I sent the following message privately to @startersplugs and they requested that I post it publicly so here it is:
What I want from this thread
Real criticism, not encouragement.
Well, okay. I read the whole thing and it sounds like you’ve already thought it through pretty well. My criticism is: more privacy is not always better!
A good way to go about it is, write down all the information that you think should be revealed to whom, in your ideal system. “To whom” can go into a few categories:
- The end user (who can, of course, choose to reveal any information they have to anyone else).
- The public.
- A specific third party chosen by the end user (for example, if you use a lightwalletd you are choosing which one to use — or even to run your own — and revealing certain information to that lightwalletd).
- A specific third party not chosen by the end user, except inasmuch as they choose to use the system at all (for example a hard-coded “master view key” that could read all encrypted data of all users who choose to use the system at all, such as was previously proposed and shot down for Zcash ZSAs, and such as was just deployed by Tempo).
You might have different answers than I do about what information should be revealed to whom, but the exercise of thinking about it and writing it down is probably helpful even when your answers differ from other people’s!
So, to be specific, my criticism of your proposal is that in my humble opinion, some of this information should be revealed to the public. Even if you could successfully conceal it, I don’t think that would be better. Some examples off the top of my head: number of swaps, total volume swapped, which coins are being swapped for which other coins, total value at any given time custodied by intermediaries or held by smart contracts or otherwise outside of one end-user’s control. I think it is better if all that information is public, which I think is roughly what the current architectures like Maya’s achieve.
The reason I think that information should be public is 1. that I think it imposes little risk on end-users (whose privacy is basically safe if they store their value shielded at rest, regardless of the publication of this information, and whose privacy is basically lost if they try to gain privacy from value in flight, regardless of the publication of this information). and 2. that I think its valuable for the safety of users and the evolution of society for such information to be public, so that users and builders can monitor the operation of the system and how much usage it has overall and how much usage different parts of it have, and how much value is at risk of being lost or stolen due to flaws or betrayal.
So, to me, it’s not that I want that information to be concealed from the public, and the difficulty of shielded address integration, or the lack of sufficiently advanced technology, or whatever, has made that difficult. It’s that I think that information should be public, and your proposal to hide it from the public would, in my humble opinion, result in a worse trade-off.
There’s an additional more specific criticism I offer, that your proposal shifts some information from class 2—the public—to class 4—specific third parties that the user can’t select. I think this is often worse! People often assume this is better, because it is an improvement in “privacy” if information is revealed only to a few people instead of to the public, but I suspect it is often worse, because it gives those few people added power compared to the public and compared to the user, and those people then become targets of temptation, extortion, hacking, legal compulsion, etc. So just as a very general pattern (that I wouldn’t necessarily defend in every instance), I prefer for information to be class 1—held by the user—when it can be sensitive/valuable to them personally and unimportant for the public good, and for it to be class 2—the public—when that trade-off is better, but I usually prefer 1 or 2 over 3 or 4!
Okay, that’s the criticism you requested. I prefer to send criticism privately, but if you are interested in pursuing this topic and you want this message to be public, I’ll post it publicly if you like, or you can quote it with or without attribution to me if you like. 
Thanks for contributing to our great mission to improve the world for everyone! <3
Regards,
Zooko