Just a side comment or two.
I don’t think it is feasible to hide the XOR address of a file / datamap because it breaks the content addressing aspect for apps, and means you would have to provide an intervening addressing scheme, an extra lookup, with several extra hops every time you access a data map.
But I don’t think you necessarily need to do that because, while…
That’s the case for public files, but I expect that’s both less bothersome - since we chose to make them public - and not that worth doing for an attacker, because the data is public anyway.
Private files are double encrypted, so discovering the data map is not an issue unless the app has also obtained and shared the key. And if that is happening, I think we have a much bigger problem.
@neo what do you think, does that stand up?