There is a big difference between spectrum analyzer hooked up directly to the input of the radio and an antenna in a van several blocks away, with reflections and noise thrown in.
Have you actually done any of this? If so, great. If not, I have and it would appear to me that your experiments at shielding have been more successful than mine. And there was a good premium on being able to create a mixer based receiver that did not leak at all because discovery could have led to fairly large financial impact for the owner of the device (not quite at the we'll ship you to Siberia or shoot you level, but impressive enough to make sure we weren't leaking if we could help it).
I learned a lot during that project, especially how hard it is to make an oscillator that does not radiate. So, it got to the point where I could reliably detect the receiver from about 100 meters away, fortunately the counterparty never started out from the assumption that it would be in that particular location to begin with. Trawling for a signal is a lot harder than verifying that is is there. But if you know the modulation and the frequency the receiver uses for its mixing stage this is a very hard problem to solve in such a way that there is absolutely no power radiated out of the reception antenna. Any kind of magnetic or capacitive coupler is bi-directional. Maybe with today's hardware capabilities it would be possible to pull the whole thing into the digital domain at a very early stage and that way I can see a few options to make it 100% clean but in the analog domain I do not see a bullet proof way of achieving this.
> if you know the modulation and the frequency the receiver uses
Number stations on short waves all use AM, so you know the modulation. But you don't need to know it, superhet works the same way with any modulation. You need to know the number station frequency, receiver's intermediate frequency, and guess whether its above or below.
> in such a way that there is absolutely no power radiated out of the reception antenna.
I'm not saying there is absolutely no power radiated out of the reception antenna, only that there is not enough power to reliably detect and localize, given the noise and interference from other sources.
If you want absolutely no power radiated out of the reception antenna, you can still do it. Feed some local oscillator frequency, inverted, into the antenna to cancel the remaining leak. But as far as I know, nobody bothers since some leakage is not a problem.
> Any kind of magnetic or capacitive coupler is bi-directional.
True, but in many designs there's also at least one transistor stage in the preamp, and that is not bi-di. There is some stray capacitance between collector and base, but not much.
> Maybe with today's hardware capabilities it would be possible to pull the whole thing into the digital domain at a very early stage
It is possible, but unnecessary. The last radio I built has quadrature sampling detector with FST3253 and handful of op-amps. Most SDRs also do I/Q sampling with two slow ADCs, much simpler than a single high-speed ADC.
I learned a lot during that project, especially how hard it is to make an oscillator that does not radiate. So, it got to the point where I could reliably detect the receiver from about 100 meters away, fortunately the counterparty never started out from the assumption that it would be in that particular location to begin with. Trawling for a signal is a lot harder than verifying that is is there. But if you know the modulation and the frequency the receiver uses for its mixing stage this is a very hard problem to solve in such a way that there is absolutely no power radiated out of the reception antenna. Any kind of magnetic or capacitive coupler is bi-directional. Maybe with today's hardware capabilities it would be possible to pull the whole thing into the digital domain at a very early stage and that way I can see a few options to make it 100% clean but in the analog domain I do not see a bullet proof way of achieving this.