Well it goes both ways. If they see you have a public key from a vendor who uses the same public key for every customer, they can link you to that vendor. If the vendor has a different public key for every customer, they can't link you to the vendor. But you should have your entire drive encrypted anyway. And it makes it far more likely for MITM attacks imo, good luck authenticating every single key with every single customer versus just posting a single static key publicly. I don't understand how a different key for each customer is supposed to protect from mitm attacks?