Because that identifier is also used in some iCloud API requests, I also spotted the same value in activity logs for third-party applications using things in my iCloud account, as well as in metadata for local copies of documents I downloaded from my drive at iCloud.com.
It's a little unclear what they mean here, but that can easily be because of a service/system server model. The third party apps use things like "icloud daemon" (not sure that one actually exists) which does the iCloud request and passes along the data back to the app. Because the logs are generated with a high privilege level, they are also including what icloud daemon did for those specific apps, but those apps did not get access to that DSID, it was kept internal to icloudd.
If the journalists or whomever wants to claim the DSID is leaky, then they need to show a POC with an app actually obtaining that DSID, and not only in a system logger that only saves files sandboxed locally, or sends to Apple.
Because that identifier is also used in some iCloud API requests, I also spotted the same value in activity logs for third-party applications using things in my iCloud account, as well as in metadata for local copies of documents I downloaded from my drive at iCloud.com.