When you launch private mode (save for browser fingerprinting and other super cookies), you are a new user to the website. When you close it, anything the website attempted to store on your machine is gone. Of course it can track you during that session but not before or after.
Unfortunately techniques like browser fingerprinting[0] still work in private browsing and can be used to link your private browsing to your normal browsing.
Can, but usually aren’t. Advertisers aren’t interested in advertising to you unless it’ll “work” (in terms of sales, clicks, or whatever the KPI is). If I think you want to not see my ad, I don’t want to buy your eyeballs.
My own experiments with GL and the timing-based methods is that they just don’t work well (compared to say, cookies) when delivered via an advertisement. Plugins and fonts work very poorly as well, lately.
I don’t think anyone is using these methods to target advertising, and state-level actors don’t have to (they just bug your ISP).
