Not everyone out there is purchasing for on-selling purposes. So my question is, what are the minimum requirements for obfuscation?
A few possible scenarios:
No obfuscation: Buy btc w/ credit card > Make purchase
Basic obfuscation: Setup Tor > Buy btc w/ cc > Make purchase
More obfuscation: Setup Tor > Buy btc w/ cc > Tumble coins > Make purchase
Even more obfuscation: Buy btc w/ prepaid cc > Tumble coins > Transfer coins to new wallet > Buy VPN with btc > Setup VPN > Setup Tor > Transfer coins to DNM wallet > Make purchase
How much obfuscation is really necessary?
Minimum ? Non really. Hell, Shiny Flakes used to sell industrial quantities of illegal substances on a clearnet site with SSL-Encryption.
OpSec is not about what is required, but about trying to protect yourself as much as possible. In the end there is no perfect OpSec, it's just to give us breathing room. If NSA TAO really want you they will get you, according to Edward Snowden not even the most sophisticated tech collector in existence could oppose all of the TAO office.
Personally I got mad OpSec connection wise (HostOS LPS militaryOS -> VPN -> GuestOS(Whonix) -> VicSock -> Whonix Gateway -> Tor Network). But I don't even tumble coins because there is no record of a dnm user being arrested over Block Chain Analyses.