[artas_bartas]

Regarding the IP addresses, we use bcrypt algorithm, obviously with salt, to obfuscate IPs and since we're hosted in Germany, gettings hands on these entries the legal way is a long process.

To address the problem of spam, we have already implemented a combination of selective captchas and Akismet filter running in the background.

We also use name entity extraction algorithm to obfuscate any names we identify in the submitted reports. It takes a couple of minutes and is not 100% proof, but at least reduces the risk of names being called.

The major problem that we are thinking about, however, is how do we structure the "vetting", given that reports are sometimes hard to verify without first hand knowledge of situation.

So far we tried to analyze how one goes about these things in real life and recreate natural constraints in the virtual space. The fact that we require every report to be geo-tagged works to our advantage in this situation.

As a practical example, ordinary people usually do not have access to president's palace, so if someone claims to be paying a petty bribe there, it is obviously a fake and we would automatically suspend such report.