Hi guys,
I just had this thought:
The mixin number is public, and AFAIK even CT won't conceal this.
People are able to set the mixin themselves. When someone uses mixin for example "23" by default, this is a risk:
It's a number that will not be used much, so all the transactions can potentially be grouped together.
How?
A merchant or exhcnage received a transaction with mixin 23. He checks the blockchain and sees a bunch of those transactions with that strange mixin number, so he can get a bit of info from it.
I know we are already protected by stealth addresses and ring sigs (and maybe CT in the future), but I think it would be a good approach to also "mix the mixin".
How?
Well, the GUI could have 3 levels for mixin, for example "low", "medium" and "high" and the option to customize it (for experienced users only)
When people select "low" they will use a mixin number randomly chosen between (for example) 3 and 6
When people select "medium" they will use a mixin number randomly chosen between (for example) 7 and 14
When people select "high" they will use a mixin number randomly chosen between (for example) 15 and 30
People can still can select "customize mixin" and even put in a number higher than 30...
This will at least lead to the mixin numbers between 3 and 30 being used very often, so these numbers can be picked without worrying.