I feel like the math in this headline is off.

User agent logging is often done by running javascript locally on a machine, so the vpn would just pass the javascript to the local machine on which it would be run, so the data wouldn’t be effected that way.

Sometimes TLS fingerprinting is done to try to identify bots and not sure if bots would be included. They probably would be included because if they were blocked, then the javascript catching user would never be run on their machine, although I’m unsure of whether such bots would run useragent fingerprinting javascriot yo try to blend in or block it to avoid unneeded processing.