Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How are you planning on proving that no records are kept? I'm currently engaged in a project that takes privacy very seriously and that also makes that very promise (amongst others). I would be very interested in hearing about your approach.


delete from orders, customers where...

There will never be a way to prove the records are gone. It's all based on trust.


A huge pile of escrowed cash, held against any release of records (inadvertent or otherwise), does seem to be a way of moving some of that trust around.


The only way I could think to do it would be to have it process the transaction in memory and never store the data at all. Make the running code open source, and make it hashable in some way so that when you visit the site, you could tell if the current running version is the same as the one in the code repository.


Hashing the code wouldn't help. In fact, nothing besides simply not processing any transactions would.


How about simple audits to make sure you're not keeping records? Your customers could even nominate a representative to be present during the audits.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: