They give the website permission to store all sorts of information on your computer, and they do that.

Accepting all cookies means that you are declaring (perhaps falsely) that you understand that from now on, when your browser fetches anything needed for that server’s web pages, your browser quite possibly will allow the servers to track you with “cookies”.

The use of cookies and tracking you *a little bit* is normal and necessary functionality for any “stateful” operations like being “logged in to your account” on a website that you’re only sporadically connecting to.

But cookies are also very heavily exploited for advertising, surreptitious data collection, precisely identifying you, and sharing of your personal information among companies you maybe weren’t expecting to know about your activity on this website.

Even if you do declare that you accept all cookies, you may in fact have configured your browser *not to* accept all cookies (e.g. it’s common to block 3rd-party cookies). Saying you accept all cookies in this situation does not actually make you actually accept all cookies.

But if the website uses cookies at all, it has to ask if you accept them (due to European laws about this), and if you don’t accept them, the website may refuse to let you proceed, because the people running it are unwilling or unable to disable all but the bare minimum of cookies needed for the site to work for you, even though it’s well within their ability to do so.

Advertisements on websites usually come in the form of iframes — basically, rectangular areas into which a completely different website (the ad) is loaded. These ads are served by just a few big ad companies like DoubleClick.

Cookies are just little text files that a website can store to save a bit of information it doesn’t want to lose between reloads — for example, that you are logged in to something, so you don’t have to re-login all the time. Cookies left by a site of one domain name can only be read by other sites of that same domain name. So a cookie set by e.g. hotmail.com will only ever be read by hotmail.com.

But iframes with ads subvert this principle — any DoubleClick iframe can read the cookies set by any other DoubleClick iframe, and the cookies that these iframes set contain, among other info, the exact page you were on. So the company DoubleClick knows your complete browsing history (of all pages with DoubleClick ads on them, but that’s a lot).

Similarly for Facebook and Google and Amazon and other big companies — lots of websites include widgets (such as a like button) by these companies, and just by visiting the website, without you clicking the button, Facebook etc. will know that you were on that website, because the like button is actually an iframe that reads Facebook’s cookie which says you are currently logged in on that machine.

So what happens: stuff tracks you even more than it does anyways.

It means that you will accept any cookies they send to your house.

Just kidding. But i wish!

Great answers already. Now for the sake of explaining like you’re five : you give your permission for the website to sell all the data they can track about you to any other third party database. These databases are used to link isolated infos about you to deduce or predict more complex behaviours, defining a behavioural profile that will be used for targetting ads. This is why some sites give the choice between accepting cookies *or* subscribing to a monthly price.

More simply, all these different website tracks are centralized as a unique psychological and behavioural signature. It’s been awhile since it started, and that’s why Google and other aggregators like social medias no longer need cookies, as they already got a long enough signature for each individual to be [unique](https://www.wired.com/story/google-floc-cookies-chrome-topics/).

Many documentaries explain this very well, including the well-known The Social Dilemna on Netflix.

Another example : I once worked for a company that asked me to create a data aggregator creating a link between collected mails from a supermarket wifi access point, and phone numbers on a stadium ticketing service. Since that day I knew it was pointless to give my phone number to social media websites “for security reasons” , as they already knew it. This was long before GPRD laws.

Data collection have also reached other mediums like what you write from mobile keyboards, what you say through mobile microphones.

A good experience to observe is Google News app on Android phones. You will see that most news popping up have a more or less direct link with your past days conversations irl, written messages and web activity.

This has honestly come out of control for us, consumers, so I’ve decided to rather play with it than battling against such a behemoth tide. The result is that I’ve come to be pretty satisfied with my version of the global profile algorithm so far, most suggestions on most platforms are pretty good. Except ads of course. Ads *always* miss the mark and suggest me stuff I don’t care about. It’s pretty miserable.

It pains me to say that but nowadays the only way to not get collected is to not use any internet connection at all. Which is basically impossible. It’s quite shocking how it became the norm, and how we got used to it without batting an eye. The benefits of getting everything for free surpassed the inconveniences I guess.

ELI5

Cookies can be broken down to cookie crumbs. When you visit a store ya eat a cookie and leave cookie crumbs. When the owner sees a crumb, they’re not too sure if it’s an chocolate cookie, an oatmeal cookie, or other types; they know it’s a cookie but they don’t know which type. The more cookie crumbs you leave behind, the more the store owner can assemble them together to get a better guess of the type of cookie; kind of like jigsaw puzzles.

Websites operate the same way and the whole cookie is you. You leave crumbs when ya visit a website, but if ya leave too much crumb – it’s a bit “easier” for the website to narrow down who you are.

But be at ease because they’re just crumbs, it’s pretty hard for them to assemble crumbs to a whole cookie to identify specifically who you are. They may have a general idea like the country or city you’re in, but not the exact address of where you live. It would take a darn good hacker to identify you personally.

In my experience, you gain about 15 pounds.

Since OP didn’t specify the context, this is a legit answer. Please don’t delete. 😉

The web site loads ads from an ad network, telling it that you agreed to be profiled.

The ad network now reaches out to 50-200 companies in real time, telling them that you visited the site, and would “like” an ad. Based on the profiles the companies have built about you, these companies then bid how much they’re willing to pay to show you their ad. Winner gets to show you an ad.

These companies all try to collect as much data about you as possible to show you the most relevant ad. For example, showing a menopause medicine product to a man in his twenties is kinda pointless. However, if they figure out you’re a pregnant woman… oh boy you’re getting the “want to be a good mother and not put your child in danger? Buy our completely unnecessary safety thing that the world survived for millenia without. You wouldn’t be a bad mother, would you?” ads.

One way they might find this out is e.g. if you have a period tracker app on your phone (i.e. you’re a woman), then suddenly search for morning sickness medicine. They don’t have to be right every time, just guess better than randomly, for this to pay off.

If you say “no” to “cookies” (actually it’s usually a combined cookie and GDPR prompt), about half of the ad networks get told to not abuse your data like this (whether they actually follow that or not is hard to tell – the bigger companies probably actually do, the smaller ones are probably 50/50). The other half uses “legitimate interest” to justify their behavior so they don’t need your consent and collect the data anyways.

Look at the “details” option in some of those dialogs to see a) what cookies they consider “essential” and you can’t say no to them b) what kind of “partners” your data is shared with. It’s eye opening.

Then, after they already (illegally!) make saying “no” harder than saying yes, the sites complain that everybody is using ad blockers, which neatly take care of most (but not all) of the problem.

Fun fact: You can turn off cookies for all but the websites you white list in your browser!

Or, better yet, you can have your browser delete cookies from all but those whitelisted sites every time you restart your browser.

What happens, you ask? Well, of course you are allowing the ones watching from elsewhere to track you. The ones that watch from elsewhere are quite interested in the meager lives of such, short-lived and short-tempered creatures. When the times comes and your fleshy vessel expires, they appear, but don’t appear, to harvest the life energy trying to escape your corpse. Your ethereal body is ripped apart in the process, of course, flinging viscera across multiple dimensions amidst the dull crunching of bones and wet. Only then will the “soul” appear.

So, that’s basically what happens when you “accept all cookies”, which is why you should never do it. Don’t listen to people telling you it’s about tracking your information or purchases or something like that and it’s fine to do so. They are agents for the ones that watch from beyond.

Have a great day!