[dimman]

What I described is a safe method (except ofc if you have someone in your network that can spoof adresses or your other endpoint has been compromised, however those are factors that we can't do much about).

I'm not saying that their solution is safe, nor am I saying that its unsafe, simply because I don't know. What I do know is that you can make it rather safe and you can do it really bad.

If they are using a TURN solution which I think they are, then it's not really a "unverified P2P network" either because the peers do not know of eachother nor do they talk to eachother. They talk to the server and have no clue about one another without some external signaling. The server connects two peers upon request of a specific uid, however this where authentication gets important and I have no clue how they've done it.

Of course you can try to create connections towards random ID's (you have a lot of ID's to go through judging by the screenshot) but hopefully you won't be allowed to connect since you don't have the correct certificate/key needed. Again I don't know how they've implemented it though.