> When done properly is going a lot of heavy lifting there.

Not really. There are common practices for it. Yes it hits HN when deanonymization can happen at a well-known company, just like it hits HN when there's a security vulnerability that gets patched at a well-known company.

But "it's the little bad can become big bad" is what's doing the heavy lifting in your argument. No, that's not how it works. There's no universe in which aggregate data can be deanonymized to anywhere close to what all of the individual profiles would be. It's a completely false equivalenace, period.