I’ve discussed the reasons for this choice before: Unified Addresses Composition - #45 by nuttycom and the follow-up posts provide my rationale.
A major reason for the choices we’ve made thus far are because we consider the operator of any light wallet server as an adversary, and we don’t want to give people a false sense of security; a compromise of the light wallet server that allows an adversary to link addresses that an individual using Zashi believes is private is worse; with a non-rotating transparent address, the user knows that they’re linking their spends and receipts.
I also want to point out the follow-up post: Unified Addresses Composition - #47 by nuttycom
The problem with transparent addresses isn’t merely that there’s a risk of linkability any time the wallet is interacting with the light wallet server (you’ll note that I’ve been pushing hard to mitigate some of these risks via https://github.com/zcash/lightwallet-protocol/pull/1, which was just merged this week, and my work supporting and reviewing https://github.com/zcash/lightwalletd/pull/534 which adopts those protocol changes.) The problem is also that, if at any time in the future, someone uses a Zcash seed in a wallet that doesn’t correctly handle transparent address fund discovery, then privacy is lost.
I also want to point to the work that’s in flight on Release 0.19.0 by str4d · Pull Request #255 · Electric-Coin-Company/zcash-light-client-ffi · GitHub and Release v2.4.0 by str4d · Pull Request #1830 · Electric-Coin-Company/zcash-android-wallet-sdk · GitHub to add limited transparent address rotation using the ephemeral key tree, which we can be more confident won’t be explored by transparent-only wallets that might inadvertently leak metadata to indexers that would allow transparent addresses to be linked.
All this is to say that while address rotation superficially looks like an easy win, it’s a trap that we’re trying very hard to defang. If there were an obvious solution that was guaranteed to preserve a user’s privacy then we would have done it already; transparent address rotation and gap limit exploration have been finished in the wallet backend for many months now. But it’s exactly our concern for users’ privacy that have caused us to explore these questions, and the fact that there aren’t fully airtight solutions are the whole reason we haven’t integrated transparent address rotation into Zashi yet.
Once you leak a bit of information, you can never take that leak back. None of this is as easy as we try to make it look. 