The problem is that actually implementing not-weak OPSEC is much harder than most people understand (even those with technical backgrounds). For example, is your "secret" activity on TOR easily tied to your non-secret activity from a search of network entry/exit times (i.e. "secret" activity is the complement "non-secret" activity)?
I recommend Zoz's DEFCON talk, "Don't Fuck It Up!"[1], for a very good overview of how hard OPSEC has become.
True. Good OPSEC is nontrivial. But in my case, all of my online activity uses part of the same nested VPN chain. Then I branch the chain for opennet vs Tor traffic. So an adversary would need to get data from multiple VPN providers, just to know what involved Tor. And it's not at all very hard.[0] Also, about OPSEC, see my review.[1]
The problem is that actually implementing not-weak OPSEC is much harder than most people understand (even those with technical backgrounds). For example, is your "secret" activity on TOR easily tied to your non-secret activity from a search of network entry/exit times (i.e. "secret" activity is the complement "non-secret" activity)?
I recommend Zoz's DEFCON talk, "Don't Fuck It Up!"[1], for a very good overview of how hard OPSEC has become.
[1] https://www.youtube.com/watch?v=J1q4Ir2J8P8