A good question, one which I'll defer to others with more expertise. However I do believe that affiliate networks have faced these issues before ~ for example, with people cleaning cookies after each session, or even "burning" cookies upon arriving at an affiliate site. If I remember correctly ~ it's been a long time ~ they also use IP addresses to help identify return visitors. But as I said, there are others here who know considerably more, so perhaps we'll get a more definitive answer.
Regarding privacy, also note that the Google "Do Not Track" button is going only on their Chrome browser, not on the dotcom search page.