I hear you. I never use the internet without Tor or VPN. You mentioned they shouldn't have implemented a 2-hop step like Tor. 

Maybe I am misunderstanding. How are you saying the forwarding relay can track who you are sending things too? There is an additional layer of e2e encryption between the sender and the destination relay.

In addition, "each message forwarded to the destination relay is additionally encrypted with one-time ephemeral key, to be independent of messages sent to different connections."

----

"Private message routing is, effectively, a 2-hop onion routing protocol inspired by Tor design, but with one important difference - the first (forwarding) relay is always chosen by message sender and the second (destination) - by the message recipient. In this way, neither side of the conversation can observe IP address or transport session of another.

At the same time, the relays chosen by the sending clients to forward the messages cannot observe to which connections (messaging queues) the messages are sent, because of the additional layer of end-to-end encryption between the sender and the destination relay, similar to how onion routing works in Tor network, and also thanks to the protocol design that avoids any repeated or non-random identifiers associated with the messages, that would otherwise allow correlating the messages sent to different connections as sent by the same user. Each message forwarded to the destination relay is additionally encrypted with one-time ephemeral key, to be independent of messages sent to different connections.

The routing protocol also prevents the possibility of MITM attack by the forwarding relay, which provides the certificate the session keys of the destination server to the sending client that are cryptographically signed by the same certificate that is included in destination server address, so the client can verify that the messages are sent to the intended destination, and not intercepted." 

 It's similar to how gifwraps work. The forwarding relay knows your IP (because you connected to it) AND knows to which server to send your message to. So, if you are talking to somebody for a while, the server has mapped your encryption key + IP + location with the "next hop", which they forced to be the final hop. It knows how many messages where sent, and when, to that specific destination. If you are following their guides and using a different server for each receiver, then the forwarding server can map out how many different people you are talking to. 

Ideally, these forwarding servers should be randomized per message so that they can't assemble a conversation, and if the app can add more hops, it becomes even better. 

It's kinda where we are going with NIP-17, using random DVMs to forward content to the next relay/DVM. The starting IP is obfuscated by randomness. 

But in order to do so, the community must have 1000s of forwarding relays out there so that the app can randomize them per message. 

 IP obfuscation is a separate problem. Always has been. The shop down the road doesn't care how you get to the shop either, it's not their problem. 

 Means I have some idea as to what works and what doesn't.

What you propose there is called epidemic forwarding and the usual first attempt by all those that can't be bothered to make even the slightest attempt at learning from past failures.