> The site’s only input fields accept license plate numbers (which are hashed client-side before ...

VladVladikoff • today at 4:18 AM • 4 replies • view on HN

> The site’s only input fields accept license plate numbers (which are hashed client-side before transmission and cannot be harvested)

License plates are trivially short, hashing them accomplishes no additional level of privacy if the hashes could be bruted in seconds on an antique GPU.

Replies

croes • today at 7:45 AM

They have indexed publicly available data. The privacy was long gone before you even entered a license plate number. Or do you think other actors didn’t have the same data but without a frontend to show it to you?

hibf • today at 4:30 AM

Technically true. Flock could present an unfounded argument that I might be brute-forcing my own security and privacy measures.

I think it'd sound pretty dumb.

➕ show 1 reply

TheDong • today at 5:46 AM

Being able to say "Our server never sees user-input license plate numbers", even though from a technical perspective the hash is just as identifiable, does have value. Even though it offers no additional privacy, it does let non-technically-minded users and so on feel safer, and that's valuable.

➕ show 2 replies

mceachen • today at 12:48 PM

https://en.wikipedia.org/wiki/Salt_(cryptography)

(Or https://en.wikipedia.org/wiki/Pepper_(cryptography) off you want to be fancy)

➕ show 1 reply

alt Hacker News

Replies