I got you on logic...
As long as you do your encryption inside of a lead and RF shielded case and your private key has not been compromised
1. There is always an analog hole. If you are interacting with a device outside your brain, then whatever you are doing exists in an unencrypted state and can be observed, even if your private key is inside a safe "compartment". Yes, you can interact inside a properly shielded and otherwise uncompromised room, but few people outside of professionals are ever going to do that. More realistic is that you will interact on a smart phone in public (or within sight of a window) and much of what you do will be observed by cameras or other surveillance devices. From there is is a small matter of archiving and search technology to find the recordings of your activity.
You constructed a strawman whose only purpose logically is to avoid addressing my point. My point is that one case is provable (I constructed my txn in a safe room and Zerocash is provably anonymous) and the other case is never provable (I don't know if my IP mixnet or my RingCT/Cryptonote was Sybil attacked).
My point is distinguishing between two different classes, not about arguments about how both classes are equivalent for the masses. Your argument about the pigeon was at least an expert could attain anonymity (meaning your goal was at least someone could get anonymity if they expend enough resources and effort), but the fact is the only way an expert
can mathematically prove his transaction is anonymous is with the Zerocash model, not the RingCT model (even regardless of IP address correlation because RingCT's can be Sybil attacked and intersection analyzed too!). So corporations could prove their privacy with Zerocash which has been one of your big target market arguments for Cryptonote.
Also the masses can be helped with dedicated hardware devices. The potential of the NSA monitoring every person on earth with RF detectives in a van outside their house is laughable. The main thing is to prevent the run of the mill viruses which can be accomplished easily with a dedicated hardware device. And then even the masses can have very strong assurances their transactions are private.
2. There are ways of getting your transactions out that don't require direct IP communications at all. The bar to find some way to do that is really very, very low. (As opposed to, say, interactively browsing a web site, which is a much tougher problem to solve.)
Focusing on IP addresses doesn't help you, per above that even RingCT/CN mixing is vulnerable to Sybil attack and combinatorial analysis. IP addresses are just yet another weakness of mixnets that are ephemeral and grouped, versus a single universal, persistent mixnet such as Zerocash. The difference is the class difference on the entropy. There is no comparison between them in terms of provable security.
Also I find that idea of using others implausible as a reliable security measure, but that is besides the point regardless.
3. Monero can be made very resilient to network-level surveillance, because of its end to end properties, similar to Zerocash. It won't be as good in terms of theoretical zero-knowledge properties,
Never will you have an equation which tells me what the probability of my privacy is in Cryptonote or RingCT, because it simply can't be computed. There are unknowns that can't be known. The entropy of the question is unbounded (non-deterministic).
So not only won't be as good theoretically, we can't even measure how much worse. We will never know. Because we won't know which Sybils and big correlation meta databases haven't yet come forth.
but it has a much better cryptographic and engineering margin of safety in practice.
I would not capitulate so easily that is provably true. Because for example Monero cryptographer (with pseudonym) Shen-Noether messed up the most basic thing about combinatorial analysis. Do I need to go dig up the link to the Reddit thread? You remember the thread because you jumped on my back assuming he was superior in intellect than me, and then I had to explain it out for both of you. I don't imply that he is dumb nor do I imply that he is not more skilled than me in cryptography and math. I am saying that he can't see all holistic issues, because he is not Daniel Berstein. That is not to lift myself up to their level in their field of expertise because I am not. But rather to recognize that even Monero doesn't have the resources of
the SCIPR Lab.
I would tend to agree that given enough open minded people analyzing it, RingCT could end up being more solidly vetted sooner than Zerocash. But the devil is also in the details of implementation and meta attacks (even timing attacks!). I mean you don't have Daniel Bernstein working for you. You don't even have Ralph Merkle. Zerocash has some serious PhDs working on it because zk-SNARKs are fundamentally very important for so many applications.
Also the problem for Cryptonote and Blockstream is they are so damn snobbish (just look the way they treated me in the aforementioned Reddit thread), that they are closing off peer review. They expect it to only come one way and yet they don't even have the resources to hire or interest the real greats in the crypto field.
So although I will tend to lean towards you may have somewhat of a point there, it isn't a slam dunk point. It is dubious.
And besides, I want the best class of crypto for the future. The sooner we can get busy moving that direction, my opinion the better. But if others wish to have other opinions, that is their (and your) prerogative. I am trying to convince you.
Yes there are potential weaknesses but they can be mitigated (for example by being careful how you respend your own change). It is already probably possible to do this with the existing tools as a careful and sophisticated user. We can make it easier for normal users (as in my analogy of how good end-to-end encryption exists today even though most users don't understand how it works or how to do it).
So many bandaids on top of bandaids, or finger in a leak then another finger in another leak and then...no more fingers. As I thought more about as a software engineer, I realized that K.I.S.S. beats a maze of spaghetti. I think ya know what I mean.
I am not sure what is best to do now. There is a lot of effort invested in CN. Do you expend more effort to add RingCT? Well RingCT does simplify a lot because no longer need to maintain equal denomination balances for mixing (which was a simultaneity issue also).
Seems to me you finish off by implementing RingCT, then you start looking at Zerocash for the next move forward?
But I hate slow moving evolution. My tendency would be to move straight to what is going to be the best future. I gather from your statements that you are not convinced Zerocash is a better future. You are apparently worried that the cryptography might be broken. I doubt it, but I need to study it more. I think what ever is broken on it can be fixed, because it appears to be built on solid theoretical findings over decades. When I have more time, I will continue my thread for
trying to understand Zerocash from first principles.