214
- My first two points make a distinction between fingerprinting and more invasive attacks that JavaScript has enabled, including data exfiltration. You might not have encountered the latter, but that doesn't make them the same thing. (Also, the analytics you refer to that are possible without scripts are far less invasive than what scripts can do, as is hinted in my second point.)
- It's not unrealistic, since scripts can be turned off by default and enabled selectively when needed. (But were that not the case, it would be reason to use them less, not more.)