Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I've had several companies ("data partners" they call themselves) approach us to add these scripts to our websites. All of the ones I've seen use MD5(email) for the "anonymous hashing". I mentioned our privacy policy doesn't allow us to give out user emails, and their marketing guys never seem to understand that MD5(email) is basically the same thing. I even made a video example https://www.youtube.com/watch?v=ViCjzJpEaJw that failed to convince them.


> video example

Computerphile recently did a similar example of cudahashcat using a variety of strategies to break passwords. Their goal is to scare people into using better passwords, but the principle is identical to de-anonymising emails. Maybe it can help convince stubborn people?

https://www.youtube.com/watch?v=7U-RbOKanYs

If nothing convinces the marketing guys, maybe it's time to pull rank and ask to see the CS degree they are basing their opinion on?


I would be surprised to learn that a CS degree outranks a marketing role in a lot of organizations responsible for this kind of nonsense.


I'd like to know what happens if next time you end by asking for them to send you "a password you don't consider important."

If they're interested in the truth, that'll be a pretty convincing illustration.

(For any avoidance of doubt - this comes say after explaining what the score is)


Upton Sinclair once said “It is difficult to get a man to understand something, when his salary depends on his not understanding it.”


Gold.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: