Extensions can be used to fingerprint your browser, so for best privacy practices I recommend installing extensions sparingly.

#uBlockOrigin is a must, then #NoScript, and depending on your threat model, possibly #Bitwarden password manager.

Mullvad browser comes with the first two pre-installed.

Since logins can also be used to track you, I highly recommend using #qubesos so users can create specific qubes (appvms) for specific purposes or identities.

For example, a user can have one qube with its own IP and OS and browser specifically for using the #alby extension, #nostr etc., that is not used to log in to anything else on the web.

I highly recommend everyone practice privacy through isolation and compartmentalization to the degree their threat model calls for.