this post was submitted on 24 May 2025

25 points (93.1% liked)

Privacy

37991 readers

578 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Do cookies communicate IP address in any way? (sh.itjust.works)

submitted 17 hours ago by unicornBro@sh.itjust.works to c/privacy@lemmy.ml

13 comments fedilink hide all child comments

For example, if:

I'm on a tracking website like Linkedin
I log out and close the browser
I turn on the vpn and open the same browser
I create a Spotify account

Is it possible that Spotify will give me targeted ads based on my home IP due to the cookies?

Thanks in advance

all 14 comments

sorted by: hot top controversial new old

[–] x00z@lemmy.world 2 points 1 hour ago

Look at it this way:

When visiting LinkedIn your browser connects to shittyadnetwork.com. It isn't tracking you yet so it sets a cookie with a unique identifier. Then when you go to Spotify and it makes your browser connect to shittyadnetwork.com too, it will pass that cookie, allowing the ad network to link you to both LinkedIn and Spotify.

It gets far more crazier though. There's methods to fingerprint you and your device so that even if you clear cookies, it can still accurately identify you. They also track IPs so if you clear cookies and they consider a specific request to be you, they'll just link you back to your original tracking profile. If a whole website links to an ad network, and most of them do, the ad network can track whatever pages you visit on the website and categorize you because of that. Hell, the websites sometimes even supply that data directly to the ad network themselves.

Solution:

Block ads
Block trackers
Use a cookie whitelist (where you have to allow a website to store a permanent cookie)
Use anti-fingerprint measures
Use email aliases
Use a VPN
Continuously speak up against this privacy invading tracking bullshit

[–] listless@lemmy.cringecollective.io 2 points 4 hours ago

That's not the way they would track you. If you use the same email address for both accounts, a data broker on the back end will be able to connect them because you used the same email address. It's not about the IP address. It's about your identity. And if you're like oh well I'll just make a new email for each site, Gmail requires that you use a phone number to sign up. Most email providers do. So then they would just connect you by your phone number because you needed to use those on both email addresses. Privacy is nonexistent on the web. Mind you this happens because LinkedIn shares your data with "third-party partners and service providers". There's nothing that you can do to stop this.

[–] MangoPenguin@lemmy.blahaj.zone 3 points 5 hours ago

Yes but not because of IP, because cookies can store unique information about you.

So if you don't clear the cookies from the browser session then they still exist and can be read by the website regardless of the VPN.

[–] schnurrito@discuss.tchncs.de 4 points 8 hours ago

Cookies don't, but cookies are part of an IP packet which does. So yes, your scenario is possible if the website you visited first stored which IP addresses that cookie has previously been used with.

[–] cy_narrator@discuss.tchncs.de 6 points 10 hours ago (1 children)

Cookies are some data that websites store in your browser, its text arranged in key-value pair, it could contain anything.

But putting an ip address in cookie does not sound something anyone would wanna do as I dont know the purpose of such a thing

[–] adarza@lemmy.ca 23 points 16 hours ago

cookies are just text. they could literally contain an ip address or a hash or other identifier that refers to one.

spotify can't directly obtain data from a linkedin cookie. but ad networks and other 'third parties' could provide 'targeting' or even identifying information to them.

use a different browser profile, or better--an entirely different browser--for vpn browsing.

[–] fyzzlefry@retrolemmy.com 20 points 17 hours ago (2 children)

Home IP isn't reliable, there are much better ways of fingerprinting you. It's more device based. People move around.

[–] DragonSidedD@lemmy.ml 2 points 9 hours ago

This. It's not so much your IP address that identifies you; it's your browser fingerprint

https://coveryourtracks.eff.org/

[–] sxan@midwest.social 1 points 8 hours ago

It's also fair to point out that your browser may not know your external IP; if you're behind a NAT, like a home LAN, your computer probably thinks its IP is the LAN IP, an address shared by millions of computers the world over. If you're using a VPN, your external IP (which JavaScript could get) is the IP of the exit node - an IP shared with possibly dozens of other people. Of you're not using a VPN, well... that's on you. That's privacy 101.

[–] TootSweet@lemmy.world 12 points 17 hours ago

Yup. Entirely possible. Blocking third party cookies might somewhat reduce sites' ability to tell that you're the same you on the same browser between VPN and direct connection, but even that isn't any guarantee that Linkedin (and/or the ad providers Linkedin uses) and Spotify (and/or their ad providers) don't know you're the same user between VPN and direct. And if there's some amount of collusion and/or purchase of user tracking info going on between those entities, even only first-party cookies are sufficient for them to be able to prove the link between your direct and VPN IP addresses. Even without any cookies, though, there are still browser fingerprinting techniques that are worth looking into if you want to know more about defeating that sort of tracking.

[–] Ulrich@feddit.org 5 points 17 hours ago* (last edited 17 hours ago) (1 children)

Logging out and closing the browser does not delete your cookies.

[–] abrasiveteapot@sh.itjust.works 4 points 14 hours ago* (last edited 14 hours ago)

Depends on your settings. Firefox has a setting for delete cookies on exit. It is not on by default though

[–] shreddy_scientist@lemmy.ml 4 points 17 hours ago

Cookies do not directly communicate your IP address, they're just bits of data about your visit. Logging out of LinkedIn and closing your browser should clear them, unless they're persistent cookies.

Using a VPN to create a new Spotify account maskes your actual IP address. Meaning spotify wont know your home IP address. But, if Spotify uses cookies from your previous sessions or if you log in with the same credentials, it may still serve targeted ads based on your previous activity.

So while cookies don't transmit your IP address, they still influence the ads you see based on your browsing history and/or account information. For enhanced privacy, it's usually recommended to set cookies to be wiped when you close the browser. I have a handful of sites I like to keep cookies for, but everything else is gone after each session.