The idea here is to define a comprehensive privacy threat model for distributed hash tables and similar P2P overlay networks. Focusing on privacy attack surface and metadata leaks of networks that rely on collaboration between peers to resolve and request content in a P2P network. The main goal is to lay the foundation for thinking and designing privacy preserving P2P networks.

It would be interesting to consider a layered threat model. I imagine a world where P2P networks will be the scaffolding for not only for sharing cat pics but also for secure messaging/ secure peer discovery, etc. This means that use cases and users will have different concerns and a different threat model.

scope/ideas to consider:

• what can an overlay neighbour learn about my behaviour on the network?
• what can a local neighbour learn about my behaviour on the network?
• given a set of network requests by the same peer, is it possible to link them together?
• given a network request, is it possible to derive who's behind it?
• global adversaries vs local adversaries
• "disgruntled former colleague" and "celebrity stalker" (Tracking protection libp2p/libp2p#67)