Yup, and there's also the so-called "evercookie".

I'm all for "keeping it clean" by not storing cookies, history, searches, etc. permanently.

But this needs a bit of a clarification:

gog.com can track cookies set by gog.com when you visit gog.com.

In general, random sites can't track cookies set by other random sites.

Oh great now I need the VoidComp test

You should have said earlier :)

https://www.youtube.com/watch?v=Umc9ezAyJv0

At first I had the exact same concern. I did end up using it in the end, as I've configured my browser to clear all the cookies on exit (as before) EXCEPT the ones it gets from https://login.gog.com (that's where the 2 step auth cookie comes from, along with a couple of others that seem pretty harmless).

P.S. You can do this in Firefox without any addons whatsoever.

is this the test now :)

Yup. The only real way in which cookies can be used to actually track you is via stuff like openauth.

I'm not trying to convince you, if you're willing to trade account security for not having cookies, then that's entirely your own call to make. Worst case scenario somebody hijacks your account and you have to contact support, not like that's the end of the world.

That might even be a reasonable general strategy. Configure Firefox so that all cookies get deleted upon exit, then observe which sites require you to login frequently or forget other stuff, then whitelist those sites that you trust. That should give a good balance between security and convenience.