Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Best Practices For Collecting and Storing User Information?

Posted by Unknown on from the design-by-committee dept.

New submitter isaaccs writes "I'm a mobile developer at a startup. My experience is in building user-facing applications, but in this case, a component of an app I'm building involves observing and collecting certain pieces of user information and then storing them in a web service. This is for purposes of analysis and ultimately functionality, not persistence. This would include some obvious items like names and e-mail addresses, and some less obvious items involving user behavior. We aim to be completely transparent and honest about what it is we're collecting by way of our privacy disclosure. I'm an experienced developer, and I'm aware of a handful of considerations (e.g., the need to hash personal identifiers stored remotely), but I've seen quite a few startups caught with their pants down on security/privacy of what they've collected — and I'd like to avoid it to the degree reasonably possible given we can't afford to hire an expert on the topic. I'm seeking input from the community on best-practices for data collection and the remote storage of personal (not social security numbers, but names and birthdays) information. How would you like information collected about you to be stored? If you could write your own privacy policy, what would it contain? To be clear, I'm not requesting stack or infrastructural recommendations."

5 of 120 comments (clear)

  1. Just don't do it by sublayer · · Score: 5, Insightful

    Best practice from my perspective: do not collect the data at all.

    1. Re:Just don't do it by puterguy · · Score: 5, Insightful

      If you really feel the need to collect personal data and you *truly* care about the privacy concerns and needs of your customers, then don't go burying such disclosures in a privacy statement that the average user is unlikely to ever see let alone read.

      If you truly care about privacy, then either require the user to *opt-in* to such sharing or prominently display the lack of such privacy on the initial splash screen.

      Burying the collection of personal data in the middle of some lawyerly gobblygook privacy statement is like mortgage lenders burying key terms in the middle of 100's of pages of documentation. Yeah, it's legally there but no one is actually going to read or understand it.

    2. Re:Just don't do it by davester666 · · Score: 5, Funny

      Yes, just store the data in plaintext, in a mysql database connected directly to the internet.

      Bonus points if you create mysql users for each unique user and use their username/password to authenticate connections to the database.

      --
      Sleep your way to a whiter smile...date a dentist!
  2. OWASP by FormOfActionBanana · · Score: 5, Informative

    OWASP has guidance; for instance, here: https://www.owasp.org/index.php/IOS_Developer_Cheat_Sheet#Insecure_Data_Storage_.28M1.29

    From https://www.owasp.org/images/5/5e/Mobile_Security_-_Android_and_iOS_-_OWASP_NY_-_Final.pdf
    2. Insecure data storage
    Solution
      Avoid local storage inside the device for sensitive information
      If local storage is “required” encrypt data securely and then store Use the Crypto APIs provided by Apple and Google
      Avoid writing custom crypto code – prone to vulnerability

    --
    Take off every 'sig' !!
  3. Book of best practices by Okian+Warrior · · Score: 5, Insightful

    In the US, we have the National Electrical Code which explains in clear detail how house wiring is constructed.

    Following the code a legal requirement in many (most?) states, but from the point of an electrician it's a "book of best practices". Use this gauge wire for this current, staple the wire within 6" of the box, and so on. The code gets revised and added to over time as questions crop up and new technologies get added and people get more experience.

    There's a reason for everything. For example, the light in a bathroom should be on a separate breaker from the outlet next to the sink. It makes sense in retrospect, but this is not something that is obvious beforehand.

    It's very detailed, but also very clear. Homeowners routinely understand the instructions and are able to make simple repairs and modifications to their home wiring which conform to the code.

    We throw a lot of "best practices" around here as if they were simple and obvious at the outset, but maybe they're not. Hash your passwords, salt the hash, sanitize the form inputs, don't keep CC info... lots of best practices which in hindsight make sense but which aren't necessarily obvious beforehand.

    Most web apps have common requirements for login, identity management, privacy, various forms of functionality, and so on.

    Should we have a "book of best practices"?