A major point of defeating the common input heuristic and others is to make "super-clusters". A small number of users that "don't care" about possibly touching tainted coins can render many chain analysis techniques unworkable in practice for enforcement. You don't need 100% coverage to defeat the heuristic. 

On Wed, Jun 10, 2020 at 9:40 AM nopara73 via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
The problem with CoinJoins is that desire for privacy is explicitly signalled by them, so adversaries can consider them "suspicious." PayJoin and CoinSwap solve this problem, because they are unnoticeable. I think this logic doesn't stand for scrutiny.

From here on let's use the terminology of a typical adversary: there are 3 kinds of coin histories: "clean", "dirty" and "suspicious".
The aftermath of you using a "dirty" coin is knocks on your door. You using a "suspicious" coin is uncomfortable questions and you using a "clean" coin is seamless transfer.

In scenario 1, you start out with a "clean" history. By using CoinJoins you make your new coin's history "suspicious" so you have no incentive to CoinJoin. By using CoinSwap/PayJoin your new coin can be either "clean" or "dirty". What would a "clean" coin owner prefer more? Take the risk of knocking on the door or answering uncomfortable questions?

In scenario 2, you start out with a "dirty" history. By using CoinJoins you make your new coin's history "suspicious" so you have an incentive to CoinJoin. By using CoinSwap/PayJoin your new coin can either be "clean" or "dirty". What would a "dirty" coin owner prefer more? And here's an insight: you may get knocks on your door for a dirty coin that you have nothing to do with. And you can prove this fact to the adversary, but by doing so, you'll also expose that you started out with a "dirty" coin to begin with and now the adversary becomes interested in you for a different reason.

You can also examine things assuming full adoption of PJ/CS vs full adoption of CJ, but you'll see that full adoption of any of these solves the tainting issue.

So my current conclusion is that PJ/CS does not only not solve the taint problem, it just alters it and ultimately very similar problems arise for the users. Maybe the goal of unobservable privacy is a fallacy in this context as it is based on the assumption that desiring privacy is suspicious, so you want to hide the fact that you desire privacy. And the solution to the taint issue is either protocol change or social change (decent adoption.)

PS.: Please try to keep the conversation to the Taint Issue as this email of mine isn't supposed to be discussing general pros and cons of various privacy techniques.

Any thoughts?

--
Best,
Ádám
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev