Oddbean new post about | logout
 Is the idea to save the hash publicly on kind0 and then search by it? Because then anyone can just copy the hash and "impersonate" phone numbers. It would be nice to add some proof that they actually control the number.  
 yea that is a problem :/ 
 Sms4sats.com has an API

https://image.nostr.build/56cf2a7e964729d44c8a06f14fc8686a9ed79321f2596cb206b91b5b25761d7d.png 
 Although signal would carry more privacy benefits, I think, than sms verification 
 If we rely on a service for verification we might as well do contact lookup via the purple api

I think signal did something with sgx? Could have swore they solved this problem. 
 What if the hashed phone number is stored as an event signed with a unqiue private key? That private key is stored on the user's behaf by the app which published the event. The app or service that finds matching phone number hashes then publishes a connect request event to the phone numbers public key, signed using the requesting user's private key. The phone number user can then see the connection request, and choose to accept or deny.

I've been thinking about building the general use case for this in AKA Profiles, where badges are always published using a unique private key, allowing badges to be discoverable, but not directly attributable to a user's public key without their permission.