Isn't passing every test going to make the browser uniquely unique? My impression is that they want it to be 'fingerprinted' but look like 1,000,000 other Tor browsers so they can't be told apart.

Yes either you want everyone to look the same, or you want every page request to be totally random.

Indeed, my fingerprint in https://www.amiunique.org/fp appears to be unique when using the Mullvad browser.

I've tested the site with the Tor Browser and it told me "Yes! You are unique". I've downloaded my fingerprint, closed the Tor Browser and did it again and again it was unique. So they couldn't link the two sessions together which is good. A jsondiff of the downloaded files only showed "canvas" as different which I guess gets generated randomly on every visit?

I just diffed the fingerprint[0] of 6 Mullvad browser sessions across 2 different devices and it was a unique fingerprint in every case[1]

It mixes a lot - fonts returned, media devices, the canvas ID - it's pretty good and similar to what you expect from the improvements out of Tor Browser

[0] using amiunique and fingerprint.js (now fingerprint.com) - which most of the nefarious ad networks use

[1] not that just as with Tor, you have to quit the browser or click the 'new identity' menu button. just closing a tab/window and re-opening is not enough. I've always believed that there could be a UI hint to this in private browsers with a unique color/background in the menubar as an indicator

Check all the browser leak tests too, they are important and different tests.

Maybe Mullvad uses some techniques to randomize the unique fingerprint over time in order to not get tracked? So you’re basically identifiable for only a certain period of time until the tracked identity becomes invalidated.

Same for me, I am using a VPN provider.

Even after installing Privacy Badger, my fingerprint remained unique and unchanged, with 17.65 bits of identifying information.

For comparison, after I disabled JavaScript, blocked remote fonts, disabled cosmetic filtering, and blocked large media elements using uBlock Origin, my fingerprint was no longer unique, and it dropped down to 9.55 bits of identifying information. Obviously, I don't recommend people do this, but it was fun to check it out.

This is not necessarily the fault of the browser alone. I‘m also unique on a Safari on an up-to-date iOS, which in itself is not very unique.

Testing on a bunch of sites does nothing at all. Fingerprinting is a lot more than just that

Browser fingerprinting is exactly that. And the browser leaks are an even more concerning issue that must be confirmed. Websites want to know who you are or at least that you're not a bot. As a pro-privacy user, you don't want websites to know either of those things. That's low-hanging fruit that a few simple browser tweaks can help with.