When I opened the page, I saw a cookie banner, untoggled all toggles that were togglable and clicked "Reject all cookies". The cookie dialog said that there will be only functional cookies and they won't contain any personal information. How nice, I thought, Internet is changing for the better. I also can enjoy the privileges of EU citizens.
But then - just out of curiosity - I decided to see what cookies are left in my browser. Imagine my surprise when I saw 6 (six) cookies. Those included:
- an UUID with name 'stripe_mid' expiring in a year
- OptanonConsent, which, I assume, represents chosen settings and contains UUID in 'consentId' field. This UUID is set when the page is loaded. I guess they store your preferences on the server and not in cookies as I thought. Obviously, you can be tracked with this cookie as the identifier seems to be unique.
- user_geoip_fallback and user_geoip, both of which contain an IP address
To check that the dialog indeed doesn't work, I deleted all cookies except for cookies related to the consent dialog, and reloaded the page. Stripe and geoip cookies have been set again.
It turns out that you shouldn't trust cookie dialogs from that third-party company which you often see on different sites. They are either broken or intentionally deceive a user.