Yes you are right. I don’t think there is a realistic way for most people to be anonymous or private online anymore given all these offensive and invasive techniques being used regularly now. Hell cloudflare fingerprints people with TLS alone, and that doesn’t care about javascript or anything else above it.
Very strong disagree, I have seen and used many very widely used extensions that manipulate the DOM, which IMO satisfies your criteria of “something that can be observed” i.e. by javascript with a fingerprint tracker like creepjs.
Some examples:
ad blockers (uBO/uMatrix/etc.)
color/theme management (dark reader/dark theme/Stylish/etc.)
custom mouse cursor managers
page translators
addons serving in-browser ads
userscript managers (grease/tamper/violentmonkey etc.)
privacy blockers (CanvasBlocker/JShelter/etc.)
site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)
All of these can be detected and included as yet another bit of data that a unique fingerprint can be built from.