User email addresses and anonymity

I have a client who has concerns about users email addresses stored in site database,
My options appear to be.

  1. get user to create a new email address to “disguise” their identity, moves the identifiable email address to somewhere else, no longer my problem
    easy for me, but effort for user
  2. remove requirement for user to have an email address,
    easy, a few lines of code does that but gives communication problems,password resets etc.
  3. create and use domain related email address e.g. [email protected],
    lots of hassle with this option client has to add email to their client etc.
  4. create forwarder on server
    also hassle and user email is still stored on server
  5. ? other options
    Is it possible to encrypt user email in database, as the password is, and for it still to be usable by the site

Why is this a concern? It’s a normal part of the site’s functionality, and just having something in the database doesn’t mean it’s accessible to anyone.

No. Passwords are not encrypted, they are hashed. The difference is that encryption is reversible, and hashing is not. The value that is stored for the user’s password cannot be “reversed” to get the original password, but this has to be possible for the email address since the site needs the original value.


It seems some people are “attached” to their email address and where they could be seen.
Having researched further, least effort is create login without email or let site user get themselves an other email address.
Best options seems to be

  • If you don’t want email address stored as part of user profile don’t use it, and put up with downsides
  • use an alternative email address
  • don’t sign up to the site.
    and that means I don’t need to get involved with any of it :slight_smile: