oooh another thing you could try is simply enumerating all the nodes by aggressively peering and having a few nodes yourself, and then send someone a message with an ack and wait and see how long it takes them to acknowledge. If they almost immediately acknowledge, either themselves or through a middle node, then you can assume that they are one of the nodes on the network (default behavior is to publish acknowledgements shortly after getting them). If they don't acknowledge for half an hour or so, you can assume they are not any of the nodes on the network currently. Now keep track of nodes on the network by continuing to aggressively peer, and see the nodes that are on the network when you get the acknowledgement. The person you sent the message to is likely one of the people who recently joined the network, either that or the person who acknowledged is a middle node for the person who you sent the message. Do this again when the potential middle nodes are offline, if the recipient acknowledges before the middle nodes come online you can write off the offline potential middle nodes as being your contact. Over enough node churn and acknowledgements you can likely quickly determine your contacts IP address.