default change address

[buhtignew]

I've noticed that the change of all transactions (for instance those created with pobtoken burn_coins, attoken create_tx, pobtoken claim and so on) goes to the default address which is, if I've got it right, is always the same for the same user. So I've asked myself whether this approach wouldn't facilitate tracking the activities of the users by unrelated people because all the addresses which produces transactions containing that same default change address can be grouped and greatly help the identification by the malicious actors.

By other hand during the testings it was quite annoying for me to see the balance of the address I was working on disappear because the change was gone by default to another address, so I was forced each time to stop thinking about the tests I was doing and to begin looking what was my main address at that moment and to copy-paste it into the command I was suddenly not able to use because the address balance were over and later on while I was working on another command the story were repeating itself again. So I was asking myself whether it's better both for the people's privacy as for the usability to have the main address as default for the change. But I remember we've spoken in the past about and although I don't remember why it seems to me the conclusion was that such a solution is not good for the privacy.

The other privacy friendly approaches I'm seeing right now are:

• to use a casual wallet's address picked up during the command execution, but in the long run I think it's possible to identify the user especially if he doesn't have the need to increase the number of the addresses in his wallet;
• to create a fresh address each time and to send the change there, but I don't know whether a big quantity of the addresses wouldn't cause the wallet to work slower;
• the user may decide a default address by himself (the issue is the same as with the default system address here of course);
• the user may create a list of default change addresses, even picked up from another wallet he has, and the code would use an address from the list on each run casually.

I feel sending the change to the actual main address and creating a fresh change address on each run are the most privacy friendly solutions.

However should we have a desire to enable the users using different approaches we wouldn't be able to find the vacant letters for the flags, for sure. For that reason I was thinking about different change profiles (each corresponding to one of the approaches described above or also other approaches you have in your mind as well). To enable a profile we can let the user putting a word after the -c flag for instance -c me, -c fresh and so on. If we opt for differentiating the change address profiles we can also decide to create a command in the config group, so the user would be able chose his default change profile by himself just once without the need to use the -c flag on each command launch at all.

If nothing of the above is possible at this stage, I think we should at least enable the main address as default, because it's more privacy and user friendly, IMO.

[d5000]

Just a little comment: I generally agree with you on this point. After I solve the last bug-related issues, I'll have a look into the Settings.change setting (which is defined in pacli.conf) and how it's managed currently, so I can assess how much work it would need for such a change.