@mcc it’s worth mentioning differential privacy actually *is* the academic consensus best practice way to anonymize data. It was developed in response to some high profile deanonymizatons of ad hoc methods.

There are some criticisms you can have of it (it requires the choice of a tunable “privacy level” that might be too low), but their choice of DP is a reasonable way to guard against deanonymization (provided the aforementioned privacy parameter is reasonable).