diff --git a/router/java/src/net/i2p/data/router/RouterIdentity.java b/router/java/src/net/i2p/data/router/RouterIdentity.java
index 6dc7ca2d752e84c327b5e89ffb75f9589be5eaca..c649fb14ac96d029202996f2dfc768a8151c58c5 100644
--- a/router/java/src/net/i2p/data/router/RouterIdentity.java
+++ b/router/java/src/net/i2p/data/router/RouterIdentity.java
@@ -29,6 +29,11 @@ public class RouterIdentity extends KeysAndCert {
      * nor queried for the netDb, and that disclosure of their contact information
      * should be limited.
      *
+     * This is ONLY if the certificate is a hidden type.
+     * Hidden mode may also be specified with a capability in the RouterInfo.
+     *
+     * Not recommended for direct use.
+     * Use of RouterInfo.isHidden() (which calls this) is preferred.
      */
     public boolean isHidden() {
         return (_certificate != null) && (_certificate.getCertificateType() == Certificate.CERTIFICATE_TYPE_HIDDEN);
diff --git a/router/java/src/net/i2p/data/router/RouterInfo.java b/router/java/src/net/i2p/data/router/RouterInfo.java
index 390b013ec5e9c6f35109929367c82e155e433e55..fbcb570676ac60d684e936dba92ea0e119e7fd63 100644
--- a/router/java/src/net/i2p/data/router/RouterInfo.java
+++ b/router/java/src/net/i2p/data/router/RouterInfo.java
@@ -382,9 +382,12 @@ public class RouterInfo extends DatabaseEntry {
 
     /**
      * Is this a hidden node?
+     *
+     * @return true if either 'H' is in the capbilities, or router indentity contains a hidden cert.
      */
     public boolean isHidden() {
-        return (getCapabilities().indexOf(CAPABILITY_HIDDEN) != -1);
+        return (getCapabilities().indexOf(CAPABILITY_HIDDEN) >= 0) ||
+               (_identity != null && _identity.isHidden());
     }
 
     /**
diff --git a/router/java/src/net/i2p/router/networkdb/HandleDatabaseLookupMessageJob.java b/router/java/src/net/i2p/router/networkdb/HandleDatabaseLookupMessageJob.java
index 1b9dc04031b989dba1979b04b5671b4b0d5bb790..5a4c3a00b52d48081e5ef1071690acc03d296730 100644
--- a/router/java/src/net/i2p/router/networkdb/HandleDatabaseLookupMessageJob.java
+++ b/router/java/src/net/i2p/router/networkdb/HandleDatabaseLookupMessageJob.java
@@ -154,19 +154,11 @@ public class HandleDatabaseLookupMessageJob extends JobImpl {
                    lookupType != DatabaseLookupMessage.Type.LS) {
             RouterInfo info = (RouterInfo) dbe;
             if (info.isCurrent(EXPIRE_DELAY)) {
-                if ( (info.getIdentity().isHidden()) || (isUnreachable(info) && !publishUnreachable()) ) {
+                if ( (info.isHidden()) || (isUnreachable(info) && !publishUnreachable()) ) {
                     if (_log.shouldLog(Log.DEBUG))
                         _log.debug("Not answering a query for a netDb peer who isn't reachable");
                     Set<Hash> us = Collections.singleton(getContext().routerHash());
                     sendClosest(_message.getSearchKey(), us, fromKey, _message.getReplyTunnel());
-                //} else if (info.isHidden()) {
-                //    // Don't return hidden nodes
-                //    ERR: we don't want to explicitly reject lookups for hidden nodes, since they
-                //         may have just sent the hidden mode to only us and bundled a lookup with
-                //         a payload targetting some hidden destination (and if we refused to answer,
-                //         yet answered the bundled data message [e.g. HTTP GET], they'd know that
-                //         *we* were hosting that destination).  To operate safely,
-                //         perhaps we should refuse to honor lookups bundled down client tunnels?
                 } else {
                     // send that routerInfo to the _message.getFromHash peer
                     if (_log.shouldLog(Log.DEBUG))
diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/PeerSelector.java b/router/java/src/net/i2p/router/networkdb/kademlia/PeerSelector.java
index 4eb23e13cbd9dbf8d4cbdd814b0d29f6c17660b1..946aa0e6046f83bee5b483c7c5c63dfbd0283dc0 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/PeerSelector.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/PeerSelector.java
@@ -131,7 +131,7 @@ class PeerSelector {
             RouterInfo info = _context.netDb().lookupRouterInfoLocally(entry);
             if (info == null)
                 return;
-            if (info.getIdentity().isHidden())
+            if (info.isHidden())
                 return;
             
             BigInteger diff = HashDistance.getDistance(_key, entry);
diff --git a/router/java/src/net/i2p/router/peermanager/ProfileOrganizer.java b/router/java/src/net/i2p/router/peermanager/ProfileOrganizer.java
index 60bfab128cd446c3392c6a63a5aa826b81d4683b..31ff6a03a2342a52ff2b442de9a91f95c2397188 100644
--- a/router/java/src/net/i2p/router/peermanager/ProfileOrganizer.java
+++ b/router/java/src/net/i2p/router/peermanager/ProfileOrganizer.java
@@ -1355,7 +1355,7 @@ public class ProfileOrganizer {
             
         RouterInfo info = _context.netDb().lookupRouterInfoLocally(peer);
         if (null != info) {
-            if (info.getIdentity().isHidden()) {
+            if (info.isHidden()) {
                if (_log.shouldLog(Log.WARN))
                     _log.warn("Peer " + peer.toBase64() + " is marked as hidden, disallowing its use");
                 return false;