Very interesting, but it still seems like browsers would be able to prevent that: simply restrict the font list to a generic set when in incognito mode. Similarly for any other fingerprint thing. Of course, in the most general case this might be hard (or impossible) to prevent fully, but a browser developer should be able to at least get close to minimizing it... I would think?