Privacy in Bitcoin transactions
When thinking about privacy in Bitcoin, I find the following definition helpful:
"Privacy is the power to selectively reveal oneself to the world” — Eric Hughes (1993)"
This definition motivates the following statement, “Software should never reveal more information than necessary about a user’s activity.” Applied to Bitcoin transactions, this means we should attempt to keep the payment address and amount private between the payer and payee. One way to break this privacy today is through the “Payment to a different script type” heuristic.
In short, this heuristic works by inferring which of the outputs in a transaction is the change output by examining script types. If a transaction is funded with bech32 (native segwit) inputs and has two outputs, one P2SH and the other bech32, it is reasonable to infer the bech32 output is a change address generated by the payee’s wallet. This allows an outside observer to infer the payment value and change value with reasonable accuracy.