I was thinking we would use a hash of the phone number,...

I was thinking we would use a hash of the phone number, and associate that with accounts.

Clients would hash the phone numbers and use the partial hash range.

We don't need to know the actual phone number, and we would do partial hash lookups similar to hibp (https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange) to preserve privacy in a secure fashion

#pixelfed #discovery

Like 11 Jul 2023 at 10:38 | Open on mastodon.social

4 comments

Martin Marguerat

@dansup You can look at how @threemaapp does the contact search in their server to discover accounts. I think they have a good solution

11 Jul 2023 at 10:43 | Open on mstdn.gsi.li

Simon

@dansup I would use such a centralised service because I trust you. But I would be more comfortable if the legal framework was right and the service was run by a purpose company.

11 Jul 2023 at 10:44 | Open on mastodon.green

Victor von Void

@dansup Discovery would only work, if people actually put their phone numbers in their profile. I guess most people won't, so this will only work for very few contacts, won't it?
I'm not questioning the idea. I just wonder if it's actually worth the effort and increase in code complexity.

11 Jul 2023 at 14:21 | Open on mastodontech.de

Claudius

@dansup the HIBP way is a good idea, but the possible combinations of phone numbers (10^11 combinations perhaps) is rather small. You can create a full rainbow table on a standard GPU in pretty short time.

11 Jul 2023 at 16:40 | Open on imd.social

Go Up