|
|
|
|
|
|
by Terr_
2870 days ago
|
|
|
One possible approach is to relax the gate-keeping guarantees, so that every "wait for email and click the link in it" exchange allows the user to create one new account which is not scoped to their work-email address but simply associated with the company-name. (Like almost all privacy, this requires some basic "we're not recording that" choices by the social-media site.) During the creation process, the user gets the option to set a non-work email for password-recovery etc. The main risk of this scheme is that a single jdoe@acme.corp could easily create a thousand sock-puppets or "give" new accounts to people who don't work at the same company. This can be minimized by only allowing a corporate e-mail address to be used once, but that does mean keeping lists of which users in a given company happen to have accounts, even if a direct email-to-account link doesn't exist. (It seems pointless to hash the "already used" emails for privacy, since the search space is so small.) |
|
|
You should probably put in some extra work to make sure that people really are anonymous, e.g. you could make the Blind server a Tor hidden service, forcing people to connect to it using Tor and therefore not revealing their IP address. Basically making sure that Blind is not even accidentally exposed to any personally identifiable information.