Re: Uh Oh..
The point of cookies is to distinguish the client >>with the client's co-operation<< from everyone else. Otherwise, you can only look like a blank new customer. And new customers are VERY INTERESTING to websites, and honestly, can you blame them?
But you know what isn't a cookie? An internal javascript scan of your machine to work out your fingerprint. You can delete a cookie. You can control cookies. But not if there are no cookies anymore. Devil we know?
The thing that's bothering me is 'personal data'. An IP just *isn't* actually enough to identify someone, it's just a piece of it. But GDPR says it is identifying. Do you know what else is equivalently just a piece? Just about everything! Logging the time of the request, and the time the client thinks it is, those are both *very* identifying properties of the user's information surface. Clock drift rate, and the periodic clock correction are individual to a machine.
I get worried when other people say things aren't 'identifying', just because *they* don't know how they could be used. I get worried when people say things *are* identifying, when they aren't!
And this is all wired to huge legal explosives.