I haven't seen that particular paper before, thank you for sharing it. I observe that it was published 4 years ago and new privacy preserving techniques are available now. In particular, I think the paper makes assumptions that are no longer reliable. One of them is revealed in this sentence:

"This attack is possible for any source routing protocol using shortest paths or similar selection strategies." (page 2)

Thanks to the existence of rendezvous routing (as implemtented in bolt12, bolt11 Blinded Routes, and lnproxy), many source-routed payments no longer use the shortest path to the destination. Indeed, when those protocols are used, the sender does not *know* the destination.

Another unreliable assumption is revealed in this paragraph:

"Identifying [either party] reveals information about buying and selling habits to [the attacker]. While [the attacker] might not know the exact transaction value as it only sees the transaction with fees included, these fees are typically low so that the order of magnitude of the transaction value is indeed revealed." (page 5)

When this paper was published, LND supported multipath payments for over a year. So it was already unreliable to assume any given HTLC reveals the order of magnitude of the total value transferred in the corresponding payment, because when MPP is used, multiple in flight HTLCs may carry different parts of the payment. LND uses up to 16 shards, so one can only reasonably conclude that a given HTLC reveals something like 1/16th of the total value transferred, which is an order of magnitude different from their assumptions.