the idea of “do not track” is quite comical.

It assumes the other party to honour the request. It is as good as telling thieves not to open your door because you put up a “do not open”.

The “Do not track” signal also became an additional attribute used for fingerprinting users.

If you wish to ask websites to respect your privacy, you can use the “Tell websites not to sell or share my data” setting. This option is built on top of the Global Privacy Control (GPC). GPC is respected by increasing numbers of sites and enforced with legislation in some regions.

After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.

For HTTP:

A user agent MUST generate a Sec-GPC header… if… gpcAtNavigation is true.

For JavaScript:

The globalPrivacyControl property is available on the navigator object

GPC also looks like a watered down version of DNT. DNT was “do not track,” and GPC is "do not sell:

GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).

Emphasis mine