I'm not clear what the issue is. I know Google Analytics (which I use) sets a cookie in visitors' browsers - that's how they determine "new" vs. "return" visitors. I thought they all worked that way.
That's just the most visible and benign use of cookies, things like coming to AW and it sees I'm benbradley because it left a cooking on this machine that I was last logged in as benbradley on AW.
Web banner advertising companies such as Doubleclick (what I'm describing is what they were doing ten years ago!) save just about every piece of info they can legally collect, such as every website you've been to that brings up a Doubleclick banner ad and every website that has an "affinity" agreement with Doubleclick, what ads you've clicked on, and such. This is used to bring up targeted ads, which you are more likely to click on, and the advertiser is more likely to make money from. A lot of people see this as an invasion of privacy, and this is hardly the worst-case scenario. Cookies are often used like spyware, saving aspects of your websurfing you wouldn't expect.