Surely that only works if the leaker supplies exact text, and the leakee publishes exact text; if either step in the chain summarises, then subtle unique identifiers will be lost.
It sounded like the set of documents was what was used in that case (look for all people who have accessed every single document in the leak, then investigate those people more thoroughly)
"Both journalists and security experts have suggested that The Intercept's handling of the reporting, which included publishing the documents unredacted and including the printer tracking dots, was used to identify Winner as the leaker."
Yeah it's possible that was it, but also "Through an internal audit, the NSA determined that Winner was one of six workers who had accessed the particular documents on its classified system".
The lesson to take away is that metadata of all kinds is powerful. Even if The Intercept had just provided paraphrases to the NSA it might have still given away Reality Winner's identity.
I mean sure, it's possible that the dots were available and made the investigation much easier, but it sounds like they would have probably caught her regardless. Especially considering her computer had connected to The Intercept. Amazingly bad opsec on her part, not to mention that she didn't remove the tracking dots herself.
