Great analysis, kmf. SS and I played with PyBitmessage about a month ago (there's a thread somewhere on the forum about it), and my general take away from a user perspective is that it's weird and buggy. It spits out scary error messages when you run it over Tor, and doesn't work well with Tor at all, so especially at this stage, with some 500-1000 clients on the network, it's trivial to enumerate the IP addresses of all users. If you're LE, communicating with an important target over Bitmessage, that's a relatively short list to work with. And the system wouldn't work if everyone ran their clients over Tor, because they can't accept incoming messages. Implementing a hidden service feature (perhaps with Tor over Tor to protect the HS) seems almost necessary unless and until the network has > 20K nodes. Of course, some of that will change with further development effort and growth, but it could be a year or more away from being "ready for prime time". Come on, you can't just throw that out there like that. At least at a general level, how does your system work?