Sending a message to a recipient with a nonstandard proof-of-work requirement allows the sender to determine whether or not the originating address is part of the receiver's address book. This poses a problem because it allows address correlation.
Reproduction steps
Alice has a proof-of-work setting of 2.
She maintains two addresses, A1 and A2, which she does not want correlated.
A1 communicates with Bob frequently, so Alice adds his address, B1, to her address book.
Bob can now confirm that A1 and A2 are the same person by sending each two messages, one from B1 and one from B2. B1 will be notified by both A1 and A2 that it only needs a proof-of-work difficulty of 1, while B2 will not.
Summary
Sending a message to a recipient with a nonstandard proof-of-work requirement allows the sender to determine whether or not the originating address is part of the receiver's address book. This poses a problem because it allows address correlation.
Reproduction steps
Suggested remedy: Remove the custom proof of work functionality, at least from the client. Source: https://bitmessage.org/forum/index.php/topic,2969.0.html