I would argue that most of the people getting into crypto, even those who joined pretty early, didn't 100% certainly know how this sector would develop and what is required to really, really stay anonymous and leave zero trails.
This is a good point. Almost everyone new to this space does not appreciate the privacy implications of their actions until well down the line, and it is
significantly harder to regain lost privacy than it is to not lose it in the first place. There comes a point once you've KYCed on multiple exchanges and revealed your wallet addresses to multiple blockchain analysis companies, that nothing short of sending all your coins back to the exchanges you bought them from, selling them, withdrawing the fiat, closing all your accounts, and then starting again from scratch with DEXs, will be enough to claw back some of your privacy. Almost every newbie guide or "How to buy bitcoin for beginners" encourages people to go straight to Coinbase or some other privacy invading CEX and send all their documents immediately, without so much as a second thought. Only individuals who are already very privacy conscious are likely to search for and find other methods to get involved in bitcoin.
but if they see $10k go into one exchange.. and $10k come out of another exchange. it can light up some flags
Does this happen in practice? Having never used centralized exchanges, I'm out of the loop on this one. If you deposited $10k (or £10k since I think you are UK based?) to Coinbase, and then next month transferred the same amount from Binance back to the same bank account, would you be flagged up as money laundering and get threatening letters from tax agencies and law enforcement? I've never heard of that happening.
that you only use for WhatsApp or so and never take it with you outside.
Or, use Signal and you can just download the desktop app. No phone needed. Also, WhatsApp is closed source and owned by Facebook - the antithesis of privacy.