[thefounder]

Ok. So we drop the cookies and invent/use something else that works like the cookies(e.g an iframe that pings to Google's server) What's that good for? Are you considering including the CORS, iframes and whatever feature may leak information about the visitor in the law as well?

[pathseeker]

An iframe that pings Google is pointless if it doesn't send cookies.

[thefounder]

How is that? Itcan send whatever it wants as query strings(e.g timestamp, current window etc)

[Nextgrid]

Browser fingerprinting is a thing. In fact I suspect most of the supposedly GDPR compliant (so no cookies or local storage) still use fingerprinting in the background because you can't prove it's happening from the client (and the law is not being enforced anyway).

[chopin]

Most fingerprinting relies on Javascript (or maybe some CSS shenanigans) which you could prove from the client.

Using fingerprinting for tracking is not GDPR compliant.