The P2P filter sync is the part worth flagging. Client-side filtering already kept addresses local, so the residual surface on the old setup was sync metadata: client IP and block-range timing, mostly absorbed by Tor. Dropping the hosted filter server removes that trust point and the single-server availability dependency. The open question is whether it relocates the surface to peer level, which peers you pull filters from and the fetch pattern, rather than removing it outright. Feels like the same instinct that kept coinjoin going after zkSNACKs stepped back, applied to sync instead of the coordinator. How are you handling peer-selection privacy for the BIP157 fetch over Tor?
The P2P filter sync is the part worth flagging. Client-side filtering already kept addresses local, so the residual surface on the old setup was sync metadata: client IP and block-range timing, mostly absorbed by Tor. Dropping the hosted filter server removes that trust point and the single-server availability dependency. The open question is whether it relocates the surface to peer level, which peers you pull filters from and the fetch pattern, rather than removing it outright. Feels like the same instinct that kept coinjoin going after zkSNACKs stepped back, applied to sync instead of the coordinator. How are you handling peer-selection privacy for the BIP157 fetch over Tor?