With the vast number of methods of tracking user between sites (cookies, flash, javascript, 'hidden' images, many different browser fingerprinting methods, IP logging, etc) and the ubiquity of their usage, the only way to 'privately' browse the web is to use a regularly reset 'burner' VM image (and ideally multiple images with randomised setups), run noscript stringently, and tunnel all traffic through Tor. Anything less is more security theatre than an effective solution in actually avoiding tracking. This has been the case for quite some time.
Against a nation-state level attacker you'd need to go even further, utilising a physical connection that is mobile and changes IP, MAC, IMSI (for mobile devices), etc regularly. Tricks like the recently revealed satellite downlink disguise hack might help there, as would changing physical device rather than just fiddling with the MAC (due to quirks of adapters, operating system etc in handshaking timings etc). But in the case of nation-states, you're more worried about a concerted targeted attack than blanket capture, which generally is weak to actual physical surveillance methods which are vastly more effective than electronic ones (why go to the trouble of trying to crack Tor in real-time when you could have a guy sit behind you and video your screen with a telephoto lens).
Blanket surveillance is an unconscionable abuse, but worse it's utterly ineffective at actually capturing anything useful against the opponent's it's supposedly employed against.
