Re: [cdin] Re: Distributed Data

Alan Cox (alan nospam at redhat.com)
Wed, 10 Mar 1999 08:45:42 -0500 (EST)

>
> Rather than try to legislate compliance (how many spammers are going to
> abide by our terms?), simply don't collect e-mail addresses at all. If
> we want to notify someone of an improperly formatted entry, build an
> error response into the protocol and give the user notification that way.
> If we have a need for tracking entries, make it voluntary and allow the
> user to choose a handle and password via a web form (or build that
> into the protocol as well).

Old solved privacy problem. Take a hash of the users email address. MD5
is fine. Store that. Even publish it. Its useless to a spammer but its
wildly improbable you get a hash collision. You can now tie together
submissions but you can't get an email addr out of them without brute
force testing it. At which point you know the addr anyway

Also the person who knows the email (ie the submitter) can prove they
submitted the entry so long as MD5 remains a secure hash