Firstly - any number of cookies from a single domain are equivalent, you can always use whatever identifier is in the cookie's data to store and retrieve an arbitrary amount of data about the user. That there are lots of them implies either that the site is using a bunch of different front end libraries / components that don't talk to one another (which is irrelevant from a privacy perspective) or that more data is being stored/cached directly in the browser rather than being retrieved from a remote server which is the opposite of a privacy issue, since it's keeping your data in your browser.
Secondly - cookies are one of: "session", "expiring", "perpetual". With the first set to expire when you close the browser, the second expiring at some period between now and when your browser/cache/computer/operating system gets wiped or replaced (i.e. ~<12 months) and the third expiring at any arbitrary date after that (i.e. anything with an expiration date of more than ~12 months is the same, who cares if it's two years or ten thousand).
It's horrifying that this is a study paid for with public money and fed back to the public from a source purporting to be an expert.
Edit: by saying "from a single domain" I'm expressly avoiding the differentiation between first and third-party cookies - it obviously makes a difference how many third parties you share data with, which defensibly has some relationship to the number of different domains that serve third party cookies on a site.
The article is accurate and provides details of the methodology and results. Of particular note, if you look at the report, is that two thirds of cookies on UK sites are third-party ones. That's a significant number, and means the average site places 30 third-party cookies on a users machine.
Your proviso about being 'from a single domain' is pretty much irrelevant – that's not the issue at all!
That said, the article's focus on 31st December 9999 and outliving the lifespan of the user, the discussion around the number of cookies served (rather than the number of parties serving cookies, and the amount and type of data that they're storing, which is what we're really concerned about here), and the click-baity headline to both the page and the HN article take what was probably a very sensible study and pervert the reader into drawing conclusions for all the wrong reasons. Giving public funding to something that's going to place that sort of bias (which in a private news publication would be fine) between the public and science I find pretty galling.
In a way instantly accessible to the host site. Data I wasn't really consulted about. Data I might not be comfortable sharing every time you ask for it.
This whole law about disclosing cookie use, which I will agree is not necessarily a good approach to the problem, does nevertheless exist because of a problem - People getting tracked, followed and profiled without their permission. Website operators and browser-makers seemed to be complicit in this. Some website operators seem to think it's their god-given right to do whatever they want in the browser on my computer...
This happens because many webmasters build frankensites by copying and pasting snippets of code to get the functionality they need. Those load a bunch of resources from all over the net and dump a jar of cookies in your lap. It's the same laziness that makes devs set expiration to 9999.
The popouts, or banners, with cookie information are a pointless annoyance, not an encouraging development.
As I see it, a website should upon landing either set zero or one cookie, depending on if the website has some sort of persistent functionality (like a message to first time visitors).
The other 43 cookies are, in my view, therefore unnecessary to the normal functioning of the website, and is therefore more likely being used for other purposes such as tracking and advertising.
In my experience it's usually the marketing department that want much, not all, of the things that end up setting cookies. It's not that it's a bad idea necessarily, but it's adding tracking upon tracking upon tracking and rarely a request to remove something. Some sales person try to sell marketing "Yet another up-sell tool" or "customer retention solution" and no one considers that the site already have five of those tools installed, 3 of which isn't actually used anymore and the last two we aren't really sure of.
I think it's a scam mostly, trying to convince businesses that they're leaving profit on the floor. The providers of these tools leave real businesses jumping from one tracking/data-mining/customer-spying to another in the hope that it will boost their sales by a few percent. Do we really need to know know that much about our customer? Probably not.
ico.org.uk places 3 cookies (1 session, 2 other valid up to today and 2017): http://www.cookie-checker.com/check-cookies.php?url=ico.org....
Yes it takes some effort to delete them, but so does looking left and right before crossing the street.
We've got into a situation where the vast majority of users don't know and don't want to know about any of the details of what's going on, and by default most browsers just allow them to be tracked in a variety of different ways. Website writers/maintainers quite often don't know themselves what a framework is doing, and everyone writes using the assumption that cookies are something they can just use. It sometimes looks like everyone except the end user was involved in the development of the situation.
The number of sites that don't work with 3rd party cookies is very small - whenever I run into one I usually use an alternative site or complain.
I'm not sure how we got from there to here - a sub-optimal law and not-great research (81 sites?) all while companies aggressively collect and mine data.
1. https://addons.mozilla.org/en-US/firefox/addon/self-destruct...
Same with Vanilla cookie manager on Chrome, except I don't think it deletes localstorage, flash cookies, etc because of limitations of Chrome's api for extensions. I think the attitude with Chrome is that you're supposed to use Incognito windows for this purpose.
