Tacit may have something to offer on this but from the article you cited it appears that at this time there is no way of hiding your digital signature from this technique as It is based upon detectable/harvestable hardware and software information. That does not identify you specifically, it identifies your computer. So anyone using your computer is you. This appears to have nothing to do with cookies or cache files which means Private Browsing would be ineffectual.
Yes, that's exactly correct.
I just checked my browser's digital signature via Panopticlick with private browsing on and off. I was easily identified both ways.
Ditto for using a VPN; I have private VPNs set up in Portland and Vancouver, and again, my browser fingerprint could be identified.
Private browsing protects you from someone else sitting at your computer and seeing what you've been up to. It does not in any way prevent a sufficiently skilled server owner from fingerprinting your computer.
