Realizing that I screwed up this explanation

The Eve-> Alice -> Eve attack I describe is always possible and has nothing to do with a malicious node>
That is to say
if the person you receive the Monero from and the person you send it to are colluding
they can eliminate the decoys in the ring signatures and see the true outputs

The danger with a malicious node is just that if you connect to broadcast a tx without hiding your IP somehow they can see that IP sent that transaction.
Which is usually true with other chains anyway
but Monero uses dandelion which prevents knowing what node broadcasted what transaction in most cases

🙇