they discard the decoys when they’re given the transactions of interest, this lets them know that this transaction they saw on their node actually comes from that subphoenable entity (centralised exchange), from there they have the list of transactions that went through and they can rule out the dandelion decoys. but otherwise they can’t.
I also mentionned that they are looking at the fee structure on their malicious nodes, hence my recommendation to use the default fees. not sure if they’re actually using the rest. (number of inputs and outputs ?)
small detail, centralised exchanges know how much monero went through them. for that particular account. If you KYC’d there, they know how much monero YOU bought or sold on their platform