Hash the phone numbers, and compare hashes to check for abuse. This way you don't know the phone numbers, but you can ensure nobody reuses the same one twice.
Thanks for making this open-source, and implementing the client-side key generation as I recommended on GitHub.
Great suggestion, a shame I didn't came to this solution.
Will go for it this weekend - anyone can check the code on git when it's ready.
I'am also open for an audit if there are security concerns.
All phone numbers are purged from the db now and instead a SHA-256 hash is stored for each account created. Works like a charm!
Aye! I'am really thankful for those insights - which are really valuable for me.
Usually I don't need papers but a little kick into the right direction :)
Excellent idea to protect users' privacy