There's obviously some level of fingerprinting, can't really be avoided entirely.
I feel like youre overestimating how many sites use cookies for tracking anymore, and how many use canvas fingerprinting. Sites like twitter, facebook, and even whitehouse.gov (<- super creepy) nearly all banks, nearly all payment proccessors, nearly all online retailers, all employ canvas fingerprinting.
But with things like uBlock and Privacy Badger, their tentacles can be at least reduced, e.g. random news sites can't link you back to Facebook because uBlock is blocking their share/like buttons, and Privacy Badger is preventing any tracking cookies from Facebook.
Yeah, they definitely can. Because FB and twitter collect and share your fingerprint (as do the news sites) on pay databases. A news site can collect your fingerprint with a simple script, upload it to a database, and look up the site info for every other site that has also detected that fingerprint. Often, this is free in exchange for the site sharing the information, though sometimes its a pay service. Most plugins and privacy SW will not detect this if the fingerprint script is served from the site being visited.