There is no good technical solution here. But the damage could be limited if browsers at least limited entropy somewhat. Stuff like reading back canvas contents should need user approval.

Just make sure it’s sufficiently illegal to keep this info. Find and make big visible examples of fining companies that trade in this info. If a company sells a product that fetches ads based on an ”identifier” their little js snippet computed then just pay them a visit. Fine both them and their customers to the max extent of the gdpr (or equivalent).