Junkbuster has already been mentioned. I've been using it on and off for about 18 months. On the whole it's quite reliable and configurable. You can block cookies (and ad images and other stuff) using regular expressions, on a site-by-site basis, and you can allow cookie information in but not out. Installation is fairly straightfoward and mostly painless. Maintenance (adding new sites/urls/images/cookies to block/allow) is slightly more troublesome but not by much.
For a quick and dirty solution, edit your 'hosts' file and add entries like this:
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
etc...
note that some websites will be unaccessible using this method (though if you time slapping the [esc] button properly even these problematic sites can be perused).
I've also heard that simply making your cookies.txt file readonly will stop most of the potential abuse.
And finally
Mozilla is coming along nicely. It's a fairly hefty download (~10mb for win32) and something of a memory pig with all the debug code still being loaded but still in a very usable state (I use Mozilla 30-40% of the time now). With Moz you can deny/allow images and cookies on a site by site basis, very handy.
Now about cookies in OpenACS: personally I gave up on (wholesale) blocking cookies about a year ago. For awhile I religiously emailed every webmaster/customer service rep to complain about their making cookie use mandatory, but it's just too tiring to keep up. In North America there are simply too many sites which are absolutely unusable without them. Even if OpenACS was retrofitted to avoid cookies it would only help those few (very few) sites which would use it.
Anyway, the proper place for privacy control is at the user's end; indeed, it's the only place where it's even possible.
