[diminoten]

"Shouldn't" implies some kind of higher authority capable of enforcing such a feature universally across browsers, when no such authority exists.

Browsers give you all kinds of opt-out capabilities, if that's something you're interested in. The fact is, most people aren't interested.

[johnchristopher]

But those opt-out capabilities are as clear-cut as most of GDPR banners.

edit: mea culpa, I somehow missed bunch of keys and there is a missing negation in my comment which should read "But those opt-out capabilities aren't as clear-cut as most of GDPR banners." I mean: the UI isn't there to opt out of affiliated adtech networks or to store the amount of details the user is willing to share.

[NateEag]

Conceptually, there is no way to make trusting cookies both simple and transparent.

Even something as simple as a unique identifier can be used for both helpful and malicious ends. You'd need to read all the code pertaining to it to have a clue if it's something you should accept, and you can't ever know what the server's backend code is, even if it claims to be open source (it can always be running extra components that are not developed in the open).

So, opt-outs are inherently a flawed idea, at least with any granularity.

Turning off cookies entirely in your browser then opting all-in for sites you choose to trust is about all you can reasonably do.