If you log out and log in, it takes your email and password. So they keep your email, or a hash of it. Then even when you think you can change username, it still shows all your previous posts and messages with old usernames. If emails are hashed (and even salted), it's entirely possible for Blind themselves to brute force the hashes given companies' email follow a well-known pattern and has limited number of chars and are mostly names. Of course they could have made this easier by just storing plain text. How is this anonymous. Also when you try to delete account by following the FAQ, it doesn't actually delete anything and simply logs out of the app. You log in and everything is still there. There's no way to actually delete the account, even if you manually delete all the posts. How is this transparent and respecting our privacy as they claim. Don't forget the recent incident where they actually store plain text emails. At this point I can't even.
No way! Next you'll be telling us that Facebook can read my Private Messages. How is that private?!
OP is correct. I would add that they also capture the device ID even though their FAQ says they don’t. “our user accounts live in an entirely separate database. We don’t ask for access to your location, device IDs, contacts or anything that could potentially risk your privacy.”
If you forget your password, blind lets you reset, and still get associated with all your old posts/handles, then I can’t think of a way they can hide your identity.
They probably have the email addresses stored using (an unsalted?) hash function. Probably suceptible to a brute force attack but it's better than nothing. I can't imagine many hackers putting in the effort to crack which email address is associated with which blind username. It's like the lock on your front door, it's hardly that secure, but we still rely on it because thiefs will only rob us if we have no protection or we have something very valuable. Blind's email addresses aren't very valuable.
This is wrong. I had to create a new account because they said it was impossible to find my password even with access to my email address. I created a new account with the same email and it has no activity history.
I think it is a hash with your email and password combined (concatenated). It would be dumb to store a hash for email and another for password.
then how do you handle password change?
Update UserTable Set Hash = @newhash where userid = @userId or Update UserTable Set Hash = @newhash where hash = @oldHash