The ETag method is a clever solution to cookieless tracking. I find this method I stumbled upon a couple of weeks ago a bit startling. I had no idea the amount of information routinely sent from my browser/computer to web servers-- information about plug-ins, time zone, screen resolution, accepted headers, etc WITHOUT letting me know. It is enough to give more than 21 bits of identifying information and uniquely identifies me among the 3M visits.
https://panopticlick.eff.org/
Yep. It's absurd, and unfortunately many "privacy-enhancing" tools (for example, anything that alters the user agent) can actually make a browser more unique rather than less-so.
NoScript is an exception, and one that works very well. I know it's parroted on Slashdot a lot, but if you care about privacy and security on the web there isn't a single better option. Using Panopticlick on my browser as an example:
Without NoScript: Your browser fingerprint appears to be unique among the 3,316,576 tested so far. Currently, we estimate that your browser has a fingerprint that conveys at least 21.66 bits of identifying information.
With NoScript: Within our dataset of several million visitors, only one in 2,433 browsers have the same fingerprint as yours. Currently, we estimate that your browser has a fingerprint that conveys 11.25 bits of identifying information.
Still not great, but a lot better than unique. It's quite unfortunate that the web evolved with the assumption that arbitrary code may be executed in the browser. If we had started out instead with an opt-in approach to Javascript, I think things would be quite a bit better now in terms of privacy and security than they currently are.