Alternate take: it's exactly as bad as you expected, but your timeline was off.
And even so, perhaps it's later than you realize. Device attestation in the browser is the final nail in the coffin, and it's a question of "when" not "if" major sites start requiring it in the name of "safety" from bots.
> and it's a question of "when" not "if" major sites start requiring it in the name of "safety" from bots.
I recently found a plugin that can alert to JS doing shady "fingerprint-like" activity. I did not expect it to go off quite as often as it does now.
It would seem that some sites are already asking _very_ probing questions about the browser so it's only a matter of time before they go one step further and demand proof and gate on furnishment of that proof.
And even so, perhaps it's later than you realize. Device attestation in the browser is the final nail in the coffin, and it's a question of "when" not "if" major sites start requiring it in the name of "safety" from bots.