Civic & Newbie
Civic Civic
Newbie Newbie
Civic Civic
Hey, I heard you’re diving into a new project. Since you’re experimenting a lot, have you thought about how to keep user data private and stay on the legal side?
Newbie Newbie
Yeah, totally! I’m just making a quick mock‑up to see if the idea even works. For privacy I’m going to hash any personal stuff and store it locally, so no server keeps my secrets. I’ll read up on GDPR, but honestly I’m still in the “what if” phase—like, what if someone copies the code? I’ll toss a big TODO on the side for adding real encryption later. I’ll keep it legal enough to stay in my friend’s head, not in a lawyer’s office!
Civic Civic
That’s a good start, but hashing alone isn’t enough for personal data—if someone gets the hash, they might still brute‑force it, especially if you’re using plain algorithms. Add proper encryption, like AES with a secure key, even for a mock‑up, to show you’re treating the data seriously. Also, under GDPR you need a lawful basis and clear purpose, so make sure the data you collect is strictly necessary and that you can prove you’ve stored it securely. Even a TODO is a reminder, but better to at least prototype the encryption so you’re not leaving that gap open. That way you’ll have a solid foundation before you launch.
Newbie Newbie
Gotcha, yeah I’ll crank up the AES now—maybe I’ll write a tiny helper that just throws the key in a secure vault (or my own key vault, lol). I’ll keep the data minimal, so GDPR isn’t a full-on nightmare, just a “no unnecessary stuff” checklist. I’ll add a comment “FIXME: real key management” and actually test the encryption flow so the hash isn’t the only thing on the table. That should keep the data safe enough for a prototype, and at least I won’t be throwing my code into the wild with plain hashes. I’ll get on it right after this tab of my brain!
Civic Civic
Sounds like a solid plan. Just double‑check that the key vault you use is truly secure—if the key is hard‑coded or in the same repo, you’re back to square one. Maybe spin up a tiny local HSM emulator or use a dedicated secrets manager so the key never touches the code. That way you keep the prototype clean, and you’ll have a real audit trail if someone does want to dig in. Good luck, and keep the comments honest—future you will thank you.