>Is it unreasonable to want, or even expect, an incognito window to disable all forms of tracking?
No, because incognito doesn't have power over what sites do with request data.
As for the layperson, I think they hold the (reasonable) model that an incognito session is just like using a burner phone that you throw away after: it creates a dummy identity separate from your normal one. So at worst, the places you call can compare notes and see that the same number called both of them, and they might also secretly log or record the calls. A burner phone doesn't prevent any of that, and neither would incognito (prevent the analog of).
However, if the phone companies somehow learned which people bought which burner phones, and shared their "normal" info with anyone who asked about a particular burner phone, then yes, that would break the expectation/agreement, and it sounds like Google does something similar to that.
> incognito doesn't have power over what sites do with request data
Again, this is just a description of how the world works. It says nothing about how the world could work. Incognito could turn your browser into a Tor client, or use a random sequence of VPNs to tunnel your traffic, or both, for example.
Fair enough -- I agree that there's more that a browser can do to protect your privacy. But I was mainly speaking to the question of what a reasonable user can expect, given what incognito mode communicates to them. And that reasonable expectation is "browser works the same, except with a new dummy identity", just like a burner phone vs your regular cell phone.
A mode like you describe is great, but I wouldn't expect a browser's built-in privacy mode to do all of that by default.
(And, FWIW, even then my statement is true. Even with the max privacy protections, once your request data has reached their servers, you can't do anything about their data storage by technical means. So even with a Tor client, if you've logged in and have to persist cookies to maintain session state, you can expect that the site to match identities across VPNs/Tor endpoints.)
Your last paragraph is exactly right: the problem is that it's doubtful that Incognito mode actually produces burner identities. If all Incognito does is create a temporary cookie jar, there are plenty of other ways to fingerprint a browser that would persist across Incognito sessions. The average user almost certainly doesn't realize that, and Google absolutely benefits from keeping up the pretense of privacy in Incognito.
No, because incognito doesn't have power over what sites do with request data.
As for the layperson, I think they hold the (reasonable) model that an incognito session is just like using a burner phone that you throw away after: it creates a dummy identity separate from your normal one. So at worst, the places you call can compare notes and see that the same number called both of them, and they might also secretly log or record the calls. A burner phone doesn't prevent any of that, and neither would incognito (prevent the analog of).
However, if the phone companies somehow learned which people bought which burner phones, and shared their "normal" info with anyone who asked about a particular burner phone, then yes, that would break the expectation/agreement, and it sounds like Google does something similar to that.