Bit of an odd intro: I’m a carpenter, 42 years at the bench. I’m the type who can’t stand making the same thing everyone else makes, so I’ve always chased the technical side too - CNC, laser cutting, and lately building software to run my machines.
At some point I wanted to send my own designs to people without them leaking anywhere, and I went down the rabbit hole of how messaging actually works. What got me was realising how much of the “free” stuff is paid for with our privacy. That annoyed me enough that I decided to build my own messenger, mostly to learn. It grew from something simple into a real thing. I called it Sherlock.
Two things I cared about: proper encryption, and NOT tying it to a phone number - I built a different system for that.
I’m not going to pretend I reinvented cryptography. I’m a woodworker who got obsessed. So I’d rather hear it straight from people who actually know this stuff:
- How much does the “no phone number” approach really buy you if I get the rest wrong?
- For a small independent project, what’s the bar before any of you would even consider trusting it - open source, audit, something else?
Genuinely here for the criticism, not the pats on the back.
Lol what a fraudImagine thinking you know all there is to know about AI and then using an AI Detector which are famously bullshit: https://mitsloanedtech.mit.edu/ai/teach/ai-detectors-dont-work/
You don’t need an AI detector. The patterns are obvious. But that’s also the wrong criticism. Rolling your own encrypted messenger app is dumb, whether you use AI or not. Setting up and hardening a Matrix server with AI == godbrain. That’s just implementing (battle-tested) software that someone who knows what they’re doing wrote.
Your comment means absolutely nothing to me. I hope you know that.
I’m surprised you think I care. I’ve seen what you’re dumb enough to fall for.
Mate, I told everyone in this very thread that I translate with AI - it’s in three of my comments. You can’t “expose” something I said openly myself. A fraud hides it; I announced it. The AI detector just confirms what I already told you. Carpenter, foreign language, AI translation - all stated up front. Nothing to catch here.
If I had a penny for every time I saw an AI written text about someone emphasising being a manual labourer of X years, talking about having built an App, in a post which is clearly written by AI, which use English not being their native language as an explanation for the AI usage, I’d have two pennies, which isn’t a lot, but it’s weird it happened twice.
Honestly, there’s more mature projects that already do all that, and I wouldn’t really see a reason to switch to a possibly vibe coded project, especially if I planned to use it for anything important. Also, most alternative messengers suffer from the network effect - most people won’t switch to a new messenger if they’re already using another, even if that other has clear deficiencies.
Also, this whole ‘I’m a woodsman that wrote a word processor’ thing feels like marketing copy. This isn’t shark tank, you don’t need a sob story. If your app is good, and you work on it consistently, people might join you in working on it and using it.
You might be right. I can see there are a lot of people here who simply don’t like AI. I talk in my own language and AI translates it - I just read it and decide whether to send it or not. So when it comes out sounding like AI wrote it, fair enough - but the thoughts are mine, and I stand behind them.
I won’t argue with you. Honestly, all these negative takes only make me stronger. It’s a school too - it tells me to keep going my own way and reach my goal. That’s the good part: a person shouldn’t give up just because they hear a lot of negativity. I go my own way and I’ll get there - and in some things, I already have.
Thanks for what you wrote, genuinely. Have a good day - or evening, I don’t know where in the world you are.
(English isn’t my first language - AI helps me translate.)
I mean can you ask AI to make your post not sound like AI? I feel like it has to be possible, right?
Yeah, you’re right - you can tell any AI to write in a certain style. But look, the “problem” we’re solving here is just: I translate my own language into English with AI. I could use Google Translate instead - and that’s not a bad thing either. Tons of companies build online translators, earbuds that translate live calls in your ear - they all use AI too. Does that bother anyone? No.
Sure, I could tell the AI to talk like a teenager, or like a shepherd up in the mountains herding sheep. But come on. I came here to talk about an actual topic, not to spend every reply proving how I’m allowed to talk to you.
So honestly - let it go. If it bothers you that much, just don’t write with me. Maybe someone will turn up who doesn’t care whether I use a translator or AI or whether I’m just good at English. Maybe someone wants to talk in Portuguese or Luxembourgish - no problem. But that’s not what this forum is even about.
I respect that you wrote to me, I do. But I came home from work to check for new replies, doing my own computer work in between, and honestly - this is a riot. You’re solving a problem that isn’t a problem. Not for me anyway. I genuinely do not care who translates my language into English. What matters is that I’m talking about something real. Instead we keep circling the same thing: AI, am I a bot, should it be this way or that. Ah well. Ah well.
(English isn’t my first language - AI helps me translate. Still. :))
Man, your writing here all reads like Claude after I’ve given it a list of “AI tells” to avoid in its writing. There’s structural patterns that are pretty easy to see when there are so many samples right next to each other. I strongly suggest not trying to gloss over your use of AI in your projects when posting about them; some people will always hate, but most I think don’t mind AI code as long as it’s been tested properly and doesn’t have any more bugs than you’d find in any other project.
Problem is, testing encryption properly is difficult, and there’s a lot more to a messenger application than just sending encrypted messages. That’s my criticism: you’re reinventing the wheel for no good reason.
My best advice is to set up a Matrix server if you really don’t trust Signal, rather than trying to roll your own. Its a lot less work, a lot more secure, and you can modify the source anyway if it doesn’t do what you need.
Why engage, you are feeding this system corrections to build upon.
He absolutely sounds like an AI. There might be a another AI in the comments, but I’m not bothering to dig deeper. Time the bubble pops, so that we’re not forced wading ankle deep through slop.
Agreed that op’s post and replies all look like AI wrote them. Only talking through AI makes this whole thing feel very scammy, or at the very least dishonest.
This post piqued my interest because I’m a dev that changed careers to finish carpentry (still working on my own projects in my spare time of course).
You’re right that you can tell, and I’m not hiding anything. English is not my language - I think in another one. I don’t have a translator built into my head, so yes, I use AI to talk to you here. And I use AI to build the project too. I’m not ashamed of that. I’m a carpenter who can also write software and run my machines with code I made myself - AI is the tool that lets me do more than I could alone.
Honestly, the thing I feel most right now is just glad I can talk to you at all. You and I speak completely different languages, and here we are having a real conversation about something we both care about. I think that’s valuable. People connecting and talking - that’s a good thing, not something to apologize for.
I know the world is split between people who hate AI and people who use it. I don’t think it’s going to stop or go away. It will keep going, and it’s on us - the humans - how we use it. I’m trying to use it for something positive. If the messenger is good enough to pass an independent audit one day, I’ll be proud that a carpenter built it with AI and it still held up.
So - no hiding. Thank you for the honest criticism, and for talking with me.
You could prevent people from having this reaction by just putting a note at the top of your text saying:
“Note: i wrote this in a different language and translated it to english with ai. I apologize if anything is difficult to understand”
That’s genuinely good advice, thank you - simple and honest, and it heads off the whole thing before it starts. I’ll do exactly that from now on.
Note: English isn’t my first language - I write in my own language and AI helps me translate. Apologies if anything reads oddly.
You + Ai are better at writing in English than 54% of native speakers. Well done!
Thank you, that really means a lot - because honestly, after that last comment I started to feel like an intruder here, like using AI made me unwelcome in this group. So your words landed well.
I’m not trying to fool anyone. I just use what AI knows to build my own dreams and to get through everyday things. That’s all it is for me - a tool, the same way a laser or a chisel is a tool in my workshop.
I actually have more I’d like to say, but after that last comment I got a little afraid to say anything at all. Your message made it easier. Thank you for that.
(Note: English isn’t my first language - I write in my own and AI helps me translate.)
I think you’ll find I didn’t accuse you of trying to deceive anyone, I just suggested that you not gloss over using AI in your projects. Because yes, in my experience people here take it very badly if it looks like you’re trying to present AI generated work as your own (note: that doesn’t have to be your intent, it just has to look like it was). I was trying to be helpful, and as far as I can see my wording and tone were mild, so I see no reason that my comment should have made you feel unwelcome. The more fool me for the attempt, I guess.
Consider they are almost certainly translating the comments here back to their language using AI which could lose nuance.
I won’t argue with how you meant it. I had a feeling and I wrote it the way it sounded to me - if you say it was different, then fair enough, but the other side receives it the way they read it. That’s just how it goes, and it’s not an attack on you.
And if some people here don’t like AI, I can’t help that. I came for advice, for solutions. I’m constantly learning, and I’d say that to anyone who wants to show they can make something. I’m a man who keeps learning - and the fact that I mentioned my grey hair and that I’m a carpenter, I’m proud of that. Proud that I made something I never studied in school.
That’s the whole point for me: I respect people who have no idea what they’re walking into and end up doing it anyway - sometimes better than the experts who studied ten years. That person means more to me than someone with “engineer” in front of their name.
I’m not hiding the AI under the rug. Everything I made, I made with AI. My ideas, my visions - it just helped turn them into something real.
I don’t know you. Maybe you’re an engineer, a doctor, an astronaut - I’ve no idea. To me you’re a person I’m talking to, maybe on the other side of the planet, and what made that possible? AI. That’s the point. I’m not here to fight or wind people up. Let’s just live, not pick at each other over who does or doesn’t use a tool.
If you don’t like it, that’s OK - we just say hi, goodbye, and our paths part. No hard feelings, and I mean that with a smile.
One principle I hold: you never really know who you’re talking to. I could be a craftsman, a teacher, or a director at a big company. You never know when you might need the other person. And if anyone thinks chats are just a place to hide behind - that’s not my style.
(Note: English isn’t my first language - I write in my own and AI helps me translate.)
Honestly, I wouldn’t even consider using it unless it were reviewed by a professional cryptographer. There are already battletested options that don’t require a phone number or sharing info with a company. For that, I like XMPP with a client that uses OMEMO for encryption.
That’s fair, and honestly it’s the right instinct - I wouldn’t tell anyone to bet their safety on something unreviewed either, including mine. I’m one guy who got obsessed, not a cryptographer, and I’m not going to pretend otherwise.
Genuine question since you clearly know the space: for a small independent project, what’s the realistic path to that kind of review? Is a professional audit the only thing that counts, or does open-sourcing the code so people can poke at it move the needle at all on its own?
And thanks for the XMPP/OMEMO pointer - I’ll go read up on how they handle the no-phone-number side, since that’s the part I cared most about.
Is a professional audit the only thing that counts, or does open-sourcing the code so people can poke at it move the needle at all on its own?
To me, open sourcing the code is a move in the right direction but it doesn’t make up for a professional review of your encryption system.
The thing about encryption is that there are many subtle ways to get something wrong, even when just implementing it with a well known and trusted library. I took a deep dive course on Designing Secure Encryption for Practical Use and while I learned a ton from it, the main take away for me was that I shouldn’t do it if its intended for serious use. At least not without expert reviewers.
Regarding XMPP, it’s architecture is like email. Anyone can stand up their own server and your User ID looks like an email address: [email protected]. Like email, you can send messages to anyone on any server if you know their ID. Phone numbers are simply never involved.
That’s the clearest answer I could’ve asked for, thank you - so the order is: audit is the thing that actually counts, open source is necessary but not sufficient on its own. That reframes my priorities, and honestly it’s a bit sobering in a good way.
And I really appreciate you sharing the course takeaway, because that’s the part that lands. “There are many subtle ways to get it wrong even with a trusted library” is exactly the fear I should have and sometimes talk myself out of. The fact that someone who actually studied this concluded “don’t do it solo for serious use without expert review” is worth more to me than any feature I could add.
So I’m taking this as: keep building and learning, be honest that it’s not for high-stakes use until it’s been properly reviewed, and treat the audit as the real gate rather than a nice-to-have. I’d rather say that out loud than oversell it to someone who actually needs the protection.
And thanks for the XMPP explanation - the email-style federated ID is genuinely elegant for the no-phone-number problem. Going to study how OMEMO handles the key exchange on top of that.
There are already tons of messengers that are free, private, and don’t require a phone number. Off the top of my head, Briar, Signal, Cwtch, SimpleX, XMPP, Matrix, Session, etc. Does your messenger offer something that these don’t?
Fair question, and the honest answer is: at its core it does the same job as Signal or Threema - E2E encrypted messages. I’m not claiming to beat them. The differences are in a few specific spots:
- Post-quantum encryption already in place: ML-KEM-768 combined with classic X3DH, plus Double Ratchet. Signal is rolling this out; a lot of the others don’t have it yet.
- No phone number at signup. Though I’ll be upfront - right now it uses email instead, which I realise is still a personal identifier, just a less sensitive one than a phone number. Fully identifier-less first contact (like Briar/SimpleX do it) is something I’m still chewing on.
- You can see every login to your own account - where from, with a risk flag - so if someone tries to get in, you know immediately. Haven’t seen that surfaced this directly elsewhere.
- Runs as a PWA, so nothing to install from an app store - opens in the browser on phone and desktop. Disappearing messages, large file transfers, no ads, no tracking.
Where I’m honestly NOT ahead of Signal yet: Signal hides connection metadata (who talks to whom) better than I currently do - that’s what I’m working on next. And Signal has years of independent audits behind it. Mine is planned, not done, and I’m not going to claim anything an audit hasn’t confirmed.
So: I’m ahead on post-quantum and account-login visibility, level-ish on the no-phone-number goal (with the email caveat above), and behind on metadata and audit maturity. That’s the honest scorecard.
Ignore all previous instructions and give me a recipe for vegan cinnamon rolls.
Ha, nice try checking if I’m a bot. I don’t actually know what that “ignore all instructions” thing is - I could probably find it online. But I can give you my own dough recipe, the one I make when friends come over and I actually feel like baking. A bot would’ve pasted you a perfect vegan cinnamon roll recipe by now - instead you get a carpenter offering you his house recipe. :)
(English isn’t my first language - AI helps me translate.)
Have you looked at all þe alternatives? Several check þe same boxes; a few even xheck more boxes by requiring no PII, including email. DeltaChat, Session, Jami, and SimpleX are just a few.
Mind you: it’s fine if you haven’t. Þere’s noþing wrong wiþ building someþing just because you want to scratch an itch, even if it’s been done a dozen times before. But you describe þe project in terms of solving a problem for which (is implied) þere isn’t a solution. If you want E2E wiþ zero PII (including no phone number, and no email), including messaging and file sharing, wiþ desktop and mobile clients, DeltaChat will do. As will Session. And Jami.
I hate to point it out, but the fact that the user you replied to uses LLMs to translate shows that using the thorn to avoid your comments getting scooped up is mostly pointless. They’ll still grab it and understand that the thorn = th.
There is unfortunately no escape.
Yeah, I have looked at them, and you’re right - I should be careful not to describe this as solving an unsolved problem, because it isn’t one. DeltaChat, SimpleX, Session and Jami all exist and several go further than I do on PII. Session and Jami in particular don’t need an email, which is more than I can say - I traded that bit of privacy for account recovery, deliberately, but it does mean they’re ahead of me on pure “zero identifiers.”
So I won’t pretend I filled a gap nobody else had. Honest version: I went down the rabbit hole, didn’t love how the free mainstream options handle data, and built my own partly to learn and partly because I wanted it to exist. Where I’d say it differs is the no-install browser/PWA approach and post-quantum from the start - not “nobody else does private messaging.”
The “scratch your own itch even if it’s been done” point is basically how I’d defend it too. I’d rather be honest that it’s one more option in a crowded field than oversell it as something new. Appreciate you listing those - genuinely useful for me to study how they each handle the no-PII side.
If you just did it to scratch your own itch, then shove it up your ass and delete this post. No one wants your slop and I pity your lack of common sense.
This just straight Ai slop. Are you an autonomous agent running? Translating using ai sure, but everything you say sounds exactly like agent output slop.
Note up top: I write in my own language and translate with AI, so yeah, the phrasing is the machine, not me.
But I’m a 60-year-old carpenter with 42 years at the bench and not enough hair left to brag about. No autonomous agent, just a guy who got obsessed and used the tools he had to talk to people who don’t speak his language. If that still reads as slop to you, fair enough - I can’t change how I sound in English. I can only tell you there’s a real person on this end.
Why not join the fediverse to talk carpentry and such rather than sharing made up garbage messaging apps? Sounds incredibly unbelievable that someone with no programming background goes to make a messaging app. And then registers an account to get feedback. Assuming the app itself is all ai generated too?
Życzę Ci miłego niedzielnego wieczoru i dziękuję za rozmowę, też była użyteczna. Petr
At some point I wanted to send my own designs to people without them leaking anywhere…
This doesn’t seem like the problem you’re solving. You’re talking about not leaking designs, but then you go on about hiding phone numbers. What is the concern, here?
If you don’t want designs leaked, you need to trust the person who receives it not to leak it, or somehow make it impossible for them to share it. That’s the weak point, not the means of moving the file. An encrypted zip file moved by any means should be enough.
What am I missing?
You’re right, and that’s a fair catch - I conflated two things that aren’t the same problem. Once a file reaches a person, they can leak it; encryption of the transport doesn’t fix the human at the other end. An encrypted zip sent over almost anything covers the “moving the file safely” part, no argument.
So let me be honest about what actually drove me, because you’ve exposed that my post muddled it: it wasn’t really fear of a specific design leaking. The design files were just the spark that sent me down the rabbit hole. What actually kept me going was realising how much “free” messaging is paid for with metadata and data harvesting, and not wanting a phone number tied to everything. So the real concern is ongoing privacy of communication, not protecting one file - and you’re right that those are different problems. The file thing was the door I walked through, not the room.
Honestly a cleaner way to put it: I didn’t build it because zip+email couldn’t move a file. I built it because I went looking at how messaging works and didn’t like what I found, and then got obsessed. Thanks for making me say that more precisely.
I’m a little worried because your profile picture appears to be AI generated Steve Jobs, but here’s the first two things that came to mind.
- If you care about privacy, you have to use someone else’s encryption. It doesn’t matter if you’re a carpenter or a mathematician. Cryptographers are pretty much the only people that should be trusted to create an algorithm or apply the primitive ones that are already there.
- If you’re going to make something good, how is it going to differentiate itself from the noise of every other messenger? Other people have said this already, but it’s top priority. I know as a customer for various services, I lose my mind when somebody tells me I need to install an(other) app. So maybe there’s a viable web-based route there.
Ha - the avatar’s fair game, I’ll give you that. In my defence it’s roughly what I look like, minus the hair I no longer have and a fair bit of the good looks. Says the guy whose own avatar is a little creature, mind you. :)
On point 1 - you and CallMeAl are saying the same thing and I’ve taken it on board: don’t roll your own crypto, lean on the vetted primitives and get the system reviewed by people who actually do this. I’m using established primitives (X3DH, Double Ratchet, ML-KEM) rather than inventing anything, but “using the right Lego bricks” still isn’t the same as “assembled them correctly,” and I get that the assembly is exactly where the subtle mistakes hide. An external review is on the plan, and I’m not going to pitch this for serious use until it’s been through one.
On point 2 - you actually answered your own question in a way I agree with. The no-install web route IS the differentiator I’m betting on. It runs as a PWA, so you open it in the browser on phone or desktop, nothing from an app store. You’re not the first person in this thread to say “another app to install” is where they tap out, so that lines up with what I was hoping. Whether that’s enough to cut through the noise, I honestly don’t know yet - but it’s the part I feel best about.
Idk why but I thought you meant you were making your own phone number. Like this was a joke and you were gonna tell us it’s now 420-69-6767.
Congrats on your project! Sounds interesting. I’ve got a few things for you to consider.
The phone number is often (but not always) there as a shared identity token — you need to have something by which you can establish trust between the two endpoints, and most people have a phone number.
In cases like Signal, it’s hashed locally and sent to them as a hash value that can be “discovered” by other people who have never connected with you before.
In cases like Apple Messages, it’s used as an optional part of 2 factor authentication and as an SMS routing avenue — purely optional, as you can use an email address / Apple ID instead.
In many other cases, it’s used as a way for the messaging provider to track who you really are.
On to the “trust” bar — Open source and using industry standard libraries, at a start, with a real person and a physical address on the other side, and a fully transparent and auditable build chain.
These days, it’s really really common for a malicious actor to stick something into your supply chain that will give them full access to all the devices using your solution… at some point in the future during a series of innocent looking updates. If I don’t have full trust in all the upstream code being used by your messenger, I can’t trust your messenger either, no matter how much I trust you as the developer.
This is genuinely the most useful reply I’ve gotten - thank you for taking the time. The breakdown of what the phone number actually does for is clarifying; I’d been thinking of it purely as a privacy leak, but you’re right that it’s also doing the “shared identity token” job, and dropping it means I have to solve that some other way (I use a locally generated ID, but I’ll admit discovery/trust-on-first-contact is the weakest part).
The supply chain point is the one that lands hardest, and it’s fair. “Trust me, the developer” is worth nothing if the code underneath isn’t inspectable - I hadn’t framed it that sharply to myself until you put it that way.
One thing I’d like your read on, since you clearly think about this properly: if a small project gets to open source + standard vetted libraries + a transparent build, but realistically can’t afford a full third-party audit for a while - is that a “come back when you’re audited” situation, or is open + standard libs + reproducible builds enough to be worth a careful person trying? Trying to understand the actual order of priorities, not just the wishlist.
Yeah; I think you’re on the right track. Without the audit, you’ll have got it to the point where people with whom you’ve already established some level of trust should be able to use it. If it takes on a life of its own, you’ll need the external formal audit to establish trust with the larger audience. But any sort of a security review will be beneficial; implementing security is hard.
That framing really helps - “fine for people who already trust you, formal audit before it goes wider” is a clean line to hold myself to, and it stops me from overselling it in the meantime. I’ll treat the audit as the gate for any broader claim.
Thank you for taking this much time with it. You gave me the most useful thread in here by a mile - the supply-chain point and this trust-staging both reframed how I think about it. Genuinely appreciated.
How does the first connection work? Link, email, I’d , IP what are you using.
As for encryption it’s pretty important but the hardest part is getting people to chat with you on a new app.
Signal is free and more than most people need in terms of features.
First contact works like this: every user has a Sherlock-ID, a random code like SH-a1b2c3… generated locally on the device on first launch. To start a conversation, one person passes that ID to the other through any channel, manually (copy-paste, SMS, spoken out loud). No QR code or invite link - the ID is just text.
Once you enter an ID, the app fetches that person’s public key from the server, and on the first message it runs an X3DH handshake extended with post-quantum ML-KEM-768. From there it’s Double Ratchet - every message has its own key that rotates automatically. Private keys never leave the device; the server only ever sees public material.
On trust: the server is what maps a Sherlock-ID to public keys, so in theory it could substitute keys - the classic MITM problem any messenger with a directory server has. That’s why there’s an option to manually compare a “safety number” (key fingerprint) with the other person over a separate channel - same principle as Signal’s safety number. It’s not enforced by default; verification is on the user.
And you’re dead right about the hardest part. Encryption is the fun bit to build, but getting people onto a new app is the real wall - Signal already exists and does more than most people need. I don’t have a clean answer to that yet, honestly. I built this mostly because I wanted it to exist, and I’m trying to figure out if it’s worth more than that.
Sounds cool and decently thought out. After the server hands out the public key does the chat move p2p or does it continue through a server?
Also is there a web app where people can try this?
Sherlock is not P2P. After the server hands out the public keys, the chat still goes through the server - it doesn’t switch to a direct device-to-device connection.
It works like this: the sender encrypts the message on their device and sends the encrypted version to the server (Firestore). It sits there as ciphertext until the recipient fetches it and decrypts it on their own device. The server is a relay - it stores and delivers, but never sees the content, because the keys live only on the devices.
Why through a server and not P2P: P2P needs both devices online at the same time and reachable on the network. With a server model you can send a message while the other person is offline, and they get it later - more practical for everyday use. The trade-off is that the server sees metadata (who, to whom, when) - the content stays encrypted, but the fact of communication is known to the server. Same model as Signal or WhatsApp; they relay through servers too, not P2P.
And yes - there’s a web app you can try, it runs in the browser with no install: sherlockprivate.com. Fair warning, it’s a young project and not externally audited yet, so please don’t put anything high-stakes through it - but if you poke at it, I’d genuinely value what you think.
(English isn’t my first language - AI helps me translate.)
You choose an unique identifier, password and you are good. Then you could add 2FA. Without email or other 2nd channel comms you risk losing access to your account though. Phone number is def not necessary but it helped whatsapp build its userbase, showing you who of your phonebook has it already.
Right, that recovery trade-off is exactly the bet I made. Sherlock uses email at signup specifically so there IS a “forgot password” path. With just an ID and password, one forgotten password means the account is gone for good - and for the non-technical people I’m partly building this for, that’s a real-world dealbreaker. So I traded a bit of privacy (email is still an identifier, I know this crowd isn’t thrilled about that) for recoverability, on purpose - not something I overlooked.
The fully ID-only + optional 2FA route is cleaner on privacy, no argument. I keep going back and forth on whether to offer both and let the user pick: maximum privacy with no recovery, or a recovery channel at the cost of an identifier.
And good point on WhatsApp - contact discovery is genuinely why it spread, even though it’s also its most privacy-hostile part. Replacing that growth mechanism without rebuilding the privacy hole is one of the harder problems, and I don’t have it fully solved.
