But for some reason they did send two cookies to me when I just visited the site without doing anything.
I could imagine cookies being implemented by the browser in the same way that webcam permission is requested. Something along the lines of "this website is requesting to store cookie "domain;X with purposes Y". This would make setting millions of cookies a UX sin, and cookies would only be set on predictable user interactions such as logging in. Unfortunately the definitions of "purpose" will still need to be defined by regulation to be enforceable. Once you can identify a user, there's no technical limitation that can prevent tracking.
So, what if those dialogs would come back? Maybe with a more user friendly UI to accept site's ad tracking cookies or not, and remember the choice for the future?
Would user care about them? would browser vendors care about them? would sites acknowledge the choice made?
__cfduid seems very random. It changes every time I reload the page.
tdukey stays the same. Even when I remove it or use a different browser it comes back to the same value.
When I connect through Tor it gets a different value.
When I click "new circuit" in Tor it changes to a different value.
So it looks like this cookie is a hash of the IP address you connect from.
TDUkey is likely the one that holds the persistent IP value hash for the randomized one to work correctly.
If I'm not mistaken, you don't need to have a cookie banner if you only have essential cookies.
what if wothout the banner an overzealous bureucrat tries to extort you some money for an alleged GDPR violation?
what if the news will cover that your site is being investigated for GDPR violation?
A cookie like "show_ads:false" contains zero personal information.
It does, however, say that you own your own personal information, and your permission is required before it can be used.
CCPA is toothless and offers no PII protections (and definitely does not require a cookie banner).
I think, when I used the Internet Explorer, version 5 or so, for everything, there was a setting to ask before setting any cookie