The browser can be exactly like every other browser in the world, your actions and the capabilities of modern DOM would soon give it a unique fingerprint.
Modern websites are nothing like the human-readable HTML you may have seen in the past. Instead, they’re often baroque combinations of HTML div elements, CSS, fonts, and javascript. The CSS lets the architect easily re-style pages, and all the div elements help them dice up the page into zone of styles. Technically, the structure is still separate from the style (the original design goal of CSS), but 90% of the structure just exists to let you hang the style off of it. In addition downloadable custom fonts let them overload symbols (so that, for example, a * character becomes a custom image to serve as a bulletpoint, or the character m to serve as the “hamburger” menu button. Document Object Model (DOM) events and javascript let the browser change the page in response to your actions, such as by changing the CSS of an element from “hidden” to “visible”.
An example of how this can be abused: javascript and DOM can be used to read the value of properties on the open page. (You wouldn’t expect them to be able to set something without reading it back, would you? That would make designs very brittle when an error eventually creeps in.) That means you can read the color of various links, to see if they match the visited link color or the unvisited link color. Do that with the 500 most popular web sites, and you have a pretty good idea of where that browser has been, which paints a pretty unique picture of your history for fingerprinting. And of course, none of those links need to be visible, when CSS can hide them.
Basically, the DOM (what the browser lets a website do to itself as you interact with it) supports a lot more flexibility and power than it really needs. They do this because of the modern goal of supporting web-native “web apps” - video games, video players, spreadsheets, calculators, all running directly from a browser - which basically requires you to re-implement most of the OS API to give every type of app the range of data it may need.
Depending on how open your browser is, you can disallow some of these (which is the supported fix for the example above) at the expense of breaking the standard, and possibly needed webpage functionality. But of course, if you break functionality, the site admin can detect the lack of compliance and just say you’re not running a supported configuration, so to hell with you. Update your browser/accept cookies/enable javascript or GTFO. But of course, if they do allow you to use their site , your lack of compliance can always be used as a fingerprint datapoint as well. Ultimately, taking all the power out of the browser and putting them into open standards just shifted real power from the user (who owns the machine) to the web architects (who wrote the web page). Unless a privacy violation is so egregious that a browser-maker breaks it for all it’s customers by default (as with above example), or unless many thousands of people used an add-on that does the same, you can still be tracked.
