There was a post I read here a few weeks ago but c an't find it. It was mentioning questions about Monero's anonymity. I see a lot of people saying this is the best currency to use but it never includes any details as to why the anonymity in Monero is solid. I foudn this research paper on deanonymizing Monero transactions.
https://eprint.iacr.org/2017/338.pdf
Here is the gyst:
The choice of mix-ins used for the fake inputs doesn't guarantee the level of anonymity you think it could. What it seems is that Monero itself doesn't do the best it could in choosing the set of fake inputs. It seems like for instance that a fake input may be choosen that was already used as an input of another transaction (for instance, in a previous transaction with no fake inputs). Way I understand it: If you use 4 fake inputs + the real input, you think you are getting 1/5 odds of an outsider guessing the true input. But if say 2 of those fake inputs were involved in a previous transaction that is a known input, those 2 can be eliminated. This means your anonymity goes from 1/5 to 1/3.
The paper also implied or stated that future transactions could impact the anonymity of your transaction. I guess using the 1st bullet point as a basis, if a future transaction can be tied to a specific input that was used as one of the "fake" inputs of your transaction, then that eliminates that as a possibility as being an input on that transaction.
Applying probability and statistical analysis to the inputs being used, it is possible to assign weighted probabilities of each input of the likelihood of being the true input.
This post is meant to be a discussion and not at all saying there is something fundamentally wrong with Monero. I just haven't seen a lot of actual debate on the underlying technology that "proves" the anonymity being claimed with Monero. I don't know if Monero is as impervious to analysis as claimed. It does appear that the analysis used on Bitcoin isn't sufficient for the most part with Monero, but that doesn't mean there aren't other methods that can be used to deanonymize Monero transactions. Check out the study, seemed interesting and what I got out of it is that the amount of anonymity is not what the user thinks they are getting and it seemed like they were able to at least reduce the obfuscation, even if not completely but at least to some degree.
EDIT: From the paper:
Any CryptoNote coin that allows for only 1 mixin is vulnerable to a slow chain reaction in which the owner of very few private keys can violate the untraceability of much larger number of other users.
.
Note that since Monero developers chose not to perform the required blockchain analysis, they decided on employing a triangular distribution to sample the mix-ins from. Our work shows that a triangular distribution does not mitigate well attacks based on temporal analysis.
.
Moreover, our attacks are eff ective as over 87% of inputs are rendered traceable. We also found some traceability results on RingCTs and nally propose a better method (than the one currently employed) to choose mix-ins that mitigates temporal analysis.
https://www.reddit.com/r/Monero/comments/65waxo/a_traceability_analysis_of_moneros_blockchain/
Updates have been made since.