I believe that the only two privacy extensions you really need to meet 90% of your privacy goals are uBlock origin + NoScript
uBlock origin is effective because it stops the injection of ads which might contain and inject code. NoScript forces you to look at which scripts you really need for the website to function. Say you visit a trusted site, like your lemmy instance, then you can enable running of javascript by default the next time you visit the site. You’ll be surprised how functional some sites are even without javascript. I did not like the idea of browsers having Javascript: it’s remote code execution and if there’s anything malicious in there and your browser is not patched against it you’re fucked. This way yeah it’ll be annoying when you first visit a site but it remembers your settings for the next time you visit.
You can still be tracked with that.
I wouldn’t run without Chameleon set to change my borwaser properties every 60 seconds, which makes tracking fingerprinting useless.
Sounds dumb.
In session sanitising seems pretty useless.