Surprisingly surprised. Even more since they somehow admitted that your concerns were valid. This raises the question about competences of those involved in previous discussion on that regulation.
Discussion
My suspicious is that 95% of "the industry" does not a give a fuck about their customer privacy and instead just wanted something easy to automate.
Plus IIRC there were compliance-as-a-service companies lobbying *for* this rule.
Fair enough. They also didn’t bother asking someone from outside the closed circle of lobbyists. Well, but better now then never. I wonder if there will be any real effect in the final regulations.
its obvious, look at most centralized exchanges, their ux is always in favor of reusing addresses because its easy.
anything useful for the users in the financial surveillance industrial complex is there by accident. best practices are never in favor of the user, always in favor of the oppressor.
Kraken made it pretty easy to rotate deposit addresses, even showing you if they've been used before. For withdrawal this is trickier, and the travel rule made it even worse.
Silent Payments would fix it entirely for withdrawals; just verify it once and you're set.
But for deposits that doesn't help. Same issue with Lightning. Fundamentally the concept of a "from" address doesn't really work in Bitcoin.
(and it *shouldn't* work probably)
I see no sense in on-chain privacy if you were already KYCed by CEX and all sorts of commercial chain analysis can link it all