Saving the decision is an example of a cookie which is technically necessary, you can have those without consent. Consent and the option for opt-out is only needed for cookies that are not needed to run the page. You also don't need permission for session cookies.
The problem is that, even though they're not obliged to, they give the option to opt out of necessary cookies alongside the tracking ones, and I guess people de-select necessary cookies because they think all cookies are bad.
Then the site has no memory of the user, displays another pop-up, and people complain about constant pop-ups.
In a sense, StackOverflow are giving users too much control over the cookies being set!
Yes, they are giving users too much control over the cookies being set.
Same as a site that sends you spam, and one of the opt-out options includes ALL emails, including password reset, etc. Users get scared that they don't know what they will miss, and don't opt out.
It gives them plausible deniability for the wrong, while pretending to look good. The result is commonly as OP described - users eventually opting in.
But I don't believe it is innocent, nor do I believe that they somehow have convinced themselves that this is good for the user.
Perhaps I am just cynical, but I think that there exists reasonable doubt.
> You also don't need permission for session cookies.
Not usually, but if you use session cookies to do tracking you still need consent for the tracking itself. You can set the session cookie by default, but before you do any extensive tracking (more than technically necessary) you still need a consent dialog.
Of course this is exactly how most websites use session cookies, but I've also seen server side tracking frameworks that abuse session cookies necessary for operation.
Refusing all cookies would of course cause a prompt on every visit, because that's what cookies are for.