Surely what they are saying they are doing is not really possible. They cannot with certainty verify who is paying who. They might be able to make probabilistic statements, but not certainty in all cases.
Even probabilistic data is bad. They could use it for targeted advertising for instance.
Plausible deniability is not the be-all and end-all. Even if they don't know for sure it could be reason enough to put you under further surveillance.
Was it not that a person had all his electronic equipment confiscated and brought in for having a bitcoin-node associated with a rogue transaction displayed on blockchain.info earlier on?
If there are entities paying for analysis of the block chain, and it's acted upon (by law enforcement) data that cannot be fully trusted, it could cause lots of troubles.
Also, while blocking ip's of nefarious nodes is a temporarily solution, it's only an annoyance for the perpetrators, and given they have sufficient resources, they could further hide their activity as to not give away their intentions.
Given they have enough resources, they could even have automated ip-switching going on. Once an ip is blocked by a sufficient number of legit nodes, they just switch the ip of that node, and all of that could be automated. So in essence blocking the IP's are a bit like holding your hand over a hole in your rowing boat that is leaking in water, might give you some temporarily relief, but is not a lasting solution.
Now - it's near impossible to know who really controls a node, if they really want to go stealth. If a node acts like a normal node in all ways, why should it not be considered a normal node?
If I understand it right, the chainalysis mode of operation is for them to connect to as many nodes as possible, so if I do a transaction directly from ip A, which runs a full bitcoin core node, be it on a cable-connection or otherwise, if cainalysis is connected to the node where the tx is orginating, the ip-address of the node where the transaction was orginating is recorded within the chainalysis database. They will probably use many other sources to get more info about the owner of that ip-address. If they're only a private company they will have less data points to work with, but if they're an intel agency, there's virtually no limit as to how sophisticated the systems could be, in theory they could plugin directly to the customer database of ISP's and have names displayed in real time in association with the IP's. Information that could further be relayed and shared with relevant parties.
Bitcoin is only pseudonymous, as everyone can lock up a transaction in the block-chain, and I assume network analysis cannot be prevented, but I do think it should be made more difficult.
But a blacklist solution is dangerous. Who's to decide what goes on the blacklist, and who's to verify the decisions are correct? Perhaps some automated solution in bitcoin core where peers that's behaving unexpectedly could be automatically banned is a better solution? But again, that's much like holding hand over leaking hole, as if certain footprints reveals rogue nodes, they will only change their appearance to appear more legitimate. And I'm not sure, but I believe bitcoin traffic is unencrypted in transit, so what prevents an intel org from manipulating the traffic (making legit nodes appear rogue), in essence grinding the entire network to a halt if nodes automatically ban misbehaving nodes?
I'm no TOR expert, but I've noticed there's been much mumbling about TOR not being all that secure anymore, so would a normal user really be more secure if he used Bitcoin+TOR?
Since bitcoin is supposed to be trustless, if we started to make a whitelist of legit nodes, that would go against that ideal.
So, in reality, how do we ensure that most nodes on the network are legit, and what's the best method of blocking rogue nodes from connecting to your own node?
In my view, in essence it boils down to freedom and privacy. There's something fundamentally wrong when certain people need to exert "control" over others against their will.
