While the change to make EventLogging respect Do Not Track has just been merged: https://gerrit.wikimedia.org/r/#q,I17ee55f464743580b18f6e594fdfc73a3d76f1cf,n,z I imagine that our analytics still heavily relies on access logs and varnish logs, which are a form of tracking.
If we're striving to honor DNT in its purest ideological form, people who have it set shouldn't be tracked at all, even for our internal tracking (that's the spirit of the EL change, I imagine).
If technically feasible (apparently possible with Apache: http://donottrack.us/server), should we simply not record entries in the access logs/varnish logs if DNT is turned on? That seems like the simplest solution and it's the safest in terms of privacy for these users. We'd have to accept the fact that those users don't show up in any statistics at all. But since we accept that they don't show up in EL-based statistics anymore, this seems like the next logical step to me.