k is chosen by the wallet. You don't know if it was chosen randomly. A malicious wallet would chose k so that it results in a signal. For example it could chose k so that the sum of the bits in the signature are odd or even. That would signal one bit.
If your example is OK with a dice roll to generate a random mnemonic, i.e. it is uniformly random enough for your scenario, then you can do the same to generate random parameter k so that the wallet is not doing it for you.
You can also code your own wallet like I mentioned before if you do not trust a hardware wallet manufacturer, but somewhere along the line you will probably need to trust something (like trusting the room you are doing this in is not bugged).
