If you're behind a VPN, any cookies along with your browser fingerprint will still be bright red: https://panopticlick.eff.org/ If what you're doing is really sensitive, do it in a clean VM + Tor. If you're posting, you also need to consider keystroke fingerprinting although with language profiling: https://en.wikipedia.org/wiki/Keystroke_dynamics

Most threat models don't require considering these things.

Thanks

Linguistic analysis is sometimes called stylometry, and (although I've never tried it) there's a tool to analyze your anon-posts against a corpus of your non-anon language to see how to unique it is and how to anonymize it: https://github.com/psal/anonymouth

My impression is that the average Joe doesn't have enough of a public corpus for this to make a difference. But if you're an academic who blogs both publicly and privately? You might want to check it out.

There have been a several recent cases of political doxing of pseudonymous users. Blogger "Delicious Tacos", alt-right Youtuber "Millenial Woes", /r/the_donald user "HanAssholeSolo", and several members of the alt-right blog "The Right Stuff" have all been exposed at varying levels by various organizations. , As far as I understand, they were all exposed through OPSEC violations in their content, rather than technical violations. In the US, calling out the SWAT team when the target forgets to VPN before logging on to IRC is reserved for black-hats and child pornographers, at least so far.