Chrome does give access to localStorage/sessionStorage in Incognito and this can be used to communicate between tabs on the same domain, but just like cookies and cache this data is wiped if you close the Incognito instance.
It's certainly a mystery, because you'd expect any capability fingerprinting (some combo of UA, extensions, CPU/GPU specs, IP etc) to give an identical result between profiles, so it does seem there's some per-profile difference. But I can't think of any browser API that exposes something like an ID...
Then, could not we a get a trace of the properties it uploads to the server by analyzing what is executed in the javascript? Sure it has some sort of submit endpoint where it throws the individual values to.
I see things hat look like font fingerprinting, CSS, Apple pay detection, ... , msPointerEnabled, ..., webkitResolveLocalFileSystemURL, ... cookie settings...
... used mathematical library (sinus, cosinus, ...)
serviceworkers, ...RTCPeerConnection, hardwareConcurrency,
Maybe we could dissect it and analyze the full list?
At some other place, they documented e.g. you can get the light/dark theme information out of the CSS. Doesn't even need JS to do it.
It's certainly a mystery, because you'd expect any capability fingerprinting (some combo of UA, extensions, CPU/GPU specs, IP etc) to give an identical result between profiles, so it does seem there's some per-profile difference. But I can't think of any browser API that exposes something like an ID...