Minimal user data storage

[hebron-george]

What's the minimum amount of data we need to store you think? It defeats the purpose of removing user data from the internet if we end up storing user data ourselves. I know some schemes exist where you can store some kind of identifier without storing private user data somehow. Like with Apple's way of letting apps identify you by some kind of token.

[hectron]

That's a good question! I'll need to deep a little deeper into Apple's Privacy practices, but I think it's good to start thinking about it.

My initial thoughts on this are that this will really impact the user experience of this project, so we should talk through how we're going to approach the UX.

If we don't much information about a user, then things like searching for a user and auto-matching them might be a little tricky. That said, I don't know if this is a bad thing at all or even a blocker of any kind.

Let's break it down into two approaches.

Approach 1: storing some user information

We would encrypt all the user information (everything is considered PII), so that their information is encrypted at rest.

If we only store something like a name, age and state, we will be able to drill down on potential results and have to let the user confirm which one of those entries they are. This was going to be the original approach.

It'd be nice to give the option to delete any PII that we might have on the user after the user has opt-ed out of whatever services they're looking for.

Approach 2: storing almost no user information

If we decided to not store any user information (besides maybe their e-mail for login), we'd provide a list of data brokers, each entry having a link to search and a link to opt-out.

The user would have to manually say "I've opted out of this", and we can keep track of those (and do reminders based on this).

[hectron]

Thinking about it this way, I almost feel like it would be a good idea to start with approach #2, and build out #1 as we go along.