To protect your privacy, it is commonly recommended to send change to a new freshly generated address. It is argued that this makes it impossible to distinguish the payment from the change which makes it harder to group the transactions that belong to you.
Correct me if I'm wrong, I'm afraid it doesn't help in many cases. The reason is simple: payment value is usually smaller than the change.
When I spend money from my debit card, the payment amount is usually much smaller than the remaining balance. That's because I don't want to refill my card as often as I spend. The same spending habits applied to Bitcoin make transactions traceable.
If you have 10 BTC (say, you received it from an exchange) and want to pay 1 BTC, your transaction will have two outputs:
1 BTC - the payment,
9 BTC - the change to another your address.
Without any other knowledge, just by looking at the output values, it is usually safe to say that 1 BTC is the payment and 9 BTC is the change, and the address where the 9 BTC landed is again your address. Any other coins received to this address will be tracked to you. The subsequent transaction that spends the 9 BTC will be tracked to you.
Any thoughts how this situation is really often and how to protect one's privacy?