> but websites would still be able to track your actions even if you disabled cookies, localStorage etc. (apart from the current ways such as like Etag tracking or browser fingerprinting) except that you can’t really mitigate it in any way. Whichever way you put this, PATs are not something that would preserve users’ security or privacy.
The website doesn't receive any info other than the URL you are visiting and the fact you have an authenticated PAT.
Not entirely sure where you’re getting your information from.