Sunday, February 12, 2012

Hashing for privacy in social apps

Following Path's contact fiasco, Matt Gemmell said he discovered that many developers aren't familiar with hashing, so he decided to put up a post about it. The article aims to introduce the concept of hashing in a clear, straightforward, and no-degree-required way, suitable for journalists and casual readers as well as programmers and software engineers.

His final thoughts on it is summarised below and is a recommended resource for developers implementing social networks:

  1. Educate yourself about hashing; it’s real, and very useful. Use hashing for personal info. Do the hashing client-side, and only upload hashed data for comparison on the server.
  2. Delete the hashed data after you’ve done your fancy friend-matching stuff, because your users value their privacy, and you probably don’t even need to keep the data anyway.

As for journalists or other non-developers writing about social media and privacy:

  1. Know pretty much what hashing is, at least in terms of the Incredible Magic it lets you do.
  2. Realize and understand that privacy and social features are not mutually exclusive. Don’t pull that ignorant false dichotomy bullshit; it’s factually incorrect and laughable.

No comments: