I just tried your bot now, and this complicates my feature request. But it may also be a good reason to publish the full list: if someone is using your bot to get notified when I'm mentioned, I'd want to know about it.
I could add a note saying that there is no way to know if the user is an impersonator and optionally let them send a DM to @TryNinjaBOT so they are marked as "verified".
[...]
It sparks a question in my mind: is it possible with the current system for anyone to carbon-copied someone's notification? Suppose I registered myself on the tg bot, I understand the database collected our tg username and the BTT UID, does the bot allows other tg to register and bind themselves to the same UID or will it automatically reject the impersonator's registration because the BTT UID is already registered to someone's tg username on the database?
If it is possible, how feasible is it to make a restriction where once an UID is bind to a TG username, no other TG username can connect to the same UID anymore? Suppose an impersonator get ahead of the original UID owner and registered the UID to the tg bot, the original owner can just write here to sort it out? If... that's not too troublesome.
I would appreciate a view from anyone contrary to having their username exposed without consent.
If I have to put myself in other perspective and think of the possible detrimental effect of this idea --thus opposing it-- it would be an added possibility of (1) receiving unsolicited DM, be it the scam offers, or someone genuine from the forum trying to reach you personally, and (2) having my TG enrolled to a telegram bounty campaign without my consent by a bounty abuser. Your list will kinda act as an open buffet for those people, giving them list of available telegram contact and the forum username associated to it.
But those risks are already present with or without your list. Anyone can easily scroll past a bounty spreadsheet or type "telegram username:" on the search field on ninjastic with specific forum username on the author field to basically get the same --if not more comprehensive-- result. So I don't think it's much of "an issue" because more likely than not, our username is already exposed "without our consent" by the bounty spreadsheets and telegram group we joined.