People are yielding this info when they accept a DM from unknowns and retrieve an image or other resource with their npub associated in the request.

To help combat this, good clients could prevent fetching images from unknown/unfollowed users, and perhaps even warn about such data leaks.

Users can choose to not display images (unlikely), or use VPNs for network access.