For a while I've been saying that weights in the model are assigned according to severity of threat against the average user, but we haven't clarified further about this user. It would help at some point to clarify some assumptions about this platonic user and what assets he is protecting.
For example, how many Bitcoin addresses does the user have to protect from clustering analysis?
@jonasnick has observed that the average Bitcoin user on Android has approximately 1.73 addresses in total, or 2.6 addresses if you remove the users with only one receiving address. If a user with 3 addresses has two address clustered, that's two-thirds of his total wallet addresses clustered, which is a devastatingly high percentage.
For a while I've been saying that weights in the model are assigned according to severity of threat against the average user, but we haven't clarified further about this user. It would help at some point to clarify some assumptions about this platonic user and what assets he is protecting.
For example, how many Bitcoin addresses does the user have to protect from clustering analysis? @jonasnick has observed that the average Bitcoin user on Android has approximately 1.73 addresses in total, or 2.6 addresses if you remove the users with only one receiving address. If a user with 3 addresses has two address clustered, that's two-thirds of his total wallet addresses clustered, which is a devastatingly high percentage.
Another person on Twitter reported 15 wallet addresses.
It may be helpful to come with some baseline numbers for assets that our user of concern has when assigning scores to items in the threat model.
Some informational assets that the user has (fuzzy -- needs refinement):