This kind of thing has always seemed quite interesting (and worrying!) to me from an OSINT perspective. It seems like if you just know a couple of some anonymous person's favourite songs from various genres, you could identify possible Spotify accounts they may also own. As far as I can tell, it's basically impossible to discuss anything remotely personal online without jeopardizing pseudonymity.
Most people that know my taste in music already have my spotify because they're my friends and I gave it to them. As for worrying about pseudonymity, spotify lets you hide listening activity and make all your playlists private.
If it helps (with the horror I mean), that's just a sort of lower bound of course - if you could choose your bits carefully and ideally (and I suppose they'd probably be pretty weird (to a human) and overlapping/multi-dimensional, like 'lives in Europe or Antarctica' or 'uses macOS and is female') which of course you couldn't.
i.e. in practice, for practical metrics, it probably takes a lot (I'm not going to guess how many) more.
Yep, plus I know a lot of my friends using Spotify login using Facebook, which displays their full name & profile photo. Also followers/following lists are public, so if you can find a close contact of theirs who is less serious about opsec, you're that much closer to their actual identity. This is only really relevant to the truly paranoid who try to use a different identity for every service.
