Most people give their real full name, phone number and email for any loyalty card wothout batting an eye, plus even with anonymized data it’s useful to the owners to track correlation of purchases, time, location. Definitively what you said too, we all make mistakes (some more than others), every needless complication of a system is a disadvantage to the customer.
They are usually separate things. Cookies are produced/saved locally, to be read in the next visit (by the same website or maany websites basically forever unless you use firefox containers or at least clear them once in a while). There’s also local storage which is different but can also be used to identify you across the web. Ads, trackers, all of these categories are often made of many small components: you read a single article on a “modern” newspaper website, hundreds of connection are being made, different tiny scripts or icons or images are being downloaded (usually from different subdomains for different purposes but there’s no hard rule). It’s possible to block one thing and not another. For example I can block Google Analytics (googletagmanager) which is a tracker, but accept all of Google’s cookies.