Once I would have made the argument, difference that Cookies, themselves, are a matter of privacy, not my personal security.
If one runs Firefox with No Script, DuckDuckgo privacy extension, Privacy Badger, I am impressed that a lot other things are going on with Cookies. Some websites set a link to FaceBook, Twitter, Double Click. Tracking Cookies. Not doubt the cookie will try to stay on my computer and see where I go after I leave the first website.
It is the methodology of how Cookies get installed that matters. One, even if I give permission, it is a demand that I give permission, all the power on my using a site is taken from me. A lot of Malware installs on my computer as a ‘Drive By’ Install.
In my own house, I have the prerogative to keep out people I think are harmful to me, or who want to steal from me. The privilege we allow any website is to install Software, on my computer, that I do not know the purpose of.
The US Air Force protects it Fighter Plane by layers of security. You just don’t walk up to a fighter jet and climb in the cockpit and take off.
On one hand, I don’t want to limit my points to how a bit of software, Information gathering tool, Malware, gets onto my computer. Be it a Cookie that is described to me as being in my interest. My point is that nearly all of these require that the browser allow extraordinary access and opportunity to exploit me. Often just by my going to a front webpage of a site.
Me being exploited, is wrong.
I do not want to distinguish between whether the information is being gathered is being gathered on my OS/hard drive versus by some server somewhere. It is still wrong. I can not be protected if it happens anywhere.
Having a supposed mirror software tools, like antivirus, or software like No Script is not what I would consider a solution. I am very well aware that one can hardly navigate the internet anymore without permitting scripts to do whatever they want.
So yes, to prevent me being exploited by spyware, malware I have to block the methodology of how cookies work. Someone might write a bit of code for browsers that allows only some functions of benign cookies to do things like allow auto login, and so on. but once we open the door for a supposedly benign working cookie, we have allowed malware in as well.
So yeah. Put me down as a whiner that cookies are evil.