Remove or isolate transparent addresses (privacy leak)

[powerkangaroo]

The client queries the lightwalletd server simultaneously for transactions to its transparent and to its shielded address. The client also reveals to the server if a block has a fully shielded transaction in which the client is involved.

Since fully shielded transactions are so rare that on average currently only every 4th block contains one, the server can tie transparent addresses to fully shielded transactions. If it's lite wallets sending fully shielded transactions to each other, from the server's perspective, this no more private than using transparent addresses, the difference being is that amounts are hidden.

For this reason, I suggest doing one of the following:

• Remove transparent addresses completely. Potentially split the wallet into two apps, one exclusively handling t-addresses, the other exclusively z-addresses.
• Disable transparent addresses by default. Put up a warning message and require opt-in from the user before first displaying transparent addresses and querying the server for their balance. Following that, require the user to pass a softer conformation screen every time the transparent tab is opened. Query t-addr balances only when the transparent tab is open. If there are confirmed transparent funds when leaving the transparent tab, suggest making a transaction that transfers them to a z-addr of the wallet. (This should be made as smooth and easy as tapping "Yes" on the screen, with amount management, address choice, signing, etc. all happening in the background.)

What do you think?