| ▲ | pfraze 6 hours ago | |||||||
Funny timing, we just published an RFC on a contact-matching scheme that's intended to be resilient to this kind of enumeration attack at the cost of reduced discovery. We're soliciting feedback so now's a good time to share the link - https://docs.bsky.app/blog/contact-import-rfc | ||||||||
| ▲ | keeda 30 minutes ago | parent | next [-] | |||||||
I was peripherally looking into this for a similar problem domain: https://en.wikipedia.org/wiki/Private_set_intersection Related to Zero Knowledge Proofs, the advantage is that phone numbers need never be shared in cleartext, preempting whole classes of attacks. However, could be overkill for your needs, and I am not sure how well current techniques would scale. | ||||||||
| ▲ | isodev an hour ago | parent | prev | next [-] | |||||||
Ok, let’s not have the is Bluesky decentralised discussion again. Kudos to Bluesky’s PR efforts to use complex technology to basically sell themselves as whatever people want to hear (like NFTs but social media). There are a number of X/Threads clones out there, but I’d take a group chat on some relatively secure messaging platform over “social media” any day. Even better if it’s something I can self host or join into one from many servers (remember IRC? Good times). We really need to rethink this “one corp owns all the keys and all servers” setup. | ||||||||
| ▲ | fsckboy 6 hours ago | parent | prev | next [-] | |||||||
[flagged] | ||||||||
| ||||||||
| ▲ | GlacierFox 5 hours ago | parent | prev [-] | |||||||
[flagged] | ||||||||
| ||||||||