Some ad networks already respect DNT. But you are right, many of the big ones don't. While Google can't force most of the ad networks to respect DNT, Google can choose to respect the header, which is currently sent by 5% of Firefox users, when it is received by the Doubleclick and Google Analytics servers.
Instead of supporting a header that millions of consumers are already sending, you instead offer a browser add-on for analytics, and "keep my opt outs" for ad network opt out cookies.
The signal sent by a consumer setting the DNT flag in their browser is just as clear as a consumer installing your analytics opt out plugin, or obtaining the doubleclick opt out cookie.
You could, right now, respect the DNT header as you currently respect your own opt out mechanisms, but you don't.
I get that Google is not a charity. I get that Do Not Track (or any other mechanism that makes it easy for consumers to avoid tracking) threatens your bottom line. What I would prefer though, is honesty.
Please just admit that you want to make it difficult for consumers to opt out, and that a single, easy to use mechanism built into the browser is something you want to avoid at all costs, even if that means you are ignoring millions of consumers' intent.
1. I wrote Keep My Opt-Outs. It has exactly the practical effect you're looking for with regard to DoubleClick and about 60 other ad networks _right now_. Installing it opts you out of interest based tracking in exactly the way that clicking the DNT box in Mozilla doesn't (yet): https://chrome.google.com/webstore/detail/hhnjdplhmcnkiecamp...
2. Google's participating openly in http://www.w3.org/2011/tracking-protection/ to work out what DNT means in a detailed sense, so that when users send a header, either via a checkbox or via an extension, there's agreement about what the practical impact is. I'm not sure it's reasonable to expect much more than that right now.
1. Keep my opt outs is not a serious privacy enhancing technology. If it were, it would be built into the browser by default, and enabled via a simple, easy to discover UI (or better, enabled by default).
Keep My Opt Outs is largely political propaganda, or if you will, privacy theater. It gives your DC people something to talk about when they testify before Congress or the FTC. It allows them to say, "look, we do offer users the ability to opt out", while knowing that few users will seek it out and turn it on.
Compare, for example, the 5% of Firefox users who have enabled DNT, vs. the 62k users of KMOO. That number of users is pathetic, given how many people use Chrome.
2. Since when does something need to have gone through the standards process for Google to ship it in Chrome?
Consider, for example, what Adam Langley wrote when he added support for DNSSEC certificates to Chrome:
Google's approach to security (and in many other areas) is to iterate, quickly, see what works, and if it doesn't, kill it off.
Likewise, Chrome supports an early draft of WebSockets. The spec isn't finalized yet though. Google added support to a draft spec, and then will update Chrome to the final spec once it is done. See: http://blog.chromium.org/2010/06/websocket-protocol-updated....).
It seems to only be in the area of privacy where Google wants to wait until technologies have gone through the slow standardization process. In the mean time, while you wait for things to work their way through the W3C, Google's ad business continues to build detailed behavioral profiles on Internet users.
The longer the W3C takes, from Google's perspective, the better.
Look - I get that it must be frustrating to be a privacy engineer working on Chrome, when upper management won't let you deploy serious privacy enhancing features to users. I get that it must be embarrassing to work on the only browser that doesn't support Do Not Track (usually, IE is last to the party). What I don't get, is why you tout features like KMOO and Google's involvement in the W3C process as though you expect them to be taken seriously.
Google is not committed to enabling users to easily protect themselves from Google's widespread collection of their private data. To argue otherwise is foolish.
DNT is privacy theater too. It encourages a business model shift and research into data mining that has the same effect as tracking but without an implementation that would violate DNT. DNT does not solve the problem of ubiquitous online tracking. That problem is most likely unsolvable.
On my home network, Google, Facebook, and Twitter compete for the most web tracking next to my ISP's own capabilities. Traffic weighted, Facebook is now the leader in my household.
"So what about the rest? Two advertising companies took overt steps to respect the Do Not Track headers sent by browsers like Firefox, Internet Explorer, and Safari, which we just learned is actually a step beyond NAI's baseline requirement. Another 10 companies went even further by stopping the tracking and removing the cookies altogether (and just for interest's sake, it's worth noting that Google falls into this category)."
When a consumer visits Google's opt out page (where you obtain a doubleclick.net opt out cookie), or gets one via the NAI, the doubleclick.net tracking ID is deleted.
Instead of supporting a header that millions of consumers are already sending, you instead offer a browser add-on for analytics, and "keep my opt outs" for ad network opt out cookies.
The signal sent by a consumer setting the DNT flag in their browser is just as clear as a consumer installing your analytics opt out plugin, or obtaining the doubleclick opt out cookie.
You could, right now, respect the DNT header as you currently respect your own opt out mechanisms, but you don't.
I get that Google is not a charity. I get that Do Not Track (or any other mechanism that makes it easy for consumers to avoid tracking) threatens your bottom line. What I would prefer though, is honesty.
Please just admit that you want to make it difficult for consumers to opt out, and that a single, easy to use mechanism built into the browser is something you want to avoid at all costs, even if that means you are ignoring millions of consumers' intent.