6:45 "There is talk of increasing Ring CTs further, potentially into the hundreds which would make our job much more difficult because a big part of this is how to remove the decoys and actually perform some rudimentary tracing"

13:04 Explaining Dandelion: "At a certain, randomly selected point, a node will choose to start spreading a tx all around in the network. So if you are receiving it at that later stage, you have no idea whether that IP address you're receiving it from is the same IP address that it came from and in fact, it is very likely that it is not. The initiator's IP address is essentially invisible to you. [...] A lot of how we do our monero tracing involves IP observation of services. [...] Dandelion has made that impossible."

16:29 "We tend to look at the fee structure to identify behaviors."

20:33 "A user connected to one of our nodes in order to broadcast their tx. We're sort of bypassing Dandelion when they do that. The user connects directly to us, so we are able to see their IP address."

23:05 "Now let's introduce our simulation: we were asked to investigate a DNM, and specifically the admins who are believed to operate potentially out of Columbia."

23:32 "The admin was swapping from Bitcoin to Monero using the swapping service Morphtoken."

25:45 "Like I mentioned before, we attempt to collect IP addresses of services [...] and identify those so we can potentially find exit points for funds or subpoenable entities."

27:09 "[The swap] occurred before Dandelion was introduced."

29:01 "A user connected to our node to broadcast a tx [...] turns out the IP address is probably from a VPN."

33:25 "This is not going to be a good lead to follow with law enforcement because Exodus does not collect user information afaik. But it helps us to understand a little bit more of our target and maybe that is an indication that they are potentially using Exodus wallet. [...] We do not know with any certainty that our target is actually using Exodus."

35:17 - again IP address found because they didn't run their own node but it's also again from a VPN

37:16 - again didn't run their own node and this time IP address is from Columbia, not from a VPN!

38:26 - connected IP address to an entity that can be subpoenaed => prison :(

Yeah, by not running your own node and literally connecting to a fed node.

Thank you, this was very informative. I'm more bullish on Monero's privacy than before.

Conclusion: don't receive bitcoin as a DNM admin, run your own node, praise Dandelion, don't use KYC exchanges to cash out.