Hi @lynx, Indeed these have been answered before, but let me see if i can help you here to understand further.
Your PC will communicate with a node. Then that node passes on your request to the next node that is closer in XOR address space to the node (section really) that can respond. This continues till your request arrives at a node in the section that can handle the request.
The number of hops will be on the order of log of the size of the network.
Now the part that answers the query 
Each node will not be passing your IP address on, and none of the other node’s IP addresses either. The only IP address passed is to the immediate node each node communicates with since this is a part of the tcp/ip protocol. This often referred to IP scrubbing.
So how does the section that has the information get it back to you. Well what is passed is the XOR address and the reverse is used to get the info back to you. In this way no node pass the 1st node knows the IP address of the originator of request or information. And in fact the 1st node doesn’t even know if you were the originator or were passing on the information/request.
Now the problem of associating XOR addresses with IP addresses. Well I guess if you could monitor all ISP/routers in the world then you might be able to know the associations for a short period till nodes are reallocated and clients change their XOR addresses. So yes it is conceptually possible to unmask all IP addresses, but is practical problem due to privacy laws and a lack of sharing information
Then the bigger problem to doing this is its all encrypted so monitoring all routers/ISPs does not reveal your XOR address anyhow.
In theory yes. But deep pack analysis relies on what it can read from the packet (destination address only), the structure of the packet (length etc), and quantity/frequency of sending/receiving such packets.
Now since SAFE will basically look like any other HTTPS packet (ie all sorts of sizes/destinations) any deep packet analysis will have problems telling the difference and succeeding in isolating SAFE packets from the others. Imagine 5% error rate and killing packets to your bank, or company. There would be outrage. The issue then is that even if they can identify the packets (never 100% sure) it would be dangerous to their business to stop/slow those packets.
The other point I ignored above is quantity/frequency/patterns. Now since the packets are going to all sorts of IP addresses there is not a sure way to identify via destination IP address. And to quantity, well they may slow you down because of that, but again this can be a prickly one as Australian ISPs often find out when they try this. They lose business.
I guess the only pattern could be when a series of full chunks are being sent. They would be identified by approx 1MB of data via multiple packets sent to the one IP address. But since a series of chunks would likely be sent via different routes (IPs) then its not a clear indication.
So clients (users) are not at risk since their traffic is like normal browsing etc. Nodes may have some issues in some places due to the volume of traffic, but tests previous showed the traffic to be less than 5Mb/s (maybe less than 2Mb/s) on average and this is like watching a movie or uploading a movie to dropbox etc.
Yes it has information about nodes within the section and you could extract this. But again you need to have enough of these nodes reporting IP addresses around the network in order to make a map.
But even if you did there are a few issues to mitigate the effectiveness of this
- pure cost of running 10 to 100’s of thousands of these nodes for a mature network. 1000’s to 10’s of thousands for a network out of initial stages.
- Nodes are routinely relocated around XOR space in the network. This makes any mapping incomplete at best at any instant in time. And could see your “mapping” nodes bunch up at times
- When your node joins the network it does not choose where it goes but is given an XOR address by the network. So you would have no control where your “mapping” nodes got to. Random placing would see a doubling up of these “mapping” nodes in sections for a large number of your “mapping” nodes. Increased cost of needing more nodes to be mapping.
So yes in my responses there is an element of uncertainty of how well your node/client is anonymised. In a small network of a few thousand nodes it would be easy to reveal IP addresses and follow a portion of the traffic. But even in this small testnet size network you would have a measure of anonymity, but not guaranteed to any measure. But once you get to a reasonable starting size of 10’s of thousands of nodes, then you have a reasonable chance of anonymity but again not certainty.
Once the network is 100’s+ of thousand nodes (hopefully in the 1st year) then anonymity would be expected.
But there is no guarantee ever. But it should be close to certain with a largish network.