"However, outside observers can usually calculate clusters of inputs belong to the same entity and the change output belonging to that same group of inputs." How big of a problem is this?
It's more of an "inefficiency" than a "problem". In order to create private funds in JoinMarket, here are the steps:
- Receive a UTXO into your wallet
- Act as a taker to sweep that UTXO to the next mix depth in a coinjoin transaction (turning it private)
- Wait as a maker for additional remixes until you spend
Once you spend your coins you also have to act as a taker to sweep your change output from that spend just like you do whenever you receive a new UTXO.
Also, is there any risk of having your "identity" revealed when using coinjoin through statistical analysis or does this only happen when you reuse addresses?
Coinjoins are specifically designed to defeat statistical analysis, but if you reuse an address then it won't make a difference whether you coinjoined or not.