The web site loads ads from an ad network, telling it that you agreed to be profiled.

The ad network now reaches out to 50-200 companies in real time, telling them that you visited the site, and would “like” an ad. Based on the profiles the companies have built about you, these companies then bid how much they’re willing to pay to show you their ad. Winner gets to show you an ad.

These companies all try to collect as much data about you as possible to show you the most relevant ad. For example, showing a menopause medicine product to a man in his twenties is kinda pointless. However, if they figure out you’re a pregnant woman… oh boy you’re getting the “want to be a good mother and not put your child in danger? Buy our completely unnecessary safety thing that the world survived for millenia without. You wouldn’t be a bad mother, would you?” ads.

One way they might find this out is e.g. if you have a period tracker app on your phone (i.e. you’re a woman), then suddenly search for morning sickness medicine. They don’t have to be right every time, just guess better than randomly, for this to pay off.

If you say “no” to “cookies” (actually it’s usually a combined cookie and GDPR prompt), about half of the ad networks get told to not abuse your data like this (whether they actually follow that or not is hard to tell – the bigger companies probably actually do, the smaller ones are probably 50/50). The other half uses “legitimate interest” to justify their behavior so they don’t need your consent and collect the data anyways.

Look at the “details” option in some of those dialogs to see a) what cookies they consider “essential” and you can’t say no to them b) what kind of “partners” your data is shared with. It’s eye opening.

Then, after they already (illegally!) make saying “no” harder than saying yes, the sites complain that everybody is using ad blockers, which neatly take care of most (but not all) of the problem.