IP de-anon is pretty darn reliable for a malicious nostr relay operator. And only one of your relays needs to have that malicious operator. Or not even malicious, just a normal relay operator with lazy security. And with outbox, it's a relay explosion.
The wider point though is that nostr always fails when you pass a certain complexity threshold.
Keep it simple. If you don't want stuff linked to you via event parsing then just don't publish it, or publish it from an nsec that isn't known to be associated with you. Let clients better support multiple nsecs. Always gotta keep it simple.
Nsecs should be seen as far more disposable anyway.