" We at the Lab previously thought that one possible solution to knacc's described attack would be churning, where one sends funds to oneself multiple times before using at a merchant. Unfortunately, this leads to chains of self-referential transactions, which leave an undesirable and identifiable statistical signal. "

Now the follow-up I've gotten says that this just means you can't churn too quickly. There is still no analysis of how often to churn, how long you need to wait, and on and on, until you're safe. The Monero wallets offer no way to manage your inputs either, so if you ever re-use a wallet (exchange->WalletA->WalletB a couple times) you'll leave even more of an trace.

So the number one idea that springs to mind, Exchange->Monero->Exchange, might be a worst-case scenario where you can easily be linked with a high probability. Especially when the approximate input time is known.

For instance, if you know a target exchanged Bitcoin in a certain transaction, you can simply trace all possible chains from that output and see when one hits an exchange, prioritizing shortest first: if an exchange output goes right back to an exchange, that's probably enough to get a warrant or targeted investigation.

Furthermore, an attacker could make a bunch of transactions so other transactions use known inputs, reducing effective ringsize even more. This wouldn't be very expensive at current volumes.

Even still, Monero still seems far ahead of competition. My biggest concern is that they don't put any sort of disclaimers, and incorrectly state it's untraceable. This will get people into trouble. The Tor Project does a far better job of being clear with the risks and shortcomings. The Monero community, mostly, seems to just advertise as if everything was solved. That plus the ridiculously low ring sizes feel rather irresponsible.