If the ip address does not change, then it turns out that the Samourai whirlpool solves only the second problem: service cannot steal user funds, but they can easily match inputs and outputs.
This is 100% true, Samourai is able to easily match inputs and outputs in two different ways:
- A coinjoin participant does not use a separate Tor identity for input registration and output registration
- A coinjoin participant shares their input address and output address in the coinjoin with Samourai when syncing their wallet's xpub
By default, Samourai Wallet collects data in both of these ways, and does not notify the user that their entire financial history is being leaked. I opened an issue in their Gitlab to have these critical privacy features enabled by default, but it was deleted and covered up by their devs:
https://web.archive.org/web/20230417145554/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/458