...
...
CryptoNote vs Bitcoin-based solutionsAn abstract approach
You can put all outputs in any blockchain-based coin in a DAG where outputs are objects and transactions are arrows. If the transaction involves multiple inputs and multiple outputs, then add an arrow from any input to any output (call this a clique). In any such clique you mix the inputs, which is a good thing. The problem with Bitcoin is that the size of the cliques is severely limited: normally, you only have multiple inputs with a common source and most transactions have only two outputs, one of which is a change address. This allows you to aggregate addresses under the same ownership and this ripples both backwards and forwards (the latter is more troubling since it is the antipode of forward secrecy).
CoinJoin-like solutions attempt both to directly increase the size of the cliques and to address the first part of the problem (common inputs share ownership). Stealth addresses attempt to solve the second problem (everyone sees where the money goes). You can see how instead of saying that CryptoNote is "simply" better than those, it is more accurate to say that those solutions are actually approximate partial fragments of CryptoNote. In other words, any hypothetical Bitcoin privacy solution would necessarily have both a CoinJoin-like AND a stealth address-like mechanism to be viable. Due to technical limitations in the Bitcoin protocol (that would require a hard, hard fork to implement), all CoinJoin-like solutions are complicated Rube Goldberg machines because you can only mix with inputs in your same clique and that is and can never be enough (*) and all stealth address-like mechanisms require extra back-and-forth to perform the DH exchange. CryptoNote does those two things naturally; indeed, one could argue that the main ways in which CryptoNote is not Bitcoin are precisely changes specially-made for these two purposes (plus different PoW and other "variables").
Now you ask, "OK I understand CryptoNote is the shizzle and Bitcoin-based solutions are the groupies, but I think Bitcoin's network effects, prime mover advantage and a decent privacy implementation would make alts an academic exercise." To which the answer only really depends on whether you think any alt can overtake Bitcoin at all and has not much to do with privacy. People have very strong beliefs about this question generally. My answer (and that of many if not most here) is that it is entirely possible, but not necessarily probable, since they cater different markets (light vs dark liquidity) and thus we move to a different question.
If you really care about privacy then you understand that approximate privacy is no privacy. Monero's attack surface is flat compared to a hypothetical Bitcoin solution's fractal closure. Whoever sees this will use Monero instead of the Bitcoin-solution for privacy even if the userbase for Monero is much smaller. (*) This is because CryptoNote allows mixes with the past outputs. This means you do not need other participants (which is a seriously heavy rock that all CoinJoin approaches have to carry arround). On the longer term, this means you can mix even if there are only two people left using the network; even if the last transaction was last year; and so on, even if everyone stopped using Monero after this block you could still mix ten years later.
Finally, give me a function that decides in poly-time the question "Is output X the true source of the money that reached output Y?" in a CryptoNote DAG
where all ring signatures have size at least 24 and I can probably decide 3-SAT in poly-time. The constant in the reduction could go to 12 since I'm pretty sloppy with map/fold. This means deterministic linkability is NP-hard and this is a very powerful result -- if the protocol is not misused, plausible deniability will never be compromised. If anyone's interested in pursuing this thread, the next question I have in mind is "What happens if we relax 'decides' to 'PAC-decides'?" A discussion of taint could come in handy here.