TS3 device authentication/attestation cetificate privacy

so the TS3 has an attestation feature using a certificate and the secure element, so far so standard, but the question that arises is, are those unique per device? could an application on the PC possibly see that certificate and understand anything about the device, especially in a setting where an attacker has control over multiple computers and could get a whole lot more out of the info (like if you were in a web cafe and you access both your TS3 with and without passphrase, assuming the TS3 lets you enter passphrases without revealing your “normal” wallet first)

generally I have considered hardware wallets to be mostly safe except that your xpubs can be read out and an attacker could flood the wallet with requests, drowning out what you actually want to do, even if you were in a chinese or north korean web cafe.

however, this could have some extra privacy implications if one could track the wallet individually over the certificate, as a wallet wouldnt have to be tracked by the xpubs, but passphrase or even entirely unrelated wallets on the same TS3 wallets would be able to be associated too, which does have its issues.

This is a real possibility, which is why Trezor will only divulge the certificate after a user confirmation.

You will get asked “do you want to authenticate your device?” as part of Suite onboarding flow, or through a Settings button when you want. An attacker would have to trigger this dialog every time, which would hopefully make you suspicious

I see neat. I know from FIDO that attestation certs wouldnt have to be per device, which can help a lot as easily thousands of devices run around with the same batch cert, would be neat to know how specific the attestation goes.