Most practitioners of data security are aware of the severe dangers of fingerprinting users, and that is a hardline issue. Thus, in order to maintain their security practices, their only choice is to not collect this sort of info on users at any level. If they’re delivering a security product with a built-in vulnerability, they’re not delivering a security product. It’s much better to just surrender one state until it invents sanity.