Well, technically speaking, Monero isn't actually at fault in any of these stories.
> and irrelevant in most cases
It is highly relevant when you're being tracked by authorities. They typically start by sending you some money and then watching what happens to it next on the blockchain. E.g. that's what they did in this case where they traced a finnish man's monero: https://cointelegraph.com/news/finnish-authorities-traced-monero-vastaamo-hack
And in the Columbian case (where they ALSO traced a guy's monero) they also relied on the ability of the sender (in this case, Morphtoken) to point out exactly where he sent the money: https://cointelegraph.com/news/chainalysis-leak-monero-traceability
Lightning fixes this.
The simple fact is, on lightning, the sender can't trace his own payment, but on monero, he can, and this difference helps authorities arrest monero users.
Discussion
Both of these stories start with exchanges telling the authorities what pubkey received their money. The fact that they *know* what pubkey received their money (and can prove it) is a design flaw in monero. Lightning fixes it.
Also, in both of these stories, after the money went from the exchange to the user's pubkey, the analysts watched the blockchain to see where the money moved next, and it went to another exchange with a probabilistic identifier marking the user's pubkey as a possible sender. This enabled them to contact that exchange and find out the user's identity, which led to an arrest in one case and better evidence for the charges in the other.
Lightning fixes this too, because not only does lightning not tell them what channel the money went into in the first place, but when it moves out of the channel, the analysts don't get to see that, because the transaction isn't broadcasted. So they never see the money go to an exchange and thus can never know to contact them to obtain the user's identity.
Targeted surveillance is possible even with Lightning as well; it's just that the attack vector would be different. And that's not Lightning's fault either, just like it wasn't Monero's fault in previous cases.
I like that I can point out how lightning fixes a privacy attack vector and the response is "ok but it doesn't fix ALL attack vectors -- there's probably some other one it's vulnerable to."
Yeah, probably. But even if other attack vectors exist, that's no reason not to fix this one. I think monero should fix it too, and I am glad FCMP is being worked on to hopefully do that.
I don't see any major issue here that urgently needs fixing — it feels more like a hassle that just requires some extra steps to get around.
Even the sun has spots. 😏
Aside from being a tool for your spy games involving heroin sales and the purchase of military secrets, Monero is also just a regular means of payment, and things like this theoretically make it easier to use. You can come up with several scenarios where this "vulnerability" automates problem-solving.