- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
…deleting records could cause big problems. Referential integrity across database tables simply wouldn’t allow it… it would cause a resonance cascade.
So, to get around the problem, a lot of places simply “overwrite” records when they are deleting them. They replace certain fields with garbage so the structure of the data remains, but the human elements are no longer present. At the heart of those “certain fields” are email addresses, the most widely used identifiers on all the web. And that, dear reader, is how we got to this cursed discovery.
I saw a discussion on the internet where someone mentioned that they deleted users in their app by overwriting their email addresses with
$somethingRandom.com. Mmm, I thought - I wonder how common of a thought process that is? I bet whoever ownsdeleteduser.comgets loads of emails!I decided to check it out, but to my genuine surprise - no one owned
deleteduser.com, so now I do.Source [web-archive]
Let’s say your deleted customer paid for some goods and you delete this data, how do you know what was sold, to what number of customers and for how much etc?
It’s true! We have to keep massive amounts of sensitive customer data that keeps getting leaked! Commerce is impossible without it! SQL predates money!
Once more, the customer identification data is striped out, there is nothing to leak, unless you have retain mandatory data. And yes, you have to have financial records for your company or how do you think it works?
Well, at least you solved leaks by pretending they never happen.
How do you suppose it worked before databases?
Do you think that ledgers stored customer data for everyone who bought anything?