Someone could, and people did. DoubleClick was founded in 1995 and was using cookies for tracking user interest across sites by 1997 (or earlier; hard to pin down). There was lots of discussion of this at the time:
Any web site that knows your identity and has cookie for you could set up procedures to exchange their data with the companies that buy advertising space from them, synchronizing the cookies they both have on your computer. This possibility means that once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites. The result is that a web site about gardening that you never told your name could sell not only your name to mail-order companies, but also the fact that you spent a lot of time one Saturday night last June reading about how to fertilize roses. More disturbing scenarios along the same lines could be imagined. There are of course many convenient and legitimate uses for cookies, as Netscape explains. But because of the possibilities of misuse we recommend disabling cookies unless you really need them.https://web.archive.org/web/19970713104838/http://www.junkbu...
(Disclosure: I work in a part of Google that's descended in part from DoubleClick. Speaking only for myself.)
Thanks, that’s what I was thinking, that advertisers figured it out early on, and they aren’t smarter or dumber than the rest of the professional population, so this shouldn’t be some surprise that took years to work out.
(I personally remember thinking exactly that, that cookies allow universal tracking, as soon as I learned of the concept, but I don’t want to put too much stock into that belief because of the possibility of hindsight bias and misremembering.)
Any web site that knows your identity and has cookie for you could set up procedures to exchange their data with the companies that buy advertising space from them, synchronizing the cookies they both have on your computer. This possibility means that once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites. The result is that a web site about gardening that you never told your name could sell not only your name to mail-order companies, but also the fact that you spent a lot of time one Saturday night last June reading about how to fertilize roses. More disturbing scenarios along the same lines could be imagined. There are of course many convenient and legitimate uses for cookies, as Netscape explains. But because of the possibilities of misuse we recommend disabling cookies unless you really need them. https://web.archive.org/web/19970713104838/http://www.junkbu...
(Disclosure: I work in a part of Google that's descended in part from DoubleClick. Speaking only for myself.)