assuming a reasonable ratelimit, say 100 lookups per day (maybe some exceptions if the lookup results in an account that already has you in contacts, idk) - this would significantly reduce the amount of scraping that can be done.
contact lookup is a required function of whatsapp, the issue this paper highlights is that there is no protection against mass scraping
Wouldn't that be the exact same privacy problem in effect? What's the practical difference between ineffective and no rate limiting?