Why use this complex mixnet stuff (that won't really work well) when Zerocash elegantly solves the problem and is entirely autononomous. To quote smooth (he was referring to Cryptonote but he should have been referring to Zerocash), "a pidgeon could carry your transaction to the block chain and it wouldn't matter". Let me rephrase that, "a truck with your name painted on the side could carry your transaction to the block chain and it wouldn't matter". With Zerocash, everything is hidden so even if you put your name in the transaction packets, it wouldn't affect your anonymity because no one can see any of the details of the transaction. All they will see is you put your name on this encrypted blob of data. So you are worried about the compromised key of Zerocash leading to a hidden inflation of the money supply (I was too), but it doesn't affect the anonymity in any case. Well even that has solutions, e.g. make multiple sets of keys and sign all transactions with more than one signature so you have more assurance that all of the keys weren't fraudulently generated. Or run Zerocash only as a mixer and net out all the coins in/out periodically to be sure it is not creating coins out-of-thin-air.
Well I don't agree with the bolded, and therefore I don't agree with your conclusions about zerocash. Conceding your IP traffic opens you up to a lot of timing and correlation attacks independent of the blockchain. The problem with blockchain analysis is that it can disclose a lot about you even if your net traffic is private. I contend you need both.
I also contend that the point of the pigeon example is that there will always be ways to make your net traffic private (at least what minimal net traffic is needed to send transactions), and even if regular users can't be relied upon to use great opsec, reasonably good opsec and network-level privacy can be automated and hidden where users don't need to know about it, just as end-to-end encryption in messaging apps now make using encryption easy even though using encryption directly (and correctly) can be hard.
Anyway, all that really matters is that people make serious and competent efforts to solve these problems. Even if one project doesn't get everything right immediately, lessons can be learned and applied by others.
EDIT: The above was a bit too extreme. I do
somewhat agree with the bold in that identifying one transaction doesn't support blockchain analysis to unravel a large part of the rest, which means the blockchain can't become an amplification of existing surveillance techniques. After all we don't expect that having a private blockchain by itself suddenly blocks all surveillance. I also agree (of course) that Zerocash is more effective in theory at protecting privacy than the techniques currently used in Monero. But then, comparing some future solution and assuming no undiscovered issues against something that exists now and is almost two-years mature is always pretty one-sided. Likely that will apply to what we are now calling Zerocash at some time in the future as well.