cookies are just text. they could literally contain an ip address or a hash or other identifier that refers to one.

spotify can’t directly obtain data from a linkedin cookie. but ad networks and other ‘third parties’ could provide ‘targeting’ or even identifying information to them.

use a different browser profile, or better–an entirely different browser–for vpn browsing.

Home IP isn’t reliable, there are much better ways of fingerprinting you. It’s more device based. People move around.

Look at it this way:

When visiting LinkedIn your browser connects to shittyadnetwork.com. It isn’t tracking you yet so it sets a cookie with a unique identifier. Then when you go to Spotify and it makes your browser connect to shittyadnetwork.com too, it will pass that cookie, allowing the ad network to link you to both LinkedIn and Spotify.

It gets far more crazier though. There’s methods to fingerprint you and your device so that even if you clear cookies, it can still accurately identify you. They also track IPs so if you clear cookies and they consider a specific request to be you, they’ll just link you back to your original tracking profile. If a whole website links to an ad network, and most of them do, the ad network can track whatever pages you visit on the website and categorize you because of that. Hell, the websites sometimes even supply that data directly to the ad network themselves.

Solution:

• Block ads
• Block trackers
• Use a cookie whitelist (where you have to allow a website to store a permanent cookie)
• Use anti-fingerprint measures
• Use email aliases
• Use a VPN
• Continuously speak up against this privacy invading tracking bullshit

Yes but not because of IP, because cookies can store unique information about you.

So if you don’t clear the cookies from the browser session then they still exist and can be read by the website regardless of the VPN.

Yup. Entirely possible. Blocking third party cookies might somewhat reduce sites’ ability to tell that you’re the same you on the same browser between VPN and direct connection, but even that isn’t any guarantee that Linkedin (and/or the ad providers Linkedin uses) and Spotify (and/or their ad providers) don’t know you’re the same user between VPN and direct. And if there’s some amount of collusion and/or purchase of user tracking info going on between those entities, even only first-party cookies are sufficient for them to be able to prove the link between your direct and VPN IP addresses. Even without any cookies, though, there are still browser fingerprinting techniques that are worth looking into if you want to know more about defeating that sort of tracking.

Cookies are some data that websites store in your browser, its text arranged in key-value pair, it could contain anything.

But putting an ip address in cookie does not sound something anyone would wanna do as I dont know the purpose of such a thing

Cookies don’t, but cookies are part of an IP packet which does. So yes, your scenario is possible if the website you visited first stored which IP addresses that cookie has previously been used with.