How does it know to offer (in incognito mode) a list of your accounts you might want to re-login to? (Not always, but often enough to raise an eyebrow.)
Seems like a pretty good reason to think it still knows who you are.
Chrome is linked to your google accounts and saves your account auth tokens. When you use incognito, it doesn't immediately send that info. However, it does offer to sign you in. This is different from remembering login/passwords.
No. On login Google shows you your email address so you can click on it and only fill the password. Which means it knows you were logged in on that browser previously.
That shouldn't be possible in private browsing, unless you've previously logged into Google in that same private session.
One way you could see something similar to this would be if you opened a clean session, logged into Google, logged out of Google, thought you closed the last incognito window but didn't, and then opened a new incognito window? Then the user cookie would still be in client-side storage
I realize that the last time I liked at this was in the context of wireless devices on a private subnet - which is why I thought it might be relevant. However I am curious, why is it, then, that Windows 10 has gone for randomisation?
I don't think this happens. How do you think it's being transferred? A header sent only on requests to Google properties? A special JS API in Chrome that only Google knows to call?
Your link describes the Milan airport captive portal putting the MAC in the URL (don't do this). The referrer is automatically attached to any requests the page makes. This is a comically broken configuration, not something at all common.
Seems like a pretty good reason to think it still knows who you are.
As to how that works, you tell us.