TheGodfather
Strelok
When your taking about something like Drawn Apart, it is a sophisticated, complex script, so really you need to pull out ALL the stops! Usually the best advice would be "Tor Browser on Safest, never unblock anything on NoScript." End Of Discussion. Blocks EVERYThing. All it allows is frames, and remote fonts by default on Safest, so that's all you get! However, read along if you want to get creative and still be able to use the web a bit while attempting to deal with such scripts, but it is hard and will take A LOT of tweaking and effort!
NoScript, if you se it up like Tor Browser's Safest level of security does, blocks Unrestricted CSS, Pings, and LAN access even on Domains you mark as Trusted! Default blocks Everything but Frames, Remote Fonts, and Noscript, whatever that is. Untrusted sites get nothing. So NoScript on Tor Browser's **Safest* setting is very, well, safe! That will mitigate all of Drawn Apart I'm sure, as well as any other fingerprinting that you might run across except cookies and local storage, and for everything beyond that, in Firefox you can also enable privancy.resistfingerprinting in about:config A Tor Browser feature that does have timing mitigations, restricts the fonts that sites can see, only lets sites see a predetermined set of hardware and randomizes the normal fingerprinting metrics. (2 CPUs, no information given about type of CPU or amount of RAM, random values each time for screen size, randomized canvas, audiocontext and WebGL {even when it's actually turned off} fingerprints each time it is asked for!)
All that is only given to a website when you enable JavaScript. Which you only want to do to top level sites when absolutely needed! They have no way to read any of that info when it is disabled! So you can selectively enable it when you absolutely need it, with a fine-grained tool like NoScript which will only enable certain things like media and scripts while still blocking (unrestricted) CSS and LAN access. If you can get temp root like I have you can throw the Arkenfox script into mobile Firefox and have all the benefits it gives you without the drawback of needing to spend 8 hours editing about:config. Mull browser has some of Arkenfox (in a weakened way) already applied on Android, so that can be a weaker option.
For the rest of fingerprinting mitigations for Drawn Apart and others, they certainly will rely on local storage as well..., you should use a browser that has very strict isolation of cookies and local storage between websites. I use Firefox and enable First Party Isolation. Now, THAT is kinda annoying to use, and I'm willing to use it with the drawbacks, but I never really recommend it to others! It's a feature used again by Tor, and it is VERY restrictive! It puts almost EVERYTHING that ALL websites like to save on your disk into different "silos" or strict partitions that can only be accessed by that site on that tab.
I understand tat with a setup like above I am very unique. However, my fingerprint changes constantly, each time it is measured, and I also hold NO LOCAL STORAGE that can be accessed by another site other than the one who set it, not even the same website in a different tab can access that was set by that same site in the last tab. ALL third party cookies are blocked. I don't even think that I have much data persistence, since I also hold nothing on the disk, only in RAM.
You can also run desktop Firefox that is much more secure though apps like AnLinux or UserLAnd, and set up Arkenfox there. On Strict mode it may not have First Party Isolation but you can disable it's Web Compatibility features ( the d in dFPI) which weakens it's dynamic un-restricting of it's new partitioning scheme. Then, you can possibly have resistance to something like Drawn Apart, on mobile too without using Tor.
I'd still love to know if Vanadium has anything at all like this, or even any mitigations that aren't user facing that would help against sophisticated scripts at all!