Yes, that is true. That is indeed my point of the example of parking sensors; there is some information public.
However, it is quite hard to identify individual devices that are moving around. First, it’s very hard to trace geolocation back to an individual device, but not impossible. Second, the end device may rejoin every now and then, so it gets a new DevAddr and resets the frame counter. Also, two or more devices may use the same DevAddr.
Note that this is not very different from triangulating any radio signal.
It is an important topic. See also my previous comment about this.
Privacy and geolocation is not being addressed explicitly in LoRaWAN. Even though end devices will share the same DevAddr and will rejoin every now and then, without knowing the security context, you will be able to do some level of tracing, with a certain fault rate (DevAddr reuse) and loss rate (new DevAddr). When the device is joining, however, it will emit its mostly static JoinEUI and DevEUI, so yeah, in join mode, the device is very easy to track.
So, having an HSM on LoRaWAN nodes/devices is not a requirement from LoRaWAN v1.1 perspective, right? At least, I couldn’t find it explicitly. Not saying it’s not recommended, but such requirements have significant impacts on the development roadmap of LoRaWAN devices.