This is all premised on his windows user account name being identifying no? I have a hard time believing that to be the case for someone who was clearly extremely painstaking about privacy. Even I set mine to some nonsense because I know I'll accidentally leak it.
Should not set it to nonsense, but rather low-entropy. If its unique, someone with access to old (browser, probably) crash reports might be able to cross-reference. Plus, not too long ago browsers did not care to sanitize the path for input[type="file"], so some websites remembered your account name somewhere in their database.
That particular alias is mildly interesting. The obsession is with finally making progress in understanding the "We kill people based on metadata" threat. Maybe we can please finally stop stuffing PII & timestamps into each "crash report" and every "telemetry ping" and get back to work towards 100% reproducible outputs. (Well, right after I "enable javascript and cookies" because Cloudflare/Fastly/Akamai refuse to talk to me before they can grab a unique fingerprint..)
In hacker culture I think there's a pretty clear culture that proving you aren't interested in the inner circle's identities (and therefore proving you are a mature person who understands what is at stake) is one of the ways you earn access to the inner circle.
The lemma is that people who actively want to be friends with and know people of the inner circle are usually marked as untrustable and (somewhat regrattably) made fun of and excluded. That is, prove you are here for the game, not for rubbing shoulders with powerful people, and you shall become one.
I have seen this in warez-related circles, seems like social mechanic that appears naturally to protect those that matter.
