With this process, what info is an external "attacker" able to get from looking at the relays where the tokens are being posted?
Only who is receiving those ecash? Other info about the "payment"?