who is the target user in the threat model?

[kristovatlas]

For a while I've been saying that weights in the model are assigned according to severity of threat against the average user, but we haven't clarified further about this user. It would help at some point to clarify some assumptions about this platonic user and what assets he is protecting.

For example, how many Bitcoin addresses does the user have to protect from clustering analysis?
@jonasnick has observed that the average Bitcoin user on Android has approximately 1.73 addresses in total, or 2.6 addresses if you remove the users with only one receiving address. If a user with 3 addresses has two address clustered, that's two-thirds of his total wallet addresses clustered, which is a devastatingly high percentage.

Another person on Twitter reported 15 wallet addresses.

It may be helpful to come with some baseline numbers for assets that our user of concern has when assigning scores to items in the threat model.

Some informational assets that the user has (fuzzy -- needs refinement):

• user has N addresses in his wallet which ideally are not clustered with high percentage of accuracy
• user has M transactions in his wallet's history
• user has ambiguity over which outputs are spend vs change
• user has PII which may be linked with transactions
• user has behavioral patterns which might be communicated to wallet provider as telemetry data
• user has time-based behavior patterns, usually determined by time zone
• user has device containing forensic data about Bitcoin use
• user has multiple online identities that may be linked together
• etc.