It would be easier to begin building a database of known addresses. People have addresses in their Sigs. They publish addresses, etc.
When those addresses spend coins, you know they spent them, so you can track where they went. If they went to a known address in your database, you can begin to build patterns of transactions.
For example, I just announced elsewhere in the forum that I sent a donation to a developer. That receive address is well-known and I even mentioned the amount. So it would be trivial to find the address that sent the coins. If I didn't have enough coins in the address selected, it will have multiple inputs to make up that address, so that will leak another address or set of addresses. Those addresses received coins at some point, so now you know additional addresses of mine and can reverse-engineer additional receipts. Also, if the inputs are greater than the output, then the client will spin up a new address to accept the change, and now you know another address of mine, and can watch for it later.
The TOTAL address space currently in use is trivially small compared to the total address space available.
Wouldn't be too hard to build a system that watched block explorer, recorded every address seen, then used spiders to begin to index addresses that have leaked publicly. Once built, you can then begin to track transactions against known leaked credentials.
Said database could also be written to allow "guesses". Lots of people commented before the Mt. Gox hack that the 400K BTC that were moved must have been them moving them to an off site wallet. So, mark that address as owned by Mt. Gox, then look at every address that sent to that address, chances are they're all Mt. Gox addresses. You don't KNOW that, but you can guess. So, have some sort of "certainty" value in the database that can be modified as you learn new facts. Sort of like the small pencil marks people use in Suduko.
Hmm, now this sounds like a fun project.
How would that even be possible?
There are multiple sending and receiving address in your wallet. You could use a different address for every transaction.
Just because I have a donation/receiving address in my posts, does not give you or anyone access to a sending address I tell the client to create (and then later use to buy something).
