I'm increasingly encountering banners that (a) get past my banner-blocker, and (b) pop up a sequence of different banners; i.e. I dismiss the first banner (accept, reject, doesn't matter because I use cookie controls); and another one pops up - sometimes waiting for me to scroll 10% or so of the way through the article before it appears.
I think they believe that "human interaction" (like a click) somehow gets them around browser protections. I think they are wrong, at least as far as my browser (Firefox) is concerned.
It's an arms race, it has always been. Companies will continue squeezing as hard as is legally allowed, browser extensions will be effective until they gain adoption and get actively countered.
Legislation seems somewhat effective, but many websites purposefully won't adjust to comply, just to see if the law will actually be enforced.
Some of the worst offenders are mainstream news sites.
They know that most of their website readers haven't paid; I'm sure there are managers who want to extract money from those web visitors. But monetizing web-visitors promises diminishing returns - the harder you try to force visitors to cough up, the more they'll stay away from your site.
If I see an interesting-looking link from washpo, for example, I'll usually walk by, and find the story elsewhere, rather than paste it into archive.ph. I'm simply not going to subscribe to every site that asks me to; I visit about 30 sites a day. I'm a pensioner, and I'd go broke.
I understand the "cookies and javascript were a mistake" posture; mostly they're useless to me. There is a handful of sites that are useful, but are completely dependent on Javascript. And anywhere that you have to login to, you need something equivalent to cookies (like, my bank).
I block ads because - well, I don't consume food that I picked up off the footway. They run scripts in iFrames, they auto-run videos, they try to set cookies, I don't know what they do. I don't know where the site sourced its ads. Perhaps they want to use my computing equipment to mine bitcoin for them, or try to actually take over my network.
Ad-blockers work fine (unless they have a pay-to-play whitelist). Cookie management is more problematic, because (a) the variety of different kinds of cookies, (b) the fact that most users don't really understand the different ways cookies are used, and (c) the lack of clarity and granularity in cookie controls. Users can't exercise informed consent unless they can understand the information.
Note that, at least in theory, tracking banners should be about any kind of tracking, not just cookies. That means that you choosing Reject on the banner should disable tracking pixels, facebook Like buttons etc - not just cookies.
Most importantly, it should not "disable" them; they should never be enabled (or even loaded) in the first place, and only explicit, opt-in consent should load them.
The vast majority of "consent management platforms" fail at this even if they otherwise appear to be compliant (no dark patterns, etc).
The CMP should essentially be the one managing the tracking libraries after correct consent has been collected, yet most websites still embed tracking libraries directly or using something like Google Tag Manager (which itself is a tracker and would require explicit consent).
I think they believe that "human interaction" (like a click) somehow gets them around browser protections. I think they are wrong, at least as far as my browser (Firefox) is concerned.