@pixelfed I’m not saying I will go ahead with this, I want your feedback before any decision is made!

I want to get this right, there is no rush, so please let me know your thoughts on this!

@dansup @pixelfed I wonder if there is some way you could do this while maintaining anonymity, the way Apple does with face data in Photos. Is the data set small enough that you could hash the contact details in the way that you would passwords and then compare them locally in chunks in the background? The only thing ever uploaded would be the hashes and all the matching in comparison would be done locally.

@dansup Not currently a user of pixelfed Myself. If such a service is fully opt-in and auditable, I don't think I'd mind. But it _is_ by definition a central authority in a system where we currently pride ourselves in not having central authorities.

@dansup I'd argue a contact list isn't my data to upload anywhere, for any reason.

@dansup @pixelfed what means im down?

@dansup @pixelfed
I'm opposed to contact-uploading in general. I don't think you can do it in an ethical way, because it is not your own data you upload. You always upload other people's personal data and there is no way to ask them properly to consent beforehand.

@dansup @pixelfed I have a feeling I might be in the minority here, but I do like the idea if done as securely as possible.

@dansup @pixelfed Centralized, I don't think so, but the discovery of contacts could be optional for the person using it, letting the person decide if he wants it or not.

@dansup @pixelfed sounds a lot like the central identity server that matrix protocol has and a lot of instances use. They are actually moving away from this centralized solution.

@dansup @pixelfed voted no because I wouldn't use it, but so long as it's opt-in, and has thorough security, I don't mind it being in the app.

@dansup @pixelfed
You could overcome the privacy implications by uploading the hash of the email or phone instead of the real contact and matching against it. I think Have I been pawned does a similar thing for the email matching

@dansup @pixelfed sarebbe meglio avere un server d'identità come fa matrix

@dansup @pixelfed hashing phone numbers doesn't solve anything! https://signal.org/blog/contact-discovery/

@dansup @pixelfed this is a bad idea from a security/privacy perspective, and users opting in to it probably won't be aware of the implications.

There have been attacks where people just generated every possible phone number and uploaded them as contacts to $service, resulting in a leak of every phone number and the linked account. Hashing does not solve this.

@dansup @pixelfed this is not a criticism, just a question: how would you do it without some personally identifying piece of information that my contacts have (i.e. my phone number, or my email) being publicly accessible because I have to put it on my account so that my account can be found?

@dansup @pixelfed This is a cool idea to push things forward. One small suggestion: in addition to “open and auditable” and “opt-in” I’d ask that you consider making it “user-swappable” via an open API that others could implement. This same model is our best path toward making other basic services work, too, such as like user directories and search.

@dansup @pixelfed I don’t personally like to put my phone number anywhere I don’t have to. None of my contacts know what the fediverse is anyways

@pixelfed @dansup

I guess the disaster privacy thing would be a group getting the database and the salt key and a telephone book: it wouldn’t take long to hash every number and check the db to reveal identity.

@dansup
Do we _need_ this?

@dansup @pixelfed what were the results for this? It looks 50/50 to me if you count the first two options as “for” and the third as “against”