This tool is deeply flawed. Fingerprinting protection is sometimes done by binning, which this tool rewards, and is sometimes done by randomizing, which this tool harshly punishes. The net result is it generally guides you away from the strongest protection.

The flip side of this, having the complementary flaw of testing only persistence, not uniqueness, is (warning, real tracking link) fingerprinting.com/demo. You can try resetting your ID and seeing if it changes here. Since tracking requires (a degree of) uniqueness AND (a degree of) persistence, the danger signal is only failing both the EFF test and this test.

Failing both is a requirement to derive meaning, not being lax: measuring only uniqueness would fail a random number generator, and measuring only persistence would fail the number 4.

Regular OS X safari: Our tests indicate that you have strong protection against Web tracking.

>Your browser fingerprint has been randomized among the 378,837 tested in the past 45 days. Although sophisticated adversaries may still be able to track you to some extent, randomization provides a very strong protection against tracking companies trying to fingerprint your browser.

>Currently, we estimate that your browser has a fingerprint that conveys at least 18.53 bits of identifying information.

Anyway, this test doesn't really communicate the results very well. Yes, Tor browser stands out. No, it's not easy to differentiate between different Tor browser users via this kind of fingerprinting.

Tor Browser tries to widen the fingerprint buckets you can get put into by eg rounding off canvas sizes. The widest bucket and unavoidable is “Tor (browser) user”.

Visiting this site with a freshly installed, stock Tor browser (therefore with JS enabled, no settings changed from defaults) on Debian stable gives me:

"Our tests indicate that you have strong protection against Web tracking."

"Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 301.9 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 8.24 bits of identifying information."

Interestingly, increasing the Tor Browser Security level from Safe to Safer actually increased the bits of identifying information and reduced the anonymity:

"Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 832.32 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 9.7 bits of identifying information."

And at the Safest Security level (i.e. with JS diabled) the identifying bits and anonymization appear to be at their best:

"Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 261.41 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 8.03 bits of identifying information."

Tor without JS is still subject to some degree of fingerprinting through CSS (media queries, caching) and tracking methods through mouse (without JS).

You can even track people by favicon which bypasses incognito mode. Another part is hiding font urls in css with more tracking...

Interesting, Chrome failed but Firefox and Brave "have strong protection against Web tracking."

In iOS embedded WebView: “strong protection against Web tracking”, and a fingerprint of ~20 bits.