To extend your comment; Even your mouse movements can be used to form an identity of you. Not only that, your mouse movements even correlate to demographic information about you (eg age/gender/etc).
With that said, I think you're correct in that it'll be a game of cat and mouse, but I'm not sure what the alternative is. Are you implying that there is anything that can be done beyond the traditional cat and mouse? Because I feel that's the same with security, crypto, etc etc.
Browsers need to rethink what is available via JavaScript. Scroll position, cursor location, etc. should not be readable. CSS Media queries for building responsive should still be fine to write, but the JavaScript API should be silent as to what styles are actually applied (to prevent workarounds for say, inferring the screen height/width from media query styles).
If we go back to basics, where I can make a network request, and the body includes a useful response (e.g., no need for running JS to populate the DOM, as is the case with SPAs that aren't server-side rendered), we can free ourselves from those more advanced heuristics.
It will likely always be cat-and-mouse, but we can rethink the universe of data available within the browser (that can be reported back via XHR requests), and make that universe much smaller.
With that said, I think you're correct in that it'll be a game of cat and mouse, but I'm not sure what the alternative is. Are you implying that there is anything that can be done beyond the traditional cat and mouse? Because I feel that's the same with security, crypto, etc etc.