Maybe it includes a list of fonts installed on your system, your screen resolution, etc. You don’t need much to get a “fingerprint” that is anonymous but can be correlated with those collected by other tools’ telemetry.
In theory yes? But if state actors, the ones with the sophistication to literally build a signature based on your fonts using your IDE, and then infiltrate a second application to do... whatever... if they want you that bad, they're eventually just going to get you, even if they have to just send someone to your house with a rusty wrench to retrieve all your passwords. Those guys can get the job done much more cheaply anyway.
