I believe while the token is generated once, each transaction is signed with a unique signature (I believe that's the term) that only the payment processor can decipher. The merchant doesn't get any stable/identifiable information that can be used to track you across purchases/sessions/stores.
No, the merchant still does get a stable identifier with every payment (the "device account number").
More recently, an additional identifier uniquely identifying the underlying card has also been added [1]. That one persists even across multiple devices and token deletions.
A signature doesn't hide information, it only tells you that it hasn't been modified. All the information that's being signed is by definition already in the payload given to the merchant.
If it's actually encrypting information (not just signing it), then that's another thing entirely, but signatures don't hide data.
Good point about a signature not hiding the data. I got my terminology mixed up. I thought it was encoding it in a way so that only the payment processor could see.
But that's not necessarily the case either, as somebody else brought up the fact that identifiers ARE in fact passed to the merchant.