Comments on: When Privacy and Law Collide http://mickc.whizardries.com/archives/2008/06/03/when-privacy-and-law-collide/ "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech." Fri, 25 Dec 2009 02:15:57 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: John Engler http://mickc.whizardries.com/archives/2008/06/03/when-privacy-and-law-collide/comment-page-1/#comment-67876 John Engler Mon, 09 Jun 2008 04:15:17 +0000 http://mickc.whizardries.com/?p=769#comment-67876 In July 2007, the FTC held a public hearing about spam, and during that hearing Scott Richter of Media Breakaway LLC, asked the FTC to comment on this same topic, and they confirmed this same thing then: hold on to unsubscribes forever. If someone unsubscribes, you should make sure you don't mail them again... But that doesn't mean the data has to be held in plain-text. It could, and should probably be hashed before being stored, and used in that format (MD5 or SHA-256 would make the most sense - MD5 being most prolific among email service providers, and SHA-256 being the next format that we'll all move to after we all start using MD5 across the industry). If you store addresses in a hashed form, they can never be used to actual mailing, and are typically pretty secure, and this need not cause any privacy concerns. In fact, I'd love to see everyone store suppression lists in MD5 or SHA-256 going forward. It'd sure save us all a lot of time and effort dealing with suppression list abuse. In July 2007, the FTC held a public hearing about spam, and during that hearing Scott Richter of Media Breakaway LLC, asked the FTC to comment on this same topic, and they confirmed this same thing then: hold on to unsubscribes forever. If someone unsubscribes, you should make sure you don’t mail them again…

But that doesn’t mean the data has to be held in plain-text.

It could, and should probably be hashed before being stored, and used in that format (MD5 or SHA-256 would make the most sense – MD5 being most prolific among email service providers, and SHA-256 being the next format that we’ll all move to after we all start using MD5 across the industry).

If you store addresses in a hashed form, they can never be used to actual mailing, and are typically pretty secure, and this need not cause any privacy concerns.

In fact, I’d love to see everyone store suppression lists in MD5 or SHA-256 going forward. It’d sure save us all a lot of time and effort dealing with suppression list abuse.

]]> By: Suppression lists at Word to the Wise http://mickc.whizardries.com/archives/2008/06/03/when-privacy-and-law-collide/comment-page-1/#comment-67873 Suppression lists at Word to the Wise Wed, 04 Jun 2008 13:25:25 +0000 http://mickc.whizardries.com/?p=769#comment-67873 [...] has a post up about how long senders must hold on to that suppression list.  « EEC [...] [...] has a post up about how long senders must hold on to that suppression list.  « EEC [...]

]]>