[bsza]

For starters, they could hash every address with bcrypt and only show reviews to people who search for that exact address. Then they could hide the review pages from search engines (which they are currently not [0] doing). They also have no good reason to include the exact date beyond maybe the year, and even then they should let the user change it if they want to (haven’t checked if they do).

None of this would make the site lose its primary function, which is by their own admission to do a background check on the landlord you’re about to sign an agreement with.

[0]: https://www.google.com/search?q=Aberdeen+St%2C+Chicago%2C+IL...

[saagarjha]

Guess what every landlord is typing into the search bar of this site

[bsza]

And because of that let’s expose everything to Google Search so landlords don’t even need to know about this site?

[swores]

That clearly wasn't the point they were making, they were just explaining why your suggestion of "only make it show to people who search for a specific address" doesn't do anything to limit the ability of landlords to look up reviews about themselves.

[bsza]

It does though. It eliminates the need to ever include an address in plaintext on the site, making it a lot harder for data harvesters to extract private information from it. Landlords likely won’t iterate through each and every similar site to search for reviews. At least not all of them.

[baby_souffle]

> Landlords likely won’t iterate through each and every similar site to search for reviews. At least not all of them.

It only takes one. And if it’s been automated, you’ve just made it plain text but with extra steps.

[bsza]

> if it’s been automated

Bcrypt has key stretching, brute-forcing every address in existence would cost a lot of CPU even for one city. How will the attacker get compensated for that?