It's fairly easy to block the cookie being set in the first place. For example, a combination of NoScript and CSLite does that perfectly. This is a risk for places where you *need* to allow JS and accept cookies. Think Gmail, it won't let you log in unless you accept cookies and JS from gmail.com & google.com. Given their business model is built on tracking you and collecting you personal data, this is a quick optimisation for them.