I was really happy this topic was discussed. Decoys being chosen by the remote node is a real threat. IPs are discussed but any individual willing to hide their identity will either go through tor or a VPN that claims no logs are stored

If you use your XMR on something with your mail on it, with any personal info linked or with a CEX, you’re cooked