mfb
commented
11 years ago For analytics, it would be nice to store an HMAC of each email address and key fingerprint interacting with the bot. Depending on the privacy policy, this could be an HMAC with non-rotating salt which would allow encryption adoption/bot usage to be measured accurately over a long period of time, or an HMAC with rotating salt like Cryptolog uses, which would prevent someone who had access to the HMAC and salt from looking up whether or not a user has interacted with the bot.
micahflee
We should have usage analytics. At the very least the number of emails the bot reads, but at most the properties of each email that was sent. That way we can say x people sent us plaintext emails, y people sent is perfect encrypted and signed emails.
0.2 probably? Though just keeping logs (in an analytics-friendly format) shouldn't be too much work to implement.