Oddbean new post about | logout
 Will never use this. Let the legacy surveillance state die. Don't tie your keys to your phone number.

nostr:nevent1qqsgxwajktcpwftkjp3cqt7h0atrye4wktl4yrxmqvxl5qc3jjre08spz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzqvhpsfmr23gwhv795lgjc8uw0v44z3pe4sg2vlh08k0an3wx3cj9qvzqqqqqqynamzun 
 This doesn’t tie your key to your phone number 
 i think it technically does in a reverse search way tho

but i also think that it has utility if you can find a way to do it that is vague enough in its matches to make it a requirement the user scan through a few dozen possible matches, that it isn't completely terrible

ultimately if you are privacy focused you aren't gonna put such a hash on the network, it's for normies with a lower sense of the importance of privacy 
 This is why I’m trying to come up with a way that makes it computationally infeasible to reverse it. 
 Range hashes are still on the table, so there would be no exact number 
 Two reasons why this is a bad idea:

1) Your phone carrier knows both your number and your first name.

2) Assume that the adversary doesn't know names or phone numbers. How many distinct phone numbers are there in the world, like 10^14, tops? How many distinct first names? Millions, although most of the population is probably covered by 100k first names. But let's say that you have on the order of 10^21 hashes to compute, that's 1000 exahashes. The bitcoin network does that every two seconds.
 
 1. People who care about their ISP knowing their npub won’t use this.

2. You can’t compare sha2 hashing to what im talking about here, they are not the same thing 
 1. Sure, but those who don't care can easily get identified, and therefore the people that they interact with/follow are much easier to identify by deduction.

2. What's the material difference? 
 unfortunately i think that's the thing, the less it leaks metadata the more candidates you are gonna turn up, which defeats the purpose

but i do think, regardless, that for building DVMs able to find any kind of data that this kind of cryptography is the way to make it possible for someone with a sufficiently high entropy clue set to match it up to a highly obfuscated data point

broaden your concept of how to generate the match set and balance your expectations with the idea that people who will publish such hashes are maybe putting a bullseye on their backs