The main reason I don’t turn off cookies everywhere is so many sites put my login token in a cookie. Hopefully as a random nonce but even so, it’s using cookies for security.
We are all so used to it is a massive blind spot.
We should move to Fido/webauthn - everywhere. Most all the population has a really impressive Secure Enclave in their pockets
AFAIK there is no need for a cookie banner for a login token. It is necessary for the functioning of the website.
1. The identity token (tracking cookie) is a unique number the 400 websites that have 1x1 pixels on the site dump on my browser. They don’t need to know I might be bob smith, Ford car owner, likes dogs and so on. But they want to so they can know if it’s worth bidding on an ad This is the egregious cookie. It’s mostly being replaced by the facebook cookie because hell there are only a couple of places running ad auctions but …
2. After I do actually verify I am Bob Smith, the session cookie arrives and is hilariously trusted for every request for the next 8 hours.
The thing is we don’t do this for stuff we care about - like bank accounts.
So presumably the total value of every site that uses session cookies is less than the amount in my checking account. Which says something …