If any of that was true then they would have been contracted by the FBI to deanonymize Whirlpool transactions from Samourai Wallet, and as far as I know, no deanonymization has been performed yet.
Simple, single-transaction coinjoins with a small UTXO set can be deenonymized, but not any types that are used in practice.
I'm pretty sure most of the deanonymization occurs only after coins have been moved from the coinjoin transaction output. For instance, the re-use of exchange (or other) addresses, and detection of patterns in send amounts, dates, and times. Yes, people really are that clumsy
, even while matching patterns may not be 100% accurate in deanonymization. As was pointed out earlier, its moreso the fault of the user for not changing their behavior than the coinjoin process itself.
Can you --the user-- make a mistake after coinjoining that ruins all your wallet privacy? Yes, absolutely.