Yep that's true. I give you an example about what I'm referring to
Suppose that you've a single token of 64 sats from a mint. Suppose that you need to send 30 sats: you need to contact the mint, return the 64 sats token and receive back:
1 token of 32 sats +
1 token of 16 sats +
1 token of 8 sats +
1 token of 4 sats +
2 token of 2 sats = 64 sats
With such "coins", you can add up 16 + 8 + 4 + 2 sats, create a payment of 30 sats and send it to the payee.
My issue is that if i contact a mint from the IP A.A.A.A and send it the token of 64, then receive back the splitted blinded tokens still with IP A.A.A.A, then the mint knows for sure that the first token of 64 didn't change owner and indeed was a "change creation" request and not a spending request. For sure the mint cannot know the exact "shape" of the blinded secrets, but knows that I'm due to creating a transaction.
Fair enough for the fact that the more the mint users the more difficult to do this reasoning, but still if every interaction with mint is from the same IP, the mint can possibly create an identity profile for their unique users.
Or am I missing something?