So if either one of those users can present an xpub that leads to only one of the 2 addresses, does that justify reasonable doubt from being the same person, and make it likely one of the private keys was manually imported?
This is an interesting question that I don't think we've ever tried to tackle here. My answer would be "no, it doesn't." All it concludes is that one private key was manually imported and it could still belong to the same person as the HD wallet. How often do people actually share their private keys with one another, anyway?
I think it is a context-dependent problem.
Let's say the only piece of evidence linking the two accounts was a single transaction from 2 addresses belonging to different members of the forum, and an xpub key reveals only one of two sending addresses involved in a transaction. I think the transaction itself still renders it likely that the 2 addresses belong to the same person, though a bit less conclusive as there are no other connections between the two accounts.
In this scenario, with the addition of the Ethereum blockchain evidence, I'd say the chances of the two accounts belonging to the same person go up dramatically, making it
very likely that they are the same person.
If anybody is wondering, yes there is an
xpub checker and it does work.