Hello HN,<p>Regarding some upcoming elections, I want to create a website where people can "match" based on who they want to vote for. It's not a dating site, it's about finding a "procurator" to people who cannot vote the day of the election.<p>The profiles will only consist in some contact information and (optionally) for which candidate they want to vote. People will match in priority with those who want to vote for the same candidate (in this case, it's easier to trust that the person voting on your behalf will do the right thing).<p>I think I know well enough how to make the website secure, but I don't want to leave anything to chance: is it possible to somehow protect/encrypt this data so that if the database leaks no one can find who each person wants to vote for?<p>Thanks!
Well, the best way to protect that information would be to not store it at all.<p>Whenever they select a candidate to vote for, you would place them into match groups bucketed by score (based on their first/second/third choice), maximum group size, and some other criteria like signup date.<p>You end up with buckets of IDs that are known to match to some degree, and you would know enough to be able to say, "you matched with Bill because he wants to vote for your third choice candidate" without needing any idea about who that might be.<p>By limiting the sizes of the buckets, you limit the impact of knowing any particular member of the buckets' affiliations should a malicious actor get their hands on the data.<p>There's plenty of other precautions to take, storing the bucket data encrypted at rest, secure backups, separating bucket data from any PII.