Unfortunately these days it is really difficult, borderline impossible to control what images of you are uploaded to the internet. This is discussed in the "Real World Limitations" section of the paper. Even assuming you have no identifying photos online, non-public photos are still analyzed by big companies like Google, Facebook, and Apple, who have access to them through their cloud services (e.g. photos you, your friends or family sync with Google Photos, Apple Cloud). Having just one image correlate to your identification details and you lose anonymity.

Any context as to why the tweet was deleted?

This. Plus, can it really be referred to as a "study" with just three test subjects?

Hi, I'm the author of the article. To stress your point, there really are so many embedded devices using Busybox, and most of them were never designed to be updated (or nobody cares enough to update them).

Also I never got to fuzzing networking applets (wget is the most obvious) but this is definitely something I plan to look into, if no one did that before, there are definitely vulnerabilities there too.

When you ssh to your device are you not running Busybox shell on the device? I don't understand why this is less of a problem?

Yes absolutely. Whew. Updated my comment accordingly, thanks.

Go for it, and report back!