This article is completely incompetent.<p>Firstly - any number of cookies from a single domain are equivalent, you can always use whatever identifier is in the cookie's data to store and retrieve an arbitrary amount of data about the user. That there are lots of them implies either that the site is using a bunch of different front end libraries / components that don't talk to one another (which is irrelevant from a privacy perspective) or that more data is being stored/cached directly in the browser rather than being retrieved from a remote server which is the <i>opposite</i> of a privacy issue, since it's keeping <i>your data</i> in <i>your browser</i>.<p>Secondly - cookies are one of: "session", "expiring", "perpetual". With the first set to expire when you close the browser, the second expiring at some period between now and when your browser/cache/computer/operating system gets wiped or replaced (i.e. ~<12 months) and the third expiring <i>at any arbitrary date after that</i> (i.e. anything with an expiration date of more than ~12 months is the same, who cares if it's two years or ten thousand).<p>It's horrifying that this is a study paid for with public money and fed back to the public from a source purporting to be an expert.<p>Edit: by saying "from a single domain" I'm expressly avoiding the differentiation between first and third-party cookies - it obviously makes a difference how many third parties you share data with, which defensibly has some relationship to the number of different domains that serve third party cookies on a site.
Evil ad networks only need a handful of cookies to track you. They could probably go without cookies entirely, just by fingerprinting the browser. They have the resources and know-how.<p>This happens because many webmasters build frankensites by copying and pasting snippets of code to get the functionality they need. Those load a bunch of resources from all over the net and dump a jar of cookies in your lap. It's the same laziness that makes devs set expiration to 9999.<p>The popouts, or banners, with cookie information are a pointless annoyance, not an encouraging development.
It seems a bit disingenuous to present numbers like that. For the lay person, it may sound scary that there as 44 cookies on a given page, but that's a completely arbitrary measure. I would think that the important thing isn't the number of cookies, but rather what which entities they are shared with and to some extend the information attached to them. First party cookie for example are not a privacy issue at all.
Self plug: we've developed cookie-checker.com. A way to check which cookies are placed with first time visitor.<p>ico.org.uk places 3 cookies (1 session, 2 other valid up to today and 2017):
<a href="http://www.cookie-checker.com/check-cookies.php?url=ico.org.uk" rel="nofollow">http://www.cookie-checker.com/check-cookies.php?url=ico.org....</a>
Got a chuckle from the article alerting me to its use of cookies.<p><a href="http://i.imgur.com/3PIC1af.png" rel="nofollow">http://i.imgur.com/3PIC1af.png</a>
I never understood why cookies receive so much attention in various privacy discussions. They are the one thing the user has full control over.<p>Yes it takes some effort to delete them, but so does looking left and right before crossing the street.
First thing you should do when setting up a new browser is blocking third party cookies - unless you're using Safari which blocks them by default.<p>The number of sites that don't work with 3rd party cookies is very small - whenever I run into one I usually use an alternative site or complain.
When cookies were first introduced a number of sensible people had reasonable concerns about privacy.<p>I'm not sure how we got from there to here - a sub-optimal law and not-great research (81 sites?) all while companies aggressively collect and mine data.
you can keep a whitelist of allowed permament/session/temporary cookies with <a href="https://addons.mozilla.org/en-US/firefox/addon/cslite-mod/" rel="nofollow">https://addons.mozilla.org/en-US/firefox/addon/cslite-mod/</a>