Those of you with packet analyzers, or who can read source code, may well notice that Yenta does seem to use some central servers. What's up with that, anyway?
Here's a short explanation. A more-complete one appears in various papers, reports, and a dissertation.
Yenta uses three main servers. Two of these are used entirely because Yenta is a research project. The third is a bootstrapping crutch, and Yenta can usually function without it, too. None of these servers store personally-identifiable information.
The statistics server receives statistical data from running Yentas. This makes it possible to figure out (approximately) how many Yentas there are in the world, how much use they're getting, whether or not clusters seem to be forming, what people are using the reputation system for, how many messages are being transmitted (but not what they are!), and so forth. This information is encrypted for transmission, using a session key which is itself encrypted by a public key wired into every copy of Yenta. The implementors have the private key. This means that the data cannot be eavesdropped en route. Furthermore, the data uses a separate ID (not the Yenta-ID) to identify which Yenta is transmitting, solely to be able to compare log entries over time for a given Yenta. Once the data lands on disk, there is no way to tell where it came from, whether by IP address or by YID, because neither of these are stored anywhere. The data does not include personal information such as your interests, your handle, or the automatically-generated attestation that includes your Yenta-ID. Also, if a Yenta encounters an internal programming error, a backtrace of the task that caused the error is also sent here so it can be debugged for the next release. This information does not include information such as your interests.
The debugging server receives plaintext data from running Yentas. The very first time you start Yenta, if you sign up for a mailing list, a message is sent here with your email address and the name of the list you signed up for.
The bootstrap server is used when a Yenta starts up for the very first time, and only if it cannot find enough nearby Yentas by doing a broadcast on the local network segment. (There may not be any Yentas on the local segment, or it may be running on a network that does not support broadcast.) This server stores only the IP addresses of the last few hundred Yentas to boot, the version of Yenta that they run, and the time at which they talked to the server. It's used to give a brand-new Yenta some suggestions about which other machines might be running Yentas. It doesn't include what those Yentas are interested in, of course -- only that, at some point in the recent past, some machine was running a Yenta.
If you still have questions about Yenta's security, please help to critique it, by joining the others who have looked it over.