I'm working on a web application that allows users to create multiple identities. The data is structured (in NoSQL) such that each user has a user
document and several alias
documents. Alias ids are stored on the user document, but user information is not stored in aliases.
user123: {
aliasIds: [MikeMain, Anon]
email: '[email protected]',
...
}
MikeMain: {
name: 'Mike',
catchPhrase: 'Always remain hydrated'
}
Anon: {
name: 'Unknown',
bio: 'Purposely left blank'
}
This structure allows users to create content using an alias that does not link back to their user document. There is no way for other users to find out which aliases are controlled by the same person by examining data loaded in the client.
However, in the event of a database breach alias anonymity is lost.
My question is: how can I store this data so that even if a malicious third party had access to the whole database, they would not be able to figure out which user owned which alias?
You could create a new record for each alias. Then you encrypt the ID of that alias record via a encryption key that is in CODE not in DATABASE, then save that encrypted alias record key to the primary profile's record/data. This way, a compromise of DB will not compromise the anonymity of the profile because they would not have the key to decrypt.