From an anonymity perspective, it is just as secure as current bitcoin protocols. Public anonymity at the sacrifice of privacy. In which case, if your 'twister' info is out there, you can theoretically be identified.
In other words, the security is poorly defined and based on the honest parties devoting at least as much energy to defending the system as the attacker devotes to attacking it.
What I want to know is this: What does Bitcoin have to do with this? You can have peer to peer, anonymous, encrypted messaging without any of the nonsense that Bitcoin entails.
I think the BtC protocol was used to ensure that peoples usernames were guaranteed unique, and linkable to a private key, i.e. verifiable. I think the whitepaper has more info, reading it now:
Basically, if you have anonymous, P2P, encrypted messaging you need to solve the problem of maintaining a public ledger of user names to public keys. There are several approaches to this, but one of the most compelling right now is using the exact same mechanism that bitcoin uses to prevent double spending. Twister has absolutely nothing to do with bitcoin, they are only similar in that double-spending a bitcoin is analogous to identity theft in Twister.
Yes they do but 1) most people are more comfortable dealing with usernames compared to public keys, and 2) distributing the public keys themselves can be tricky if you don't already have a trusted connection set up (just look at past abuses of Certificate Authorities for examples of this).
I do not see how distributing keys is "tricky" in this context. If you do not know who you are communicating with, then a man in the middle attack works if the attack occurs during your first attempt to communicate (think SSH); this would seem to be true regardless of the existence of a ledger, since you need to figure out which username you want to communicate with. If you do know who you are communicating with, you can distribute keys offline (e.g. "contact me with $key") or establish keys via some existing communication channel (OTR, PGP, whatever), just as you would have to distribute your username offline or via another channel given the ledger.
So sure, I can grant people are more comfortable dealing with usernames than with public keys, but that sounds more like a UI problem than a technology problem. People are certainly capable of dealing with Tor hidden service addresses, and I suspect that is because they are already using a UI they know well (their web browser).
From what I can tell its main focus is not to be an alternative to Tor, but a censorship-resistant P2P Twitter alternative. Or if you will, a "true" P2P social network (Diaspora, Status.net always relied on federated servers, which weren't that "decentralized", and normal users would've never hosted their own servers anyway).
