There will be a close node group that knows an Address. In routing_v2 we have a nice mechanism though. Connect to a random group, so they know the address. From there connect through the network to your manager groups. This kind of connection is encrypted so invisible to the close group, yes they can tell you are talking to another group, but with an ID not tied to a person and certainly not tied to a login, then the group become a proxy of received messages so IP snooping is made much harder.
I said previously though if you image any system going over IP there has to be knowledge of at least the connection to the network. To this end using IP connections means there is always a hole. I must add though, the XOR address you will download with is a random meaningless address, so no point in your ISP trying to look at the data (encrypted), so an attacker would need to get in a group, but where that group is geographically is unknown to him. He may note some nodes in the group that have an IP in the jurisdiction he is in and get a warrant (ha) or whatever to snoop and then with a mega list of chunks he is worried about (easy part) try and see if a node he connects to sends a request for that key. Of course clients need not connect to all group members, but that’s another story (we could force groups geographically apart based on IP lists (not nice). So thi attack cannot be underestimated, but then again think global autonomous network with no knowledge of peoples public names processing data, it is a significant expensive lottery to try this snoop.
There are also a few tricks we have but after launch for sure.
People get tied up in this part, the answers are available though to get around it if we need to, but launch first is my priority, this one does not bother me at all as I think it sounds much more simple than it actually is. You will connect to a group of globally connected nodes with no idea of who they are and investigate the IP range to see if you can get the owner of it and then raid a hose and take away a computer to prove somebody downloaded something and guess what, in Maidsafe you did not, it was all on a virtual drive in memory and you log out and presto no trail. Now this are is something to work on, will any apps leave a trail (write to temp) and if so which ones and what do they leave behind. So SAFE apps should not in any way leave such a trail and any trails should be dealt with, this is much much more important I think.