security brainstorming: how do we stop pairing IP address with wallet address?

[arilotter]

Broadcasting IPs to everyone is dangerous. Perhaps we need to move off webtorrent trackers, and to a more centralized but less dangerous service. Or, figure out a way to publish some information to a WebTorrent tracker without publishing an IP - maybe the Vaportrade site itself can run a small backend and pin a magnet link to each tracker, and then we can just publish addresses, no IPs, and the Vaportrade site can ferry requests to & from the trackers, just until users trust eachother enough to accept a trade request?

Major kudos to @collabshard on Twitter for these thoughts:

Exposing public IP of a machine with assets on it to untrusted 3rd parties (by design - that's how WebRTC works), what could go wrong.

New iterations should keep Joe in mind.

Joe average probably doesn't a) Use a VPN (recommend one?) b) Have a hot/cold wallet setup (Educate him?) c) Keep his system updated all the time (Educate) d) Want to get rekt / become an easy target for hackers

IP is the critical piece of information here. If it gets exposed and it's known that it's a Vaportrade user, crypto is at risk.

See thread https://twitter.com/usevaportrade/status/1478173602184847361