Browser fingerprinting takes measurement of things the browser exposes. If a browser exposes installed extensions, this can be used to corelate information. If awebsite checks if the browser loaded something or not, that also can be used to corelate.

Example, you (ip address xxx.xxx.xxx.xxx) visited this website (trackingsite.xyz), with a screen resolution of 1920x1080, using a (Mozilla/firefox) browser. The three trigger pixels did not load, meaning you're using an adblocker, and the remote font loaded from localhost, not google. Your canvas, microphone, and camera are all blocked. Your browser also responded to an api ping for (useful extension). Interesting. This same configuration was also on (othertrackingsite.xyz) and (definitelyalegalsite.xyz), both of which a browser with the same info navigated to for at least 5 minutes, so we know it wasn't a mistype. This same browser configuration was seen regularly browsing these sites on [days of the week] at [time of day], indicating a regular habit.

We know who you are and where you have gone.

I think it's about the combination of extensions you have. Not everyone has every popular extension and you may have some less popular ones etc.

Every different part of computer setup/OS/resolution/extension/etc is a data point that can be used to uniquely identify you and track your web browsing. Generally any desktop computer will have a unique fingerprint, the only hardware setup I've heard of being common enough to avoid fingerprinting is something like using safari on a modern iphone.

It’s about the exact combination of extensions you have installed, along with all of the other info that a nosy website can obtain from you (installed fonts, User Agent string including exact version numbers, etc). It doesn’t come down to any one particular piece of info, but every bit adds to the overall picture. Here is a good overview and their main page runs an active test on your browser.