Look at it this way:

When visiting LinkedIn your browser connects to shittyadnetwork.com. It isn’t tracking you yet so it sets a cookie with a unique identifier. Then when you go to Spotify and it makes your browser connect to shittyadnetwork.com too, it will pass that cookie, allowing the ad network to link you to both LinkedIn and Spotify.

It gets far more crazier though. There’s methods to fingerprint you and your device so that even if you clear cookies, it can still accurately identify you. They also track IPs so if you clear cookies and they consider a specific request to be you, they’ll just link you back to your original tracking profile. If a whole website links to an ad network, and most of them do, the ad network can track whatever pages you visit on the website and categorize you because of that. Hell, the websites sometimes even supply that data directly to the ad network themselves.

Solution:

• Block ads
• Block trackers
• Use a cookie whitelist (where you have to allow a website to store a permanent cookie)
• Use anti-fingerprint measures
• Use email aliases
• Use a VPN
• Continuously speak up against this privacy invading tracking bullshit

That’s not the way they would track you. If you use the same email address for both accounts, a data broker on the back end will be able to connect them because you used the same email address. It’s not about the IP address. It’s about your identity. And if you’re like oh well I’ll just make a new email for each site, Gmail requires that you use a phone number to sign up. Most email providers do. So then they would just connect you by your phone number because you needed to use those on both email addresses. Privacy is nonexistent on the web. Mind you this happens because LinkedIn shares your data with “third-party partners and service providers”. There’s nothing that you can do to stop this.

Yes but not because of IP, because cookies can store unique information about you.

So if you don’t clear the cookies from the browser session then they still exist and can be read by the website regardless of the VPN.

Cookies don’t, but cookies are part of an IP packet which does. So yes, your scenario is possible if the website you visited first stored which IP addresses that cookie has previously been used with.

Cookies are some data that websites store in your browser, its text arranged in key-value pair, it could contain anything.

But putting an ip address in cookie does not sound something anyone would wanna do as I dont know the purpose of such a thing

cookies are just text. they could literally contain an ip address or a hash or other identifier that refers to one.

spotify can’t directly obtain data from a linkedin cookie. but ad networks and other ‘third parties’ could provide ‘targeting’ or even identifying information to them.

use a different browser profile, or better–an entirely different browser–for vpn browsing.

Home IP isn’t reliable, there are much better ways of fingerprinting you. It’s more device based. People move around.

Yup. Entirely possible. Blocking third party cookies might somewhat reduce sites’ ability to tell that you’re the same you on the same browser between VPN and direct connection, but even that isn’t any guarantee that Linkedin (and/or the ad providers Linkedin uses) and Spotify (and/or their ad providers) don’t know you’re the same user between VPN and direct. And if there’s some amount of collusion and/or purchase of user tracking info going on between those entities, even only first-party cookies are sufficient for them to be able to prove the link between your direct and VPN IP addresses. Even without any cookies, though, there are still browser fingerprinting techniques that are worth looking into if you want to know more about defeating that sort of tracking.

Logging out and closing the browser does not delete your cookies.

Cookies do not directly communicate your IP address, they’re just bits of data about your visit. Logging out of LinkedIn and closing your browser should clear them, unless they’re persistent cookies.

Using a VPN to create a new Spotify account maskes your actual IP address. Meaning spotify wont know your home IP address. But, if Spotify uses cookies from your previous sessions or if you log in with the same credentials, it may still serve targeted ads based on your previous activity.

So while cookies don’t transmit your IP address, they still influence the ads you see based on your browsing history and/or account information. For enhanced privacy, it’s usually recommended to set cookies to be wiped when you close the browser. I have a handful of sites I like to keep cookies for, but everything else is gone after each session.