At the moment, KDE Plasma's metapackage requires the large media-fonts/noto. Adding to that, some websites or applications require fonts themselves such as media-fonts/awesome. When browsing websites with javascript enabled, sites are able to scrape what fonts a user has, as well in what order the fonts are in. With the noto package, as well as other fonts that a user would require to install, this makes it very simple to create an identification without the need for resolution, canvas rendering, IP, cookies, or browsing habits. The solution I have in mind is to create a metapackage of all fonts, with USE flags to toggle on or off specific fonts/font packages. Then at postinst the package would spoof what fonts are installed on the system, so that there is a sizeable amount of people 'using' the same fonts. Regarding size of the package, USE flags for SRC_URI should prevent downloading unneeded fonts. You may be interested in opening the links below in a container. Browser Uniqueness Test https://amiunique.org/ Font Fingerprint & Metrics https://webbrowsertools.com/font-fingerprint/ Eckersley, P. How Unique Is Your Web Browser?, EFF https://panopticlick.eff.org/static/browser-uniqueness.pdf
Browser fingerprinting is a mess but breaking the Operating System is not the way to go, at all. Javascript is literally a remote code execution feature and there is some actively anti-privacy/pro-tracking features being added in it (Beacon API is the first one that comes to my mind and it's far from being the only one). Browsers should fix this or web browsers would have to be sandboxed (which is effectively what QubesOS is about for example).
