I'm just a nobody, but I wouldn't trust the Intercept on OPSEC advice. From a purely technical point, they did fail to protect their sources when they exposed Reality Winner to the US government.
There's a second possibility, though: that after having screwed up this badly they are now doing their best to protect future sources.
Or as Thomas J. Watson put it: "Recently, I was asked if I was going to fire an employee who made a mistake that cost the company $600,000. No, I replied, I just spent $600,000 training him. Why would I want somebody to hire his experience?"
...and the 1970's (first I heard it, IIR) comeback:
Don't fire him, and you've paid $600,000 to train just him. Fire him, and you've paid $600,000 to train everybody else at the company. Which one is the better value?
I would not pay $600k to teach everyone at the company that if they make a mistake I will fire them to set an example. If that was my position, it's a lot cheaper just to walk around threatening people and making them feel paranoid every day at work. But I think it's a bad position to take. So I'd probably keep the one guy who is never going to make that mistake again around, and fix whatever system allowed the mistake to happen in the first place.
That was an intentional failure to protect, because Reality Winner's biography was important for the story that much of the US government was trying to sell.
However don't trust... tools can't help but be good advice. There's no need to trust the Intercept on metadata existing.
