For a fingerprint to be useful it must not only be unique but also persistent. If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?

Point still taken, however you can only really check if a given font is installed, not obtain a list of all fonts. Thus, installing a wacky font is pointless as the fingerprinter won’t bother to check that particular font. There is queryLocalFonts on chrome but this requires a permission popup.

It's likely that yes, you will end up with an alias that links you because of a cookie somewhere, or a finger print of the elliptic curve when do do a SSL handshake, or any number of other ways.

The ironic thing is that because of GDPR and CCPA, ad tech companies got really good at "anonymizing" your data. So even if you were to somehow not have an alias linking your various anonymous profiles, you will still end up quickly bucketed into a persona (and multiple audiences) that resemble you quite well. And it's not multiple days of data we're talking about (although it could be), it's minutes and in the case of contextual multi-armed bandits, your persona is likely updates "within" a single page load and you are targeted in ~5ms within the request/response lifecycle of that page load.

The good news is that most data platforms don't keep data around for more than 90 days because then they are automatically compliant with "right to be forgotten" without having to service requests for removal of personal data.

>If I have a process that randomly installs and deletes wacky fonts, I'm unique at any given time, but the me of today can't be linked to the me of tomorrow, right?

See: https://xkcd.com/1105/

Services with a large enough fingerprinting database can filter out implausible values and flag you as faking your fingerprint, which is itself fingerprintable.