ZCash is ideal, theoretically. If they get the performance amped up so that private transactions don't take forever, it could really work cause they could make privacy mandatory. Though a 10% tax of all coins is rather questionable. The CEO of the company did say he felt zcash could be made traceable enough to be uninteresting to money launderers, whatever that means. Sounds like the opposite of fungible.
Monero's less theoretically secure, and indeed, there's no info on how to safely "launder" coins through Monero. Ringsize is very small, at 5. But it seems to be a proper community effort and probably the best contender right now.
Dash is mired in mishaps, from its inception and instamine as Darkcoin. A single user or group of users hold magical keys that can undo 24 hours of blocks. They have centralized nodes and the mixing scheme isn't even theoretically secure.
I should add that Monero doesn't use mixing in the same sense. The ring size works so that you cannot see which of the different choices is the correct output until spent. This is different from having the participants swap coins as you do when mixing. The ring size isn't directly comparable to the number of mixing participants or mixing rounds as the former isn't susceptible to blockchain analysis. You can only make probabilistic guesses or IP tracing.
There is no "official" recommendation of how to securely launder coins in Monero. What you can do is to send the coins to yourself a number of times using the default ringsize or "churning".
Sending coins to yourself, aka churning, might not work so well after all, according to the latest MRL report. They say:
"
We at the Lab previously thought that one possible solution to knacc's described attack would be churning, where one sends funds to oneself multiple times before using at a merchant. Unfortunately, this leads to chains of self-referential transactions, which leave an undesirable and identifiable statistical signal.
"
Now the follow-up I've gotten says that this just means you can't churn too quickly. There is still no analysis of how often to churn, how long you need to wait, and on and on, until you're safe. The Monero wallets offer no way to manage your inputs either, so if you ever re-use a wallet (exchange->WalletA->WalletB a couple times) you'll leave even more of an trace.
So the number one idea that springs to mind, Exchange->Monero->Exchange, might be a worst-case scenario where you can easily be linked with a high probability. Especially when the approximate input time is known.
For instance, if you know a target exchanged Bitcoin in a certain transaction, you can simply trace all possible chains from that output and see when one hits an exchange, prioritizing shortest first: if an exchange output goes right back to an exchange, that's probably enough to get a warrant or targeted investigation.
Furthermore, an attacker could make a bunch of transactions so other transactions use known inputs, reducing effective ringsize even more. This wouldn't be very expensive at current volumes.
Even still, Monero still seems far ahead of competition. My biggest concern is that they don't put any sort of disclaimers, and incorrectly state it's untraceable. This will get people into trouble. The Tor Project does a far better job of being clear with the risks and shortcomings. The Monero community, mostly, seems to just advertise as if everything was solved. That plus the ridiculously low ring sizes feel rather irresponsible.
I'm really interested in Monero but I lack a comprehensive understanding of the underlying technology.
Is there a good resource (apart from the Monero community itself) that explains Ring signatures and similar technologies, including their limitations?
From your answer, you sound very knowledgable in this area - could you advise some good resources to learn more?
Monero's less theoretically secure, and indeed, there's no info on how to safely "launder" coins through Monero. Ringsize is very small, at 5. But it seems to be a proper community effort and probably the best contender right now.
Dash is mired in mishaps, from its inception and instamine as Darkcoin. A single user or group of users hold magical keys that can undo 24 hours of blocks. They have centralized nodes and the mixing scheme isn't even theoretically secure.