That’s a strange assumption. ID verification is part of entering the contractual relationship in many parts of this world, it’s absolutely normal thing. You don’t show your ID to random sites, only to those where you want to become a customer. If you don’t want to sign the contract, you don’t show your ID. I don’t know how many places have a copy of my passport (many hotels, for sure) and I don’t care as long as they are compliant with the laws. Tracking via ID is economically much less effective, since most websites won’t require ID verification anyway, so the biggest concern should be identity theft - but there having a copy of your ID is rarely enough in countries with developed government ID infrastructure. E.g. in Germany you must present original ID to open a bank account or change your residence address. In countries with digital IDs and government services identity theft often goes via easier routes by hijacking digital ID accounts.