Comment by xp84

'Do not track' was stupid. 'Cannot Be Tracked' would have worked fine. The difference is that the browser is literally the user's agent, so it should work for the user. It is the thing which identifies you today, and could easily NOT identify you without your permission if that was what was mandated -- and "big bad ad tech" could do nothing about it.

Simply select the sites whose first party cookies you want preserved, triggered only by user actively toggling it on, or prompted for on a user-triggered POST that occurs on a page with a user-filled password field (similar to how popups were killed off, no prompting on a POST done without user interaction). "Do you want to let this site 'ycombinator.com' remember you (stay logged in, etc.)?" [YES] [NO]

Otherwise delete the cookies in X minutes/hours/etc.

Or another way, keep the cookies while a tab is on the site, then once no tabs are visiting it, put them in an 'archive.' Upon visiting the site again, show a prompt "Allow ycombinator.com to recognize you from your previous visit(s)?" <Yes> <No, be anonymous> If yes, restore them, otherwise, delete them.

It is so simple to have browsers be responsible for the user's safety, yet since we left it to politicians to decide, we got all this silliness putting it on the users -- and where the technical implementations are by necessity INSIDE the JS sandbox where it's difficult for users to verify that it's being done correctly.