Note that one very simple mitigation for browser fingerprinting is to simply run different browsers for "the business Internet" and "the fun Internet". You may need to do this anyway, because so many business sites only work on Chrome, with Javascript enabled, no VPN, no adblocker, and pop-ups enabled. But then you might use Chrome (which tracks everything you do anyway) for all your banking, SaaS, government tasks, so they all work, and then say Brave or Opera in an incognito window for all your fun reading. You get the adblocker, you get a different cookie jar for each session, you get easy access to Tor to hide your IP, etc.
Also recommended to have a separate sandbox for "projects" - basically things that you do that each might require their own research, toolchain, files you create, etc. I'd highly recommend doing this in a virtual machine though - oftentimes you need to install apps to do your project work, and that presents its own attack vector. Plus if it's all in a VM you can just backup the VM and start fresh on new hardware without having to install all the dependencies, while if you're just saving random files and backing them up they probably won't work as software gets updated and dependencies get out-of-date.
I don't think separate browsers is a very effective mitigation. If both browsers are running on the same machine, from the same ip address, using the same email address for logins, the same phone number for 2FA, it will be pretty clear that both browsers represent the same person. Even cross-device identity tracking is a real thing.
In general you shouldn't be logging in to any of the "fun" sites. If you do, you should create a burner email address and separate logins (and obviously separate passwords) for each site. A lot of the "fun" Internet doesn't require 2FA, but for sites that do (which is an increasing number of social media providers), I'd highly recommend getting a Google Voice number and using that. That shifts the trust boundary to Google, who is going to have all your info anyway, rather than dozens of fly-by-night websites.
If the definition of "fun" sites doesn't even include anything with a login (no youtube, no forums, no HN...), then it feels like it includes so little as to be meaningless. The "business" internet (at least most of it) needs to be anonymous if we want to have a free society and efficient markets.
Also recommended to have a separate sandbox for "projects" - basically things that you do that each might require their own research, toolchain, files you create, etc. I'd highly recommend doing this in a virtual machine though - oftentimes you need to install apps to do your project work, and that presents its own attack vector. Plus if it's all in a VM you can just backup the VM and start fresh on new hardware without having to install all the dependencies, while if you're just saving random files and backing them up they probably won't work as software gets updated and dependencies get out-of-date.