alt Hacker NewsI think this is the wrong mental model (attempt to articulate threats from a specific information leakage). The problem I have with this approach is that it ignores "sensor fusion" by treating each leak as independent and defining threats as "things i can picture happening".
I think the correct mental model for this is "leaking bits". Leaking bits is bad, it doesn't take many bits to uniquely identify you and you're also not able to anticipate how those bits might be used in future or correlated with other bits.
Just stop leaking bits when you can avoid it. Then you don't have to mentally model every threat you come across
One of the more tractable examples here is the information what cell towers your cell phone is connected to. On it's own, it doesn't tell you that much.
But if you have this from 2-3 people, you can start inferring if they are meeting sporadically, meet a lot, possibly live together.
Or, if you add information about the services in the vicinity of cell towers, you can start deducing changes in a persons life. Suddenly the phone is moving more, to places with a doctor nearby, a gynecologist nearby, clothing stores, furniture stores, ... eventually a hospital. Start mixing in information about the websites they visit...
This incremental discovery of information about a person is surprisingly powerful depending on the data you have and hard to predict.