If i remember correctly (i admit, i remember it slightly different, but this was the first link i found) she hasn't even purchased things, just searched for them. But my point is: the reason why they were able to connect these searches (and/or purchases) and form a coherent picture describing her habits was because they were able to identify her across "sessions" (for the argument it doesn't matter if these sessions were purchases or just web searches): there is one session where someone searches for/buys "X" and there is another session (say, a day later) where someone searches for/buys "Y". To understand that a single person searched for/bought "X" as well as "Y" (and that way forming a picture of what the person is interested in) one has to have to connect the session data from these two sessions and come to the conclusion that the "someone" from the first session is the "someone" from the second one. If these were purchases the identifying criteria would be credit card information, name, address and so on. If these were web searches one of the methods doing the same is cookies, another is other stored web data. There was also a story about people being identified because of their search history a few years ago. This was possible only because the search engine provider (in this case not Google but AOL) was able to identify persons across contacts. It isn't necessary to identify you personally like "this session is by person X", it is sufficient to identify different persons like "this session was by the same person as that session".

Clearing these identification helpers will make it harder (note well - i don't say "impossible") for these organisations to identify you across various contacts with their services. I will readily concede that using anonymizing proxies (like TOR) will even help prevent this to a greater extent, but TOR is relatively slow, because of the way it operates. This is why i use it only for select purposes and use Firefox (with a hardened config, Ghostery, NoScript, and AdBlock installed, WebRTC disabled, ...) for low-threat things. And for the same reasons i delete all cached web data (session data especially) when i close the browser.

Another way would be to use "anonymous windows", which basically does the same with every new window. But i want at least some continuity in my browsing - i don't want to log in here for every new post, for instance, i don't want to log in to my chess server for every new game, etc. - i just do the bare minimum. Which is what i suggested.

Wolf