You agree to let them put tiny files on your computer that they can later read again.

Normally when your computer talks to a website each new page you open is like the computer talks to the website for the first time.

Imagine having a conversation with a complete amnesiac.

Every time you introduce yourself and start talking to them they immediately forget what you just said and you either have to start over again or live with the fact that amnesiac you are talking to has no idea who you are or what you have been talking with them about.

This sort of works for the sort of stuff the web originally was designed for: Static stuff that is completely anonymous and without context.

It works less well for modern websites where you want to adjust what they show you based on who you are and remember what you have done before and even do stuff like e-commerce in a non stupid way.

You could preface each sentence you say to the amnesiac with your name and where you last where in the conversation, but that gets cumbersome really fast, requires you to remember stuff that ideally the other side should remember and has big security flaw in allowing somebody else to imitate you and pretend they are you.

Cookies are a way to work around the amnesia.

It is like the web-server guy handing you a name badge when you first start talking and asks you to put it on. the badge may contain your name and an identifiable number and some other info, so every time you start talking to the amnesia they look at the badge as you talk to them and immediately remember who you are and may even be able to look up what you said before.

It makes things easier.

Of course there are potential threats too.

Some people may enjoy their anonymity and having a complete stranger slap a name-tag on you as you walk by to track who you are seems rude.

This is why the EU mandate that websites should at least ask people first before they put a tag on them and not just do it without asking first.

A website like reddit needs to use cookies to tag their users and tell them apart, but other websites that you don’t really want to remember who you are and build a profile of you and what parts of their website interest you have less of an excuse.

It is balance between being useful to make websites easier and more secure to use and simply tagging users like wildlife to track them and study their behavior. You may want one but not the other.

Ideally only the websites that put a tag on you can see that tag. So CNN.com does not know what tag Reddit.com has given you, but in practice people have found ways around that. Especially advertisers with their ads on all sorts of sites you visit have an interest in figuring out all sorts of personal stuff about you that you might not want them to know.

In a perfect world we would only let websites put cookies into out browsers when it is necessary to make the site work, but too many websites claim that they need it to work when they really don’t in order to invade your privacy.

Even worse big advertisers have found ways around the whole needing a cookie to track you think.

Normally a webserver is not just amnesic, but also completely faceblind. To prosopagnosic amnesiac everyone looks alike and without the cookies they should have no way to figure out who is who. However they do notice certain things about the person they are talking to, like what webbrowser they are using and stuff like that and based of that they might be able to built a profile of everyone they talk to tell people apart without needing cookies.

This is bad if you care about privacy and don’t want google to know what weird shit you are into and sell that info to the highest bidder.