For senders and requesters of data to remain anonymous, the remaining problem is that each node always knows the IP addresses of its neighboring nodes, the nodes which are directly connected to it.

Therefore, if your neighboring nodes want, they can still monitor which files you request or send and correlate to your IP address. A spy - a government agent, your boss, the RIAA, or whoever - could contribute own hub servers to the P2P net, ensuring that many nodes directly connect to his node(s), and then still keep a log of who sends and requests what.

There are a few workable, but imperfect solutions to this dilemma:

• only making outgoing connections through a HTTP/SOCKS/SSL proxy (Problem: A proxy cannot be fully trusted; proxy owners can be subpoenad)
• only making direct connections to "friendly peers" that you know and trust (Problem: your origin can probably not be identified but it is hard to find friendly peers in the first place, and those peers might then be at risk instead)
• exchanging sensitive data with a trusted peer over "ssl-through-ssl" (See next paragraph)