The summary thus far of my analysis of Darksend is that Evan has put into place adequate mechanisms to disincentivize theft of the collateral payments and to disincentivize Sybil attacking the inputs to a Darksend with legitimate Darksends.
The weaknesses (w.r.t. to anonymity) are that Masternodes can be purchased and if the adversary has too many of them, they can reduce your probability of anonymity unless you send your funds through dozens of Darksends between each receipt or spend transaction. If the adversary controlled 90% of the Masternodes, it would nearly impossible to be anonymous more than say 99% of the time, i.e. 1 in 100 of your spends would lose anonymity. Evan argues that attaining a lot of Masternodes is too expensive. Well probably so for the common criminal, but I am not convinced that is so for the NSA.
1 in 100 may not sound bad, but remember that loss of anonymity tends to domino cascade (for the holistic reasons I pointed out in my reply to LimLims on this page). And that is for the person who is extremely diligent to do dozens of Darksends between each spend. Most users are not so perfectionist. So for them anonymity could drop significantly.
The other weakness is that it is not yet mandatory to use an IP mixer such as Tor with Darksend, and if not all of the participants to the Darksend are obfuscating their IP, then the anonymity probability declines. Note that even if Darksend makes Tor mandatory, Tor is not the best we can do for an IP mixer. It is unknown how effective Tor is. Some might estimate 80 - 95%. Others might pull 50% out of their arse. I really don't know, but I don't trust Tor entirely. This combined with say 20% of the Masternodes compromised (and a little bit of normal human error on your part such as forgetting to send dozens of Darksends for each coin your receive) can also make it unrealistic to repeatedly sustain very military grade strength of anonymity. (But who said you wanted military grade assurance? Some do, some may not require it)
Darksend has anonymity. Darkcoin is an anonymity coin. The strength of the anonymity depends on the resources and resolve of the adversary versus the Darkcoin user.
I am still trying to think of suggestions to improve it.
I think the current state of things will be great for a V1 release, however what about the following strategy for V2:
Step 1: Users submit their inputs to master node, with collateral
Step 2: Users submit outputs and blind signature
Step 3: If missing an output, the master node will ask for users to send inputs/outputs. The missing user in step 2 will be charged collateral, then step 1 begins again without the bad actor.
To attack this, you must be in control of the master node and would have to pay the collateral to de-anonymize.
edit: nm, the master node could just lie and deanonymize everything it sees
Also don't forget the Masternode can't correlate a blinded output if the collateral doesn't accompany the blinded output. That one keeps getting me too, which is why I wrote it down in a post as follows so I wouldn't forget:
In case readers don't understand why the collateral payments can't be associated only with the inputs and not the outputs, it is because the outputs are blind signed. So if output signing fails, then there is no way for inputs to prove they signed the outputs in order to isolate the adversary(ies) who didn't.
So this is why output signing has to be correlated to inputs. This is what breaks the anonymity in terms of allowing Sybil attacks on master nodes (see my calculation example upthread).
Then apparently we also have the problem that collateral payments can be stolen by Sybil attacking master nodes (and miners/pools if the payments go to them), but still waiting to finish that discussion.