Well, if tracking were a purely theoretical threat, you wouldn’t need to be afraid of big techs collecting your private data and browsers wouldn’t need to implement sophisticated tracking protection features. And browsers’ tracking protection aren’t sufficient by default either, because they still expose plenty of fingerprinting information by default, such as User-Agent and Accept-Language, since they are too useful for ensuring the minimum level of experience for average users. Those data, combined with your IP address, are usually sufficient for identifying you among hundreds of others in the access log.
Also, the fingerprinting information isn’t needed at all if a tracker DMs you an image URL with a tracking parameter, a common technique in the e-mail world. When your client downloads the image, the tracker not only tells that you viewed the post at that time, but they also gets your fingerprint to link with your past and future activities elsewhere.
“Presence status” is a feature only because you opt into making them public, and I don’t think that should be unknowingly exposed. I believe Mastodon’s behavior is a sensible default. if there is a problem, that is probably that they don’t offer a configuration to opt out of that behavior, not that it’s a bad default.