I would argue that most of the people getting into crypto, even those who joined pretty early, didn't 100% certainly know how this sector would develop and what is required to really, really stay anonymous and leave zero trails.
This is a good point.
Almost everyone new to this space does not appreciate the privacy implications of their actions until well down the line, and it is significantly harder to regain lost privacy than it is to not lose it in the first place. There comes a point once you've KYCed on multiple exchanges and revealed your wallet addresses to multiple blockchain analysis companies, that nothing short of sending all your coins back to the exchanges you bought them from, selling them, withdrawing the fiat, closing all your accounts, and then starting again from scratch with DEXs, will be enough to claw back some of your privacy. Almost every newbie guide or "How to buy bitcoin for beginners" encourages people to go straight to Coinbase or some other privacy invading CEX and send all their documents immediately, without so much as a second thought. Only individuals who are already very privacy conscious are likely to search for and find other methods to get involved in bitcoin.
That, I believe, is the most relevant aspect of this discussion anyway. Even using TOR isn't safe, it just raises the probability to not get identified. Just have a malicious entry or exit node by operated by the NSA (which is definitely happening) and there you go. So people who use TOR think that that is the ultimate measure to take when it comes to staying anonymous, but it is not.
Would be interesting to ask the best security expert in the world: What should I do (online, but even offline) today to make sure that actions in the digital / physical realm can't be tied to my identity in ten years from now?
Ten years is deliberately chosen here because that would have been a question for someone who joined crypto in its very early days.