Oddbean new post about | logout
elsat | 6 months ago (raw) | root | parent | reply | flag 
 Although signal would carry more privacy benefits, I think, than sms verification
jb55 | 6 months ago (raw) | root | parent | reply | flag 
 If we rely on a service for verification we might as well do contact lookup via the purple api

I think signal did something with sgx? Could have swore they solved this problem.
neilck | 6 months ago (raw) | root | parent | reply | flag 
 What if the hashed phone number is stored as an event signed with a unqiue private key? That private key is stored on the user's behaf by the app which published the event. The app or service that finds matching phone number hashes then publishes a connect request event to the phone numbers public key, signed using the requesting user's private key. The phone number user can then see the connection request, and choose to accept or deny.

I've been thinking about building the general use case for this in AKA Profiles, where badges are always published using a unique private key, allowing badges to be discoverable, but not directly attributable to a user's public key without their permission.