Exclude table `users` from the database dump

[ShoshinNikita]

Table users contains sensitive data such as email and name. I'm not sure it's a good idea to include this information in the publicly available database dump.

[ShoshinNikita]

The simplest solution is to remove sensitive data just before uploading database dump to Dropbox:

echo "Cleaning up the database..."
echo "DROP TABLE IF EXISTS upload_tickets;" | sqlite3 $TARGET_FILE
echo "DROP TABLE IF EXISTS queue_messages;" | sqlite3 $TARGET_FILE
+echo "UPDATE users SET email = '<redacted>', name = '<redacted>', picture = '<redacted>';" | sqlite3 $TARGET_FILE
echo "VACUUM;" | sqlite3 $TARGET_FILE

[Gregory108]

@umonkey I think, this is the most important feature at this stage. Without it I cannot tell the world (I know of the similar tree-protection movement in Argentina) about the database and even cannot in good consciousness say people it is safe to do what we do. Participants' data must be protected (and deleted from earlier dumps) as per GDPR.

• [ ] as a stilt, limit access to the daily dumps only to you and me
• [ ] remove PII form newly generated database dumps
• [ ] remove PII from historic dumps on Dropbox

What is necessary for that feature?

[umonkey]

Since the users table doesn't contain any other information than what was considered private, I just removed the whole table from the dumps. New dumps don't have this table. Old dumps were deleted. We have the history of changes in the database, so a history of dumps is not needed.