Not five minutes after pressing enter on my previous post a friend wrote back and challenged me to compare IE's behavior with that of Firefox. I don't like doing product comparisons but clearly this is a question others will ask so I'll share the results with you:
Results: behavior of the two browsers are essentially identical. In both cases, my browser was uniquely identified.
Conclusion: we need to work across the industry to align browsers with minimal disclosure principles. How much information needs to be released to a site we don't trust yet? To what extent can the detailed information currently release be collapsed into non-identifying categories? When there is some compelling reason to release detailed information, how do we inform the user that the site wants to obtain a fingerprint?