More Secure Discovery Alternative

A more secure discovery alternative, that would prevent phone numbers from being revealed, would be to give the user the option to include first and last name, and optionally email address along with phone number in a hash sending that hash to the server. This way, unless you have the user's full name and (optionally) email address, along with phone number, you can't deduce the communication between both parties. This would also permit for pseudo names to be used. Now, with that comes some potential for spelling mistakes and other things getting in the way. To address this, and add a further layer of abstraction through hashing, I propose having a look at this Stanford paper on document fingerprinting, which employs a sliding winnowing algorithm to generate sets of hashes based on fuzzy matching. This works on small data sets too, such as names and email addresses, or even authentication words, allowing you to further account for spelling, but also further abstract names and identifying information from a final hash.

http://theory.stanford.edu/~aiken/publications/papers/sigmod03.pdf

[Strilanc]

I think the requirement that the app be usable for non-technical users precludes this. They wouldn't be able to figure out why they can't call each other when they used a nickname, initials, first-but-not-last, had a typo, reversed the order, used "Mom" for their mother, etc, etc, etc.

It also introduces internationalization issues. See Falsehoods Programmers Believe About Names.

In other words, it would make more sense to think of this as an "Identity Password" that goes along with the phone number. And at that point, why even have the phone number? (The reason to use a phone number instead of an arbitrary string also basically comes down to usability: implicitly added contacts, works like a normal phone, easy to type, etc.)

[lcfr123]

Maybe it's an idea to have something like Threema's 'Threema ID'? The ID is a reasonably short (and unique) string that is the primary lookup mechanism. A phone number (and/or) email address are optional search mechanisms. It's up to you to allow yourself to be 'discovered' by those. And there is no direct relationship between your ID and you.

[caveman1973]

Telegram has an interesting implementation of usernames. [Optionally] In Settings you register one that is linked to your phone number. If you do, anyone will be able to find you by your username and contact you – without having to know your phone number.

I vote for the optionally usernames...