure, you'd still have a unique fingerprint, but if every time you load a page you have a completely different unique fingerprint, wouldn't that solve the problem?
It 'solves' the problem in the theoretical sense, but in a practical sense websites may still require information from the browser for actual justified purposes. Think identifying the browser, OS, resolution and window size (non-exhaustive list and I'm a data-linking person but not a web person, so I'm just making them up).
Indeed as long as browsers need to send actual information for successful implementation of whatever it is the website is doing, the potential for fingerprinting still exists. And as long as there are sufficiently non-random properties of the computer for the theoretical attacker to poll (via whatever mechanism they can), then fingerprinting will be a viable mechanism.
Although as EFF points out, if MOST of the identifier obtainers require Javascript or connections to certain URLs to work, it might be that blocking javascript and URL blockers might be sufficient to stop most of them in practice?
Edit: of course, every time I say theory and practice here we run into problems of how much people are willing to do or put up with in practice...
Put a browser inside a read only virtual machine and have everyone agree to use it. All temp folders can be mapped to RAM. Have the VM use a random VPN each time and never login to anything.
Nearly everyone would have the same fingerprints even down to the browser resolution, root CA lists, installed fonts, etc. The only real difference being the sites you visit.
