1 have google search down rank sites that use cookies before login and sites that don't use security headers (as is already done for non-https sites)
2 have a firefox / chromium setting that by default ignores cookies from domains not using https/security-headers, and an option to ignore all cookies accept those on user-defined whitelisted domains.
Even with your suggested API change everyone is still going to be tracked, sure it's how cookies should have originally been implemented but it's not really going to help the privacy issues now.
People chosing use less secure os/browser/search/sites can only be helped by offering them alternatives.
1 have google search down rank sites that use cookies before login and sites that don't use security headers (as is already done for non-https sites)
2 have a firefox / chromium setting that by default ignores cookies from domains not using https/security-headers, and an option to ignore all cookies accept those on user-defined whitelisted domains.
Even with your suggested API change everyone is still going to be tracked, sure it's how cookies should have originally been implemented but it's not really going to help the privacy issues now.
People chosing use less secure os/browser/search/sites can only be helped by offering them alternatives.