Ultimately, the problem is much bigger than /etc/machine-id since there are dozens of hardware IDs on any PC that can be used by malicious telemetry to silently to uniquely identify and track you, and the only solution to this problem currently is to make sure you really trust any software you use.
Systemd, in particular, acts a lot like malware for Linux because if you try to reset your machine-id a long list of stuff that breaks in in it. You could make a cron script to reset /etc/machine-id every day, but machine-id is so deep in the stack that you’d also have to reboot to ensure it’s updated.


Note that flatpaks are using systemd’s sd_id128_get_machine_app_specific API, which generates an app-specific id that’s derived from the original machine-id.
The app-specific id will be unique per-app so it won’t be shared between different apps / flatpaks. The apps can’t know the original machine-id, but the id they get would still be unique on every restart of the app and in theory does not prevent different sessions within the same app to be fingerprinted as coming from the same user.