As you may or may not be aware, even when browsing "incognito", you can theoretically be tracked. Browsers have unique fingerprints, just like people do. Check this link to learn more.
While I can easily see and understand the theory behind it, I searched and found no recorded evidence of browser fingerprints being used to identify someone. Is it purely theory or has there been any recorded and proven cases of browser fingerprints used in identifying someone?
Well I can only provide anecdotal evidence for this, but I have seen a site that I was reviewing make use of Panopticlick style functionality for tracking, so it definitely does occur.
It appeared to be part of their overall user tracking / analytics set-up
Your question reminds me of an answer to a question quite related to this subject where it is mentioned (I do not want to link to it directly):
Assuming that you can use TOR or a VPN or an openshell anywhere to tunnel away your IP address, the "safest" practice in my opinion would be to fire up a virtual machine, install a stock Windows Seven on it, and use that for any privacy-sensitive operation. Do not install anything unusual on the machine, and it will truthfully report to be a stock Windows Seven machine, one between a horde of similar machines
It is answer I still remember about because my personal experience with this website is a good evidence that browser fingerprinting is not a mere theory. When I started to use this website in the first days, I created around 20 VMs with different OS versions where the host machine uses a private IP address. I have been detected and suspended; I was not even able to create a new profile on new VMs even after changing the host machines (I even used one server to by pass the suspension)
Browser fingerprinting is not a theoretical subject but applied almost everywhere: your bank, Facebook, Google, StackExchange websites ...
