So GOG's ability to not announce things they're trying has once again struck an poor accord, if it was them.

Sure would be nice if there was some way of knowing in a timely manner but alas, it'll be somewhere in the range of 30 hours before we know, because apparently having an intern pop on for 5 minutes to say, "Hey, sorry for the scare" or "what the hell, I'll inform SecOp right away" is a bit of a tall ask for a weekend.

If it really is from GOG, the fact that they're suggesting you should e-mail Support to unsubscribe from an SMS list doesn't exactly help their position, especially when https://www.gog.com/en/account/settings/subscriptions is supposed to cover marketing subscriptions in general.

So that's where this suddenly comes from? I'll disable it, then because that completely messes up the redemption process, being a pop-up in front of the page instead of embedded in the page itself (in Galaxy, where you'd think that's where they make dead sure it makes for a good impression...). And because GOG seems to like to do the opposite of what is being requested or suggested: there's a way of making it worse: don't make it go away when clicking outside, but only when clicking on a tiny button after having scrolled through the entire thing. And to make it absolutely infuriating, make it modal so one can't even get out of the page without first closing the ad. That surely will disgruntle regular customers and make a hell of a first impression if someone tries to bring someone new to GOG by gifting them a game code. :)

The love of money would be my first guess. Also who chose those garish colours? After seeing how many ads gog normally sends vs others in my inbox, i'd classify them as spam adjacent at the very least.

Well, with all the fuss about THE GOG's new 2FA options, I'm not surprised at all. 2FA can definitely have legit uses, but was and is abused by many many commercial websites to phish you for your info (get your cellphone number) so that they can easily "identify" you. Also known as data collection for marketing purposes.

Since GOG went the way of third-party authenticator apps, how else can they get that celly? Well, through those neat little cookie declarations that allow this heinous intrusion into your privacy promising goodies for just a tad of info. Said declarations only being customizable with all cookies deleted before login (fresh login), or looking for the obscure cookies declaration link to opt out.

Our store was compromised about a year ago with these ads before and after purchase. Now, the disease is coming to a phone near you.

In other words....the guise of privacy, but with as many marketing nudges as possible. "You are safe here at GOG.......just not from us!"

I'd gladly give out a rando number for a bundle though.

Here's an idea, GOG. Give us your phone number! Customer service is barely existent at best. Maybe a hotline option would help.

The link you quoted refers to the third-party Powered by Rokt ads. Since this is self-promotion, I don't expect the cookie declaration settings to have any effect on it.
That being said, feel free to retract your cookie consent and see if there's any improvement. If you can't get the Cookie Declaration link in the footer to work, you can simply delete GOG cookies from your browser. You'll have to log in again (and possibly deal with two-factor authentication). Once that's done, not accepting the cookie prompt should be functionally identical to explicitly rejecting it.
There's only one new 2FA option, and it doesn't involve any data collection. You are given a secret key. Based on this, GOG generates a verification code behind the scenes. Your device does the same, offline. Since the codes match, you pass the verification check.
There are numerous authenticator phone apps and desktop applications to choose from. I like 2FAS best. More choices are listed in Authenticator Apps for 2FA.

One word for you...duh! You completely disregarded the actual content of my post and quoted me completely out of context. ROTFLMAO.

Maybe it's because you're a new user *cough*

So, I used the "Account management" Settings for Subscriptions, which did nothing to remedy this. If it were like the image you posted, this were sort off acceptable to me, but in Galaxy, it pops up after clicking on the redeem button, but the key has not been redeemed yet (you need to click redeem at least one more time). This is normally no issue, but obviously I'd like the key to have been redeemed before moving on to maybe consider thinking about clicking on ads. GOG is one of the rare cases where I'm more ad-tolerant and f*ckup-resistant, but flow breakers (or mind games / abuse of behavioural science in general) are unacceptable.
Anyway, I don't expect cookie settings to disable this (I don't even have a setting for this in Galaxy), and Galaxy doesn't seem to grant me the option of disabling this intrusive flow-breaking stuff. Given that just about every benefit that Galaxy is supposed to provide either is failing already (Northgard Multiplayer, achievements, cloud synch) or is getting enshittified (key redemption, startup issues, checkout / payment issues), I think it's best to just stop using Galaxy as so many keep suggesting.

I feel it's more likely because they're very spam like. Of course, you're free to disagree and prove me wrong :)