Even if you could somehow tie work stress to causing his illness, it seems unfair to place the blame on you. If it was killing him, why didn't he have the agency to find another job? Why didn't your manager find a way to prevent those conflicts in the first place?
They have to convince themselves that OP is lucky/lying/their idea couldn't work, otherwise they're forced to confront the fact that they wasted their life working at megacorp when they could've done something else.
> They worked out that they could do that, and so did - for the paper they wanted to publish having that information was the goal
My claim is that they shouldn't have.
>Which is why it is necessary to publish this information - if this paper did not detail how terrible ejmr's "anonymization" was, it's pretty clear ejmr would not have told its users
I agree it's necessary to disclose the vulnerability to the victims (especially if ejmr wouldn't have), but it wasn't necessary collect as much data as possible themselves and write a paper about it for their own gain.
If you find a security vulnerability, I don't think the right course of action is to spend thousands of dollars of GPU time to determine as many IPs as you possibly can, then write an economics paper about it.
Saying they "realized you could identify the location of many posts and wrote a paper" is downplaying the situation. The authors essentially ran a lookup table attack, computing over 3 quadrillion hashes to crack the IPs. The website owner incorrectly thought and claimed this would protect IPs, which are PII.