Ok I can see some points there, though I don't store TOTP in the same place as my passwords.
Can you be potentially tracked across the internet with your single public key in the FIDO system. If my understanding is correct you have a private key no one knows and you provide the public key to authenticate yourself. If you only have one private key and one public key surely your open yourself up to tracking/privacy related stuff? I might be wrong due to my ignorance.
No, each web site has its own public/private key pair, they're just derived from the same original seed (plus scoping information like the user and site IDs). You can't determine if two different users are using the same identifier, although you can determine if they're using hardware tokens from the same manufacturer and batch. U2F's mechanism to check the token is from a "safe" manufacturer provides some information about the token, but not its exact serial number or other unique ID.
Can you be potentially tracked across the internet with your single public key in the FIDO system. If my understanding is correct you have a private key no one knows and you provide the public key to authenticate yourself. If you only have one private key and one public key surely your open yourself up to tracking/privacy related stuff? I might be wrong due to my ignorance.