I actually like both coins too, but I would claim that it's ZCash that protects the user from the user's own mistakes.With ZCash, you need three simple rules:1. Accept only shielded transactions.2. Originate only shielded transactions.3. Generate a new shielded address for every counterparty and for every set of transactions that shouldn't be linked. The simplest and most foolproof way to do this is to generate a new shielded address for every single transaction. But they can and probably should all be in one wallet.It may be slow, but if you follow those simple, absolute rules, your payments are going to be very anonymous indeed.The ZCash wallets I've looked at don't seem to make (3) as easy as it should be, probably because people haven't considered the impact of different conterparties comparing notes about the addresses they send to. But you can do it in a fairly straightforward way, and the Monero wallets don't make the corresponding address management all that much easier.If you're forced to transact with people who "don't support shielded addresses", then ZCash does get more complicated. You have to keep your entire balance on a single shielded wallet; immediately transfer any incoming transparent transactions into that wallet; never, ever reuse a t-address; not "forward" any payment to a t-address with a similar amount to what came into a t-address; and always wait a random time on the order of several days between receiving a transparent transaction and sending any part of the money out in any way whatsoever.Which is still simpler than the stuff you have to worry about with Monero.
With Monero, there's a relatively small set of candidate outputs that "could be" the real source of each input to a given transaction. The current default number of mixins is 11. That's the real size of the "anonymity set" as most naturally defined, although the concept of an "anonymity set" is inappropriate for Monero to begin with, because the whole thing relies on a progressive combinatorial expansion that's not meaningfully captured in the idea of a "set".And even that is assuming that the age distribution used to pick mixins matches the age distribution of real transactions, which is at best extremely doubtful. If it doesn't match, then some sources start out more probable than others, and you can combine that with whatever else you can figure out.Furthermore, and probably more serious, if a transaction includes more than one input, you can match the histories of the inputs against each other and see if you can find information about them. If the histories of inputs A and B to transaction X both "possibly" share input C from transaction Y a generation or two back, then A and B are probably in fact derived from C.
You'll rarely if ever reliably or completely deanonymize anything in Monero. Monero can in fact be used to get practical anonymity. But if you look at transactions, you will get suggestive information that makes one user a more likely source or destination than another. And some user behavior can turn "more likely" into "much more likely".NONE of this relies on knowing any amounts or wallet address; it's all just about matching (possible) inputs to one transaction against outputs from other transactions.To get around that, you have to think about all those issues and plan a pattern of inputs and transfers that doesn't reveal too much. That's similar to the "extra steps" for ZCash, but much more complicated.
>>59252601Neither matters. Bitcoin is all you need.
Monero is getting full chain membership proofs. Ztrash is superfluous.
