OAuth isn't designed to be secure against token issuers conspiring with services to deanonymize users.