I hate how web sites can weasel their way around consent by simply declaring their cookies as "necessary" or "mandatory." As the Dude would say: Yeah, well, that's just like, your opinion, man. How about we have an easy-to-use "Reject ALL cookies from this site (and deal with whatever breaks)" option?
You're assuming maliciousness. I run a site that uses cookies (encrypted session cookie) so they can add items to a cart, because not doing so would be a horrible UI. There's also a cookie created by the payment processor, but I only load their script on checkout. There's nothing else though. I don't even use tracking / analytics.
There's zero weaseling going on. No dark patterns. I'm just too busy to build a no-cookie version that passes info in the URL or w/e (which also seems less than ideal). Your two options are to use the site or don't use the site. If there was enough pressure from real customers to provide another option then I probably would, but it wouldn't change anything. It's just busy work / checking boxes.
IMO this needs to be built into the browsers rather than being yet another tax on builders due to spammers / scammers / advertisers. If we had meta referencing each cookie where you can disclaim exactly how it will be used and whether it's optional / required, then we would have a standard without dark patterns being possible.
It's much easier to blame the cookie banner on GDPR (which are not entirely related) than read the texts and jurisprudence about it to know how it works.
Every website showing a consent screen is either willfully ignorant (rarer these days) or they want your data while saying hypocritical things like «We value your privacy»
