Funny timing, we just published an RFC on a contact-matching scheme that's inten...

keeda · 2025-11-20T05:44:40 1763617480

I was peripherally looking into this for a similar problem domain: https://en.wikipedia.org/wiki/Private_set_intersection

Related to Zero Knowledge Proofs, the advantage is that phone numbers need never be shared in cleartext, preempting whole classes of attacks. However, could be overkill for your needs, and I am not sure how well current techniques would scale.

alkindiffie · 2025-11-20T07:23:38 1763623418

The RFC addresses security, but does not mention anything about privacy. I think the scheme ultimately boils down to trusting the server/instance.

It would be great if users don't have to share the actual number with the server, a hash or something like that but that would make it impossible to verify the number and verification is required to prevent spoofing.

Another way maybe is to have a trusted 3rd party (something like EFF, LetsEncrypt) that can be used by users to validate their numbers and applications can get the hashes from there.

hhh · 2025-11-20T08:22:21 1763626941

phone numbers aren’t unique enough for hashes, a lookup table would not be that much effort

npunt · 2025-11-20T07:57:10 1763625430

Ah its great you bring this up, it's timely as my app is adding contacts syncing soon and I want to do it in a secure/private way. If you choose to go ahead with this, are there any plans to make it open source? ty!

pfraze · 2025-11-20T14:55:38 1763650538

Yeah, it will be

fsckboy · 2025-11-20T00:32:20 1763598740

[flagged]

pfraze · 2025-11-20T01:19:39 1763601579

solid burn

GlacierFox · 2025-11-20T01:28:57 1763602137

[flagged]

pfraze · 2025-11-20T01:33:15 1763602395

It's a retirement home for elder millennials who just happen to be insane. Not the same thing.

isodev · 2025-11-20T05:21:03 1763616063

Ok, let’s not have the is Bluesky decentralised discussion again. Kudos to Bluesky’s PR efforts to use complex technology to basically sell themselves as whatever people want to hear (like NFTs but social media). There are a number of X/Threads clones out there, but I’d take a group chat on some relatively secure messaging platform over “social media” any day. Even better if it’s something I can self host or join into one from many servers (remember IRC? Good times).

We really need to rethink this “one corp owns all the keys and all servers” setup.

pfraze · 2025-11-20T14:53:40 1763650420

I’m just glad we didn’t have the conversation again

godelski · 2025-11-20T07:34:59 1763624099

  > Even better if it’s something I can self host or join into one from many servers (remember IRC? Good times).

What's stopping you? Even threads can connect to BlueSky

lxgr · 2025-11-20T11:10:34 1763637034

> Even threads can connect to BlueSky

I thought Threads only interoperates with Mastodon/the fediverse in some limited capacity. Did I miss some Bluesky integration announcement?

godelski · 2025-11-20T19:37:57 1763667477

You just need a bridge, as with connecting any decentralized platforms

https://fed.brid.gy/

lxgr · 2025-11-21T16:38:49 1763743129

That's opt-in, mangles usernames, and on top of that quite a few people on Mastodon seemed allergic to the very idea of bridging/federation the last time I looked into it.

godelski · 2025-11-21T20:09:01 1763755741

  > That's opt-in

So? It's just an example. I'm sure you could do it in a cleaner way. They use different protocols. If you can run your own server and connect with open source tools, it's decentralized. Though of course that doesn't mean a decentralized protocol isn't highly centralized. See email

yehoshuapw · 2025-11-20T06:40:45 1763620845

so matrix? (which has it's own issues, but will hopefully overcome them eventually)

tradevapp · 2025-11-20T06:18:03 1763619483

Yup

> highlights the risks associated with the centralization of instant messaging services

Any cervices, really