Cookies are small text files that websites use to remember details about who you are and what you do on the site. They can be used for everything from remembering who you are so you don’t have to login next time, to noting you seemed interested in basketball so you get ads about basketball.

The popups aren’t spam, they are legal requirements in certain places to get your consent for websites to track things about you. Some cookies (like the login ones) can’t be turned off. Others, like the ad trackers, can.

Cookies store what you do on sites. If you add an item to your shopping cart, it will store an id to let the site know who you are next time you visit, so it can keep the item in the cart. If you change the site to a dark theme, it might alter the cookie so it will start in dark mode when you come back later.

Denying a pop up cookie message will mean it won’t store cookies and so the site won’t know who you are when you come back.

Cookies are containers of state information that your browser sends along with every request to the origin (i.e., website) they’re associated with. They’re both set by and sent back to servers when your browser interacts with them.

This state can contain any kind of data, but most frequently they’re used to store identity and authentication data bound to a particular session your browser has with the server.

This is because HTTP, the protocol which browsers use to talk to servers is a stateless protocol. Without cookies or some other way of persisting state across requests, each time you visit a site it wouldn’t know who you are. Cookies allow the back-and-forth exchanges between browsers and servers that take place across time to be stateful, giving rise to a logical session between a browser and some service.

If you disabled cookies outright, most websites except the simplest static websites would break. Talk of “disabling cookies” though, is mostly referring to disabling third-party cookies, which is a separate feature of cookies and the browser cookie model.

Third-party cookies are when sites embed frames of third-party origins. The embedded frame and third-party origin has its own cookies and can therefore set and persist state across time. When the same frame is embedded across multiple sites, the third-party service provider can link and associate your browsing behavior across the multiple sites that embed it.

This is not necessarily a bad thing in and of itself. First party service providers do have a need of analytics and even targeted advertising, which 3p cookies facilitate. 3p cookies have other uses too. Often poorly designed SSO or federated authentication protocols involve 3p cookies.