“This is very hard,” Dr. de Montjoye said. “You have to cross your fingers that you did it properly, because once it is out there, you are never going to get it back.”

Some experts agreed with the tactic. “It’s always a dilemma,” said Yaniv Erlich, chief scientific officer at MyHeritage, a consumer genealogy service, and a well-known data privacy researcher.

“Should we publish or not? The consensus so far is to disclose. That is how you advance the field: Publish the code, publish the finding.”

This not the first time that anonymized data has been shown to be not so anonymous after all. In 2016, individuals were identified from the web-browsing histories of three million Germans, data that had been purchased from a vendor. Geneticists have shown that individuals can be identified in supposedly anonymous DNA databases.

The usual ways of protecting privacy include “de-identifying” individuals by removing attributes or substituting fake values, or by releasing only fractions of an anonymized data set .

But the gathering evidence shows that all of the methods are inadequate, said Dr. de Montjoye. “We need to move beyond de-identification,” he said. “Anonymity is not a property of a data set, but is a property of how you use it.”

The balance is tricky: Information that becomes completely anonymous also becomes less useful, particularly to scientists trying to reproduce the results of other studies. But every small bit that is retained in a database makes identification of individuals more possible.