I don’t know what that is, nor have I used it, but I’m assuming it requires an internet connection, operating system, and browser at the very least. If so, there are multiple ways in which your ISP, browser (and any plug-ins you use in the browser), as well as the method of connecting to the internet (i.e. DNS server, wifi/router, mobile data connection, etc.) that could be used to collect data or metadata to build a profile. The device you are using, or even the screen-size could be useful to an attacker (or marketer).

That doesn’t mean that the contents of whatever is being transferred to/from “bitmessage” can be read, but “someone” would know that you’re using Bitmessage at the very least, the times you use it, perhaps the location you use it from, the device, OS, what plug-ins you might use. DNS records could build an even clearer picture of your activities. If Bitmessage requires an account or other form of verifying who you are (or how someone can contact you), then those could be collected and used against you.

That’s not to say you can’t protect yourself from some of the snooping. But apparently, the more you do, the more unique your online fingerprint is, which ironically, makes you more vulnerable.

Because the internet isn’t truly P2P (there’s always a third-party in the mix, either to deliver the data service or to relay data), you have to assume there are third-parties who can (and probably do) collect data from your activities.

But… your threat model also influences whether these “risks” are even worth worrying about. If you’re a regular teen on Reddit, you probably don’t give a shit at all. But if you’re a public figure, perhaps one who would be a target for governments or bad actors, then every link in the chain of interactions you have with the internet could expose you.