Investigation helps not!
So reading up on this on Wikipedia and others I see that HSTS is effectively an https only header that tells a browser to i) communicate with the domain using only https for a specific time and ii) interpret any secure transport errors as meaning it should stop communication immediately. The header is ignored on http requests and shouldn't be sent.
So in normal use there is a potential for MITM attacks during your first contact with an HSTS site as the redirect to https happens with the usual 301. Once you connect with https you get the special header and your browser knows to always communicate to the domain using https, making further MITM attacks very difficult.
No where in that is there any requirement for this information to be shared with any other domain, or any advantage to doing so. I don't see anywhere in there a requirement for a magic number between the domain and the browser. What this generates is a private list of sites and durations that the individual browser uses to force https on certain sites.
So how did this become a tracking issue?