@dansup @pixelfed there are people with my phone number (republican family members) who i do not wish to interact with on social media

@dansup @pixelfed wasn't there Fediverse wide project for this? But if done right, this might be critical missing piece, yes, yes.

@dansup @pixelfed I wonder if there is some way you could do this while maintaining anonymity, the way Apple does with face data in Photos. Is the data set small enough that you could hash the contact details in the way that you would passwords and then compare them locally in chunks in the background? The only thing ever uploaded would be the hashes and all the matching in comparison would be done locally.

@dansup I'd argue a contact list isn't my data to upload anywhere, for any reason.

@dansup @pixelfed what means im down?

@dansup @pixelfed
I'm opposed to contact-uploading in general. I don't think you can do it in an ethical way, because it is not your own data you upload. You always upload other people's personal data and there is no way to ask them properly to consent beforehand.

@dansup @pixelfed I have a feeling I might be in the minority here, but I do like the idea if done as securely as possible.

@dansup @pixelfed Centralized, I don't think so, but the discovery of contacts could be optional for the person using it, letting the person decide if he wants it or not.

@dansup @pixelfed sounds a lot like the central identity server that matrix protocol has and a lot of instances use. They are actually moving away from this centralized solution.

@dansup @pixelfed
You could overcome the privacy implications by uploading the hash of the email or phone instead of the real contact and matching against it. I think Have I been pawned does a similar thing for the email matching

@dansup @pixelfed sarebbe meglio avere un server d'identità come fa matrix

@dansup @pixelfed My view is you should think beyond the technical aspects, specially in the current changing social media landscape.
Something that may seem trivial to you, like “phone numbers will be hashed before upload”, is I understandable for the vast majority of people, not because they are incapable - but because they aren’t invested in understanding.
When your app asks for the contacts list, many people may see it as another instagram-like, privacy-invading app, regardless of the technical explanations.

The question is, do you want/accept that fact or risk ?

@dansup @pixelfed this is a bad idea from a security/privacy perspective, and users opting in to it probably won't be aware of the implications.

There have been attacks where people just generated every possible phone number and uploaded them as contacts to $service, resulting in a leak of every phone number and the linked account. Hashing does not solve this.

@dansup @pixelfed this is not a criticism, just a question: how would you do it without some personally identifying piece of information that my contacts have (i.e. my phone number, or my email) being publicly accessible because I have to put it on my account so that my account can be found?

@dansup @pixelfed This is a cool idea to push things forward. One small suggestion: in addition to “open and auditable” and “opt-in” I’d ask that you consider making it “user-swappable” via an open API that others could implement. This same model is our best path toward making other basic services work, too, such as like user directories and search.

@dansup @pixelfed I don’t personally like to put my phone number anywhere I don’t have to. None of my contacts know what the fediverse is anyways

@pixelfed @dansup

I guess the disaster privacy thing would be a group getting the database and the salt key and a telephone book: it wouldn’t take long to hash every number and check the db to reveal identity.

@dansup
Do we _need_ this?

@dansup @pixelfed what were the results for this? It looks 50/50 to me if you count the first two options as “for” and the third as “against”