FrancescoSTL
commented
8 years ago On second thought, I'm unsure if it is entirely necessary to hash the data. The only potentially uniquely identifiable information we are collecting which may need encrypting is URL visited. Will revisit.
After determining what info we can collect while still remaining privacy-respecting, we need to encrypt that data. In this pursuit, we will salt+hash info before sending it to the db.
(lower priority) We may also need to send individual salt's from the db to the client each time the first "write" is requested in order to verify that no one is mucking up our db results. The likelyhood of someone caring enough to send us bad data is low, but this is something to consider at a minimum.