It sounds pretty easy to inadvertently visit a site on an old laptop with javascript enabled. Is this what counts as a profound opsec failure these days?
Remembering that you only have to make an error like that once.
And if all these high-profile people manage to get caught (It seems like pretty much everyone that isn't a nation state ends up getting found eventually!) then maybe it's not that these people are terrible at Opsec, it's maybe that it's much harder than it looks, especially when the government has access to tools that you have no idea about, and maybe it's inevitable that you make an error if you are a human operating for a long time, regardless of 'opsec' skillz.
>And if all these high-profile people manage to get caught (It seems like pretty much everyone that isn't a nation state ends up getting found eventually!) then maybe it's not that these people are terrible at Opsec, it's maybe that it's much harder than it looks,
I tried to make it explicitly clear, over several different comments in this thread, that I'm not saying opsec in general is easy nor am I saying that everyone who has been caught has made these easy-to-avoid mistakes. I am struggling to think of yet another way to word it, but here I go one last time:
A robber goes into a store and steals a bunch of money. On the way out, they leave their drivers license on the counter. Can we agree this would be a dumb mistake? This doesn't mean that all robbers ever caught made dumb mistakes; some robbers are caught through extraordinary police work and with the help of several technologies (DNA, facial rec, whatever). Those robbers, while still potentially making mistakes that lead to their arrest, have not made extraordinarly dumb mistakes like leaving government-issued identification at the scene of the crime.
This concept applies to opsec and computers as well. You can slip up once and be caught through the smallest of mistakes. Or you can literally tell everyone who you are and be caught that way. Both are mistakes, but one is a trivially avoided stupid mistake, and the other is not.
Many other operators (of dark markets, ransomware gangs, etc.) have been caught, but I did not include them because the ways they were caught did not appear to be through dumb mistakes, but through intense technical means.
Remembering that you only have to make an error like that once.
And if all these high-profile people manage to get caught (It seems like pretty much everyone that isn't a nation state ends up getting found eventually!) then maybe it's not that these people are terrible at Opsec, it's maybe that it's much harder than it looks, especially when the government has access to tools that you have no idea about, and maybe it's inevitable that you make an error if you are a human operating for a long time, regardless of 'opsec' skillz.