Why would they bother trying to track you through a specification which is specifically designed to make it hard to track users? If you're using one of these software-based SSO lock-in "tokens" then they can get all the information they want from telemetry (nee spyware) on the device.