Comment by mrandish

It's not like the spies were routinely careless or didn't do the obvious things a spy should do. They did travel under cover identities but those covers were linked to mobile phone and other data in foreign countries. That left a trail that could be followed to identify real personal data when they intersected back in Russia. They also used public posts on Russian social media. I guess OO7 didn't know a single group photo from some department secretary's retirement party can undo years of spy craft. And just swapping out a SIM when you get back home in Russia doesn't change the phone's ESN.

I'm not an expert though. There's a lot of detailed info on OSINT sources and methods online. The bottom line is it's extremely difficult to put the data genie back in the bottle. The stuff seeps out everywhere and searching aggregated databases from multiple sources and time periods uncovers any connection. It only requires a single slip-up happening one time. This just reinforces that a regular citizen in a Western democracy who's not a spy trained to operate under cover with a nation-state providing authentic false identities, is screwed in terms of maintaining their own privacy.