I was able to do it because of a flaw in monero: by design, the sender knows what address he sends his money into and can report that info to authorities with cryptographic proof. This has led to multiple legal charges against monero users, see the attached thread for more info.
Lightning, of course, fixes this.
quoting nevent1q…7m94> He is using the view key to see things that are available by design for the sender. ... This is actually a feature, not a bug nor a weakness.
It has led to at least two people getting arrested.
The Finnish guy in this article: https://cointelegraph.com/news/finnish-authorities-traced-monero-vastaamo-hack got arrested after a CEX used this "feature" to trace his payment from their exchange to his private wallet. This "feature" told them the precise pubkey which held the money, which allowed them to tell the authorities to watch the blockchain for that pubkey to show up in future ring sigs. When it did, they discovered that he sent it to binance, where they got his KYC info and arrested him.
Nearly the same thing happened to the Columbian guy in this video:
Morphtoken sent his monero to his private wallet, and the authorities subpoena'd them to find out what pubkey they sent it to. They told them, and then they watched that pubkey to see if it showed up in future ring sigs. It did, and they kept tracing it forward til he sent a pair of transactions via a "poisoned node" (one run by Chainalysis) without a VPN, and these transactions sent the money to a centralized exchange and a point of sale system. They were able to get his KYC info from one of them (probably the exchange) and arrested him.
So the "it's a feature, not a bug" cope rings hollow. Lightning is way better for your privacy because the sender does not know what channel his money ends up in. He cannot give that info to authorities because he does not have it, so they do not know where to watch for future transactions, so they never get to contact an exchange and ask for more details about a particular inbound transaction. Lightning fixes Monero's "feature, not a bug" problem where senders can see where their money goes and then report that info to authorities.