On Fri, Jun 5, 2009 at 9:36 AM, Matt Lee<[email protected]> wrote: > I had a long chat with RMS yesterday -- he has taken a bit of an > interest in ensuring we store as little information that would be useful > as possible.
> Secondly, I wondered last night about the email address -- yes, we > require an email address to sign up for an account. However, do we need > to keep this email address on file? Probably not, was my opinion... what > do others think? You could require OpenID to login (most people have one, especially Internet socialites) and store only a secure hash of the OpenID provider string. That way, password recovery is passed off to somebody else and users are free to choose their own identity providers. If somebody subpoenas data, all they can do is brute-force the hash and then send another subpoena over to the OpenID provider. > On the subject of leaks -- we should err on the side of caution with > regard to leaked albums. There are sites like http://diditleak.co.uk/ -- > we should use that data and make up a blacklist of albums, and refuse to > log tracks from those albums, I think. I really don't think it matters. Why go through the trouble of checking against somebody's leaked albums list? If we just report the data coming to us, and strip anything that would be useful to prying eyes, we still don't present an appetizing target for subpoenas. Ryan _______________________________________________ Libre-fm mailing list [email protected] http://lists.autonomo.us/mailman/listinfo/libre-fm
