How anonymous can it be? Sure, if you were dealing with a city-wide management company they can keep it somewhat anonymous but saying "John Smith, landlord at 123 Fake St" with the review on a set date is a pretty good indication of who left the review. Even for management companies it would not take a lot of investigation to find the reviewer.
For starters, they could hash every address with bcrypt and only show reviews to people who search for that exact address. Then they could hide the review pages from search engines (which they are currently not [0] doing). They also have no good reason to include the exact date beyond maybe the year, and even then they should let the user change it if they want to (haven’t checked if they do).
None of this would make the site lose its primary function, which is by their own admission to do a background check on the landlord you’re about to sign an agreement with.
That clearly wasn't the point they were making, they were just explaining why your suggestion of "only make it show to people who search for a specific address" doesn't do anything to limit the ability of landlords to look up reviews about themselves.
It does though. It eliminates the need to ever include an address in plaintext on the site, making it a lot harder for data harvesters to extract private information from it. Landlords likely won’t iterate through each and every similar site to search for reviews. At least not all of them.
Bcrypt has key stretching, brute-forcing every address in existence would cost a lot of CPU even for one city. How will the attacker get compensated for that?
You are only assuming one kind of attack vector, which is a landlord discovering this exact site. Whereas the more impactful scenario is a web crawler discovering this site, grabbing its content and making it Googleable, so that not one but every landlord can access it. Like I already explained 4 comments ago.
I honestly don’t get why I even have to explain this. The original question was how anonymous it can get. Any practice that reduces the amount of personal information, or the ease to access it, helps, period. Dismissing one because it doesn’t offer perfect protection is like not using condoms because they are ineffective against mono. There is no reason not to implement them - that is, if the maintainer actually cares about privacy.
If the site becomes popular e.g. "#1 Landlord Review Site" then everyone will be checking their reviews on it. If it's never popular and not used often then it doesn't matter if it's clear text or not.
I think you fundamentally misunderstand or have yet to convey how such a site would solve the problem of distinguishing “I am a tenant looking for reviews of a property” and “I am a landlord looking for reviews of my property”.
I never stated it does. You are the one driving at this point as if it were the only issue, or the most important issue, which it is neither.
What it does solve is the problem of this data being visible to every landlord who types the address of their property into a vastly more popular search engine known as Google. They need not even know of this site, it gets served to them on a silver platter.
And if you think a robots.txt alone solves that, you’re mistaken. A robots.txt is just a recommendation. Web crawlers are not obligated to honor it. The only way to solve it is to make sure the private data isn’t even there in the first place.
Seems like it’s a grudge-site, if your tenancy ended badly.
Regardless, if the info did get leaked or the landlord did some basic investigation, or the property was just small enough that the data pool was small, what’s to keep the tenant from litigation by the landlord?
I’m thinking about all those review-sites for hospitality where a bad review starts a whole lot of grief for the reviewer.
Yeah, anonymity in this kind of case isn't a technical problem, it's a social problem. I would never review a workplace on something like Glassdoor for the same reason; "worked in x department and wasn't happy" is easy to narrow down.
