Comment by threecheese
2 months ago
Yes? The cookie in question is First Party, which means you’ve consented to permitting only that party to track you using it, and not permitting its use for wider behavioral tracking across websites.
However, the locally hosted FB/Yandex listener receives all of these first party cookies, from all parties, and the OPs implication is (I think) that now these non-correlateable-by-consent first party cookies can be or are being used to track you across all sites that use them.
Not only did you only consent to the one party using it, but the browser has robust protections in place to ensure that these cookies are only usable by that party. This “hack” gets around the restriction completely, leveraging a local service to aggregate all the cookies across sites.
This is why things involving cookies for permission to do things were really poison pills. As long as there is a cookie to be tracked, any at all, you have the data exfil/tracking problem. Only thing that changes is where the aggregation happens.
Luckily, GDPR isn't about cookies, it's about processing personal information. Doesn't matter if you use cookies, localstorage, or carrier pigeon.
The older EU 'cookie directive' only mentions cookies as an example of storage in a footnote. The regulative is actually about any storage on the users computer.
Marketers would like you to believe that the stupid banners are about cookies. They're not - they're about processing your personal information.