Yahoo will only respect DNT for Firefox users. This is because DNT was essentially ruined after Microsoft turned DNT on by default in IE. Since it didn't represent an explicit user choice, it carried much less weight. It is an explicit choice in Firefox.

What if, and this is crazy I know, you needed an explicit action to track me instead of relying on users not knowing such a thing exists to avoid.

You're going to love Firefox's new Tracking Protection feature, which is currently under development: http://blog.mozilla.org/nnethercote/2014/11/12/quantifying-t...

It allows you to block things coming from known tracking domains, giving better privacy and faster page loads on many sites.

The benefit is that this is built in to the browser, meaning more users will use it. If you want the extra protection of Ghostery, then by all means, go for it. This is easier for other users.

Well, for one thing, Ghostery is veeeeery slow (or was last time I checked). For a second thing, what makes you think that it's going to block less than Ghostery?

Is this what will replace (as a meta-solution, it appears) the backed-out third party cookie blocking stuff?

Well, if that is the case, then you would be tracked. Read the parent comment.

And how will they target only Firefox users? Should we expect IE to start masquerading as <insert Mozilla browser> again?

What is funny is that they are:

http://blogs.msdn.com/b/ie/archive/2014/11/11/living-on-the-...

DNT was a terribly flawed idea anyway.

If you don't want to be tracked — just don't allow to track yourself. Make your digital fingerprint as indistinguishable as possible and don't persist anything for any longer that's required to work.

And how many users can do that? I'm pretty experienced, I know a number of the fingerprinting techniques that can be used to track me, and I have no idea how I can browse while avoiding them all.

You're right. But still, DNT is snake oil that only makes things worse by providing a false sense of privacy while not resolving any issue.

And some fingerprinting issues that can't be solved by lone users could be solved by browser vendors. Let's at least start by doing something with those overlong User-Agent headers. And, say, limiting JavaScript capabilities on introspecting the environment.

Well, for one thing, this would Break The Web (tm). I assume that users of, say, TorBrowser would not mind, but I strongly doubt the greater public would accept that.

For another thing, these two measures would only force the trackers to switch to other fingerprinting mechanisms that are harder to turn off (ETags, canvas 2d/3d fingerprinting, CSS fingerprinting, etc.), so I don't think this would achieve what you hope.

It won't break the web any more than not supporting <blink> tag or deprecating SHA-1 certificates anymore. It would affect a tiny minority of sites that try to do weird things. Seriously, we had a lot of JS APIs being gradually deprecated (and, yeah, breaking the web), and we're still alive. And for the last ten years every web developer was constantly told to not depend on User-Agent headers and do capability checks instead of UA detection. If there are still some sites doing that, and a reason for a change exists - it's good time to break them and only make work with some compatibility mode.

And those were just the examples. Sure, the trackers will switch. ETags and CSS fingerprinting and any other tracking methods can be worked around too. We just have to start value privacy a bit more than dancing bunnies.

(But, sure thing, users want dancing bunnies, not privacy)

Many "stealth" techniques actually make you more trackable on the web. The person wearing a mask is easy to track in a crowd.