GitLab

If Mallory knows Bob's handshake link, she may send it to Alice pretending it's Mallory's own link, in order to discover whether Alice and Bob are contacts/pending contacts.

When adding a pending contact we should check whether a contact/pending contact with the same handshake public key exists. If so, we should ask the user whether the new pending contact and the existing contact/pending contact are the same person. If yes, we discard the new pending contact. If no, we tell the user that two contacts sent the same link, which could mean that one of them is trying to discover who the user's contacts are, and we warn the user not to tell either or them that someone else sent the same link. Then we discard the new pending contact.

If we support more than one link format in future, Mallory may change the format of Bob's link before sending it to Alice, so we should compare the parsed public keys or public key hashes rather than the unparsed links.

Subtask of #1230.