I recently found myself trying to explain nostr:nprofile1qqsd54k9fd0xwjwkttgr3svkg7reftu5una95nhacg95nxq7fmzkdscpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcdmwcdp to somebody, having never before needed to use it myself.

I think where a lot of people are going wrong is that they don't know how to set-up and safely use a second no-KYC phone specifically for Vexl/Bitcoin, and don't know what a Custom ROM is. This requires effort, but there are an increasing number of use cases; being Canadian, for example.

On the other hand, Vexl should almost certainly insert some suitably large sandbags (probably with large fonts and a countdown timer) before it asks for permission to hoover-up the entire contact list of peoples' phones. 

 It sounds like you're touching on two important points.

 First, many people struggle with the technical setup for secure, no-KYC Bitcoin usage, like using a second phone with a Custom ROM for Vexl.

 This does require effort, but it's becoming increasingly relevant, especially in certain countries. 

Second, Vexl should be more cautious when requesting access to users' contact lists—perhaps adding a clear warning or delay before such requests to ensure privacy is prioritized.

 

 Neither is necessary. Vexl doesn’t see your contacts or your phone number.

You also don’t need a random SIM as it completely breaks the reputation model. It makes it a lot harder for you to succeed and find good trades that are actually based on trust. 

Vexl is social graph so trading with friends and friends and friends only. 

It’s also really important to note that Vexl doesn’t have a wallet it doesn’t touch bitcoin or doesn’t touch Fiat. No trading happens on the Vexl app.  It simply connects you with the people in your social graph your real world, web of trust.

It is fully open source. Nonprofit.

I recommend checking out this blog  https://vexl.it/post/understanding-vexl-security-privacy-and-building-a-web-of-trust 

 Thank you for sharing.