Comment by threecheese
2 months ago
Not only did you only consent to the one party using it, but the browser has robust protections in place to ensure that these cookies are only usable by that party. This “hack” gets around the restriction completely, leveraging a local service to aggregate all the cookies across sites.
This is why things involving cookies for permission to do things were really poison pills. As long as there is a cookie to be tracked, any at all, you have the data exfil/tracking problem. Only thing that changes is where the aggregation happens.
Luckily, GDPR isn't about cookies, it's about processing personal information. Doesn't matter if you use cookies, localstorage, or carrier pigeon.
The older EU 'cookie directive' only mentions cookies as an example of storage in a footnote. The regulative is actually about any storage on the users computer.
Marketers would like you to believe that the stupid banners are about cookies. They're not - they're about processing your personal information.