I just checked myself and the identifying info for me was by a huge margin fonts & plugins. User Agent will become far less relevant if Epic gets more adoption and keeps a lock-step updating pattern. Perhaps as use of web fonts becomes more common perhaps it will become more feasible to send just a static list that's the same for all Epic users[1]. I suspect there's a potential cache-enumeration issue that would help tag browsers there, but I'm not sure.

As for plugins, that's a bit more difficult - I wouldn't mind an option to ask if I wanted to let a site enumerate plugins, but you start getting into header games & pointless reloads there if you're not careful.

[1] I force my own fonts for everything, so no UX issues for me. No idea how much of an issue it is for other folks.

It mentions fingerprinting as a threat, but doesn't do anything specific against it. Probably because no one is quite sure how to stop it. From the FAQ:

How does Epic protect against browser fingerprinting?

There is no agreed-upon way to prevent browser fingerprinting or device fingerprinting at this point. There are many fingerprinting techniques which a solution would need to protect against. While we are working on a more thorough solution [...]

I imagine it could send the default plugin/header/user agent of IE/Chrome/Firefox, or random stuff each time...

Epic at present blocks tons of fingerprinting scripts. Comments above seem right to us as well that user-agent doesn't make sense to use from a fingerprinting perspective. Fonts+Plugins do though. We actually do and could've released things to protect against fingerprinting actively right now BUT it wouldn't have been comprehensive or defended against some of the key things we'd imagine a fingerprinter would use e.g. flash fonts call & more. So there's more work to be done - please join our forums and help us come up with more thorough solutions for fingerprinting.