It is hard/difficult to create a blog that will respect visitor's privacy while maintaining the same quality as most blog platforms here in Sweden. Harder than I thought it would be.

I need to plan more.


OK. I have some difficulties deciding how an email address will be saved in a comment.

I want to add a subscription feature for comments and in order to let the website send a notification to an email address, I need to store it in plaintext. But that can be a risk if the database gets exposed to the public.

I can't think of any other solution for this, but before I move on, I want to know what you guys and gals are thinking about this. Do you have any better solution?

Please, tell me! πŸ™‚

Β· Β· 4 Β· 1 Β· 0

@edgren why does it need to be plaintext? But if it really does, skip email entirely and provide RSS feeds for comments maybe.

@IslandUsurper I don't want to store email addresses in plaintext, but I don't have any other solution for it πŸ˜•

Oh! Good idea with RSS for comments. Thank you!

@edgren RSS for comments, or encrypted database and privacy policy stating that the email will be saved.

@jle Good idea πŸ™‚ Thanks! Now I have something to go on πŸ˜ƒ

@edgren It seems you have a solution that makes you happy (a comments rss feed?), but I'm still curious: What is/was the problem you are trying to solve? (Maybe from here in the U.S. I'm not familiar with your constraints, or maybe I also don't understand why encrypting an email address is a difficult thing.)

@MindOfJoe Yes, I have πŸ™‚

The problem was that I wanted to encrypt or hash the email addresses that people had in their comments. But at the same time, I wanted to let them subscribe to comments to get notified when an answer has been sent.

That would be difficult if I couldn't decrypt or de-hash the email addresses. First, the address was encrypted with the password of the comment. After a while, I changed to SHA-256.


So, in a comment/response post like this from me, @mindofjoe, to you, @edgren, if I also mentioned / cc: someone else's email address,, what are your responsibilities?

No need to respond -- I don't mean to distract you. I suppose I am just curious about what you are required to protect or want to protect.

@MindOfJoe According to GDPR, all email addresses are considered as personal data and should be stored encrypted in order to protect it from prying eyes.

Read more:

Here in Sweden, email addresses like are not classed as personal data, while are classed as personal data.

Read more:

No worries πŸ™‚ You don't distract me, and you should be curious. Otherwise, you would not learn stuff 😊

@edgren I've started to read the reference ~ thank you for the link! I'll revisit it this evening and maybe formulate some follow-on questions :-) #happysaturday!

@edgren do you mean like "to write a comment, please provide email, name and comment" as a means of account-less comments? (with comment and name being shown and email used for... Replies? I'm guessing)

Well depending on what tech stack you're using and if your target audience is developers, you might be able to use

For a non developer blog, best you can do is not ask for email or make sure you're using best practices for the database and server security.

@edgren the rss feed for comments is a good idea, but imo is a bit of a lot of work.

Assuming you're not against JavaScript as well, you could store a "subscription id" in local storage then build an auth-less system to get notifications while on your site (assuming the user doesn't clear their browser data)

Another idea is looking into web push notifications. Tho this will mean the user needs to 1. Have a modern browser (chromium or Firefox) and 2. Has to click yes to the pop-up

@edgren to clarify, rss feeds are a lot of work for the user who wants to consume it and is not the best UX.

@Metruzanca You mean it is a lot of work for the visitors to subscribe to the posts, comments, and/or tags?

@edgren yeah, posting a comment to the have to subscribe to a new feed per blog post they've commented on

@Metruzanca Thanks. I will add a RSS feed for all the comments πŸ™‚

@Metruzanca Good idea. Haven't thought about that solution. But since my visitors are not staying a long time on my blog (I assume), the chance of them getting a notification while on the website, are quite low.

If and when the visitors are staying much longer on my blog, I would consider adding your solution to it πŸ™‚

@edgren yeah, that solution assumes they're at least going to return to the blog.

@Metruzanca Hm. That is true. I'll add it to my todo list. Thanks πŸ™‚

@Metruzanca Thank you πŸ™‚ But I have already ruled out email address from my blog 😊

I have my own comment system that I've built by myself πŸ™‚ Please see to see the upcoming update. If you want to see how it looks like today, you can for an example go to

@Metruzanca I wouldn't use GitHub for my projects anymore, though, due to privacy invading features that Microsoft have added to GitHub (AI "poking" around in the source codes to check for errors and stuff). Plus, it's Microsoft. Nuff' said πŸ˜‚

My blog are built to be as privacy friendly as it can possibly get. For an example, no third-party things allowed πŸ˜…

But thank you for the tips 😊 Much appreciated πŸ™‚

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.