[speedgoose]

The annoying modals are not so much about cookies but consent. If you agree to be tracked, you will be tracked.

A cookie is just one technical solution to identify your device and many more exist, such as your device fingerprint. You may not want to be tracked even though it’s session per session too.

Check your browser there: https://coveryourtracks.eff.org/

In my case I have a common iPhone which is good against device fingerprinting, but I’m also a French speaker first in my timezone (Europe/Oslo) and all the information my browser sends in HTTP headers makes me unique.

[fsflover]

This. One more website showing how you can be tracked: https://www.amiunique.org/.

[eklitzke]

How common is browser fingerprinting when it actually comes to ad retargeting though? This isn't really the domain I work in so I could be off base here, but AFAIK none of the major ad networks use browser fingerprinting to deliver ads. Trying to use browser fingerprinting for ad retargeting/ad delivery would inherently be much difficult than with cookies (in most cases you won't uniquely identify users, and even if you were uniquely identifying a particular user how would you know?) and if ad networks were building profiles of users based on fingerprinting data they'd still be subject to GDPR and other related privacy laws. Obviously the technical issues and GDPR compliance are all things that can in principle be worked through, but to my knowledge no major ad network is doing this.

[Nextgrid]

> they'd still be subject to GDPR and other related privacy laws

Just like they currently are breaking the law by using non-compliant data processing consent flows (90% of the "cookie consent" flows you see out there don't comply), and how they broke the law for over a decade before the GDPR (turns out GDPR had prior art in most EU countries)?

GDPR penalties are not enforced anywhere near enough for it to be a deterrent.