> 3) The recipient re-broadcasts transactions (is Theymos right here?),
> allowing both the sender and recipient to be found
>

Hm this would potentially allow getting the IP for any recipient Bitcoin
address, given that a client with the private key connects to the network
once in a while.

Send them a transaction that is guaranteed to not be written into a block by
a miner, then monitor who rebroadcasts it over a few days/weeks.

I guess this could also be used to find out who has the stolen coins.

JS