That's a moved goalpost though. We started by saying that cookies are fundamentally different from "do not track" because in the case of the latter the browser doesn't have the technical means to enforce anything and in the former it does. Your point is something rather different -- as best as I can tell you're arguing that any attempt to do something browser-side will break too many things to be useful.
I think the original point still stands (that this is fundamentally different from "do not track"), and moreover I disagree with the contents of that moved goalpost:
As a compromise solution, the vast majority of sites work fine if you delete their cookies when you're done with a session. If the browser did that by default we'd have a significant improvement in privacy and a negligible amount of breakage.
The most obvious counterpoint is login flows. That's not antithetical to the idea for a couple reasons. First, we'd all be a bit more secure if we logged out more frequently. Second, if you do want persistent sessions you've already given up exactly the same amount of privacy as if all cookies were blindly allowed since you're manually tying your visits together with that login information. With that in mind, there's no harm in having a setting somewhere for allowing cookies from the few sites you actually login to frequently. For convenience that could be tied to the existing password box detection, and otherwise it'd be something you have to dive into a menu and fiddle with to keep it from turning into the same kind of annoyance as browsers asking for notification privileges.
That would break a few things, but browsers have had a trend lately of breaking a few things for privacy gains. I don't think it's obvious that we couldn't meaningfully reduce cookie setting.
I think the original point still stands (that this is fundamentally different from "do not track"), and moreover I disagree with the contents of that moved goalpost:
As a compromise solution, the vast majority of sites work fine if you delete their cookies when you're done with a session. If the browser did that by default we'd have a significant improvement in privacy and a negligible amount of breakage.
The most obvious counterpoint is login flows. That's not antithetical to the idea for a couple reasons. First, we'd all be a bit more secure if we logged out more frequently. Second, if you do want persistent sessions you've already given up exactly the same amount of privacy as if all cookies were blindly allowed since you're manually tying your visits together with that login information. With that in mind, there's no harm in having a setting somewhere for allowing cookies from the few sites you actually login to frequently. For convenience that could be tied to the existing password box detection, and otherwise it'd be something you have to dive into a menu and fiddle with to keep it from turning into the same kind of annoyance as browsers asking for notification privileges.
That would break a few things, but browsers have had a trend lately of breaking a few things for privacy gains. I don't think it's obvious that we couldn't meaningfully reduce cookie setting.