All a service provider or malicious actor has to do is simply not include it when storing or publishing it to evade tracking.

Stripping it is not uncommon for services to prevent duplicate accounts.