I know that the tor project does not recommend adding extensions, since they could give you a unique browser fingerprint.
1- Is this the case for all extensions or just ones that directly affect what is on the page (such as ublock origin or a dark mode extension)? For example, would a keepassxc extension affect the fingerprint, even though all it does is make managing passwords a little easier?
2- Could bookmarking websites affect my browser fingerprint? If I bookmark a hidden service, such as the .onion link to this forum, in order to keep track of the link, would that alone be able to affect my browser fingerprint? Or is that not something to worry about?
bookmarks are fine: they are not directly accessible to web content. Note that visited links (per id/session) are a little different: from my own notes:
Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive redraw timing attacks were largely mitigated in FF77+ [3]. RFP further hampers timing attacks. Also, clearing history on exit. However, social engineering [2#limits][4][5] and advanced targeted timing attacks could still produce usable results
extensions can leak metrics in many way, even if they don’t “directly” modify the dom. I know lastpass bitwarden currently does, as it rolls an API which shows up on all websites even if you’re not logging in or don’t have that domain in your list.