However, he acknowledges that this scheme may not be appropriate for every threat model and use case. For instance, if someone wants to use Bitcoin just as a foreign currency for its privacy and censorship-resistant properties, the swap-on-receive wouldn't be appropriate for them because they'll be doing a coinswap straight away to the VPN merchant. If the user is doing swap-on-receive, the user already has an anonymous UTXO, they can just transfer it directly in full to the VPN without using a CoinSwap. The number of CoinSwaps involved is the same: one. In both cases, the same expected number of CoinSwaps is done, i.e. one. However, swap-on-receive+swap-on-change amortizes the timing of the CoinSwaps so that you CoinSwap as soon as you receive, instead of as soon as you have to pay, so that sending payments is as fast as non-CoinSwap onchain wallets. There are still details like how much on-chain fees are and how much CoinSwap maker fees are, but they exist for both flows anyway. ZmnSCPxj suggests buying slightly more than the target amount, and if there is any change, it could be designated to be added to the mining fees or a donation to ZmnSCPxj.