Account numbers and delinked transactions

When I first wanted to make Snout.nu, I wanted to try not to collect a lot of user data. Collecting a lot of user data is not good since the goal is to reduce the amount of data stolen in the event that a breach were to happen and to show respect to your users, even though this is Blogging as a Service.

Account numbers

I never questioned why people require E-mails to signup until recently. These were the most common reasons I found:

• Spam prevention: It's trivial to automate mass signups to a platform and with the rise of Artificial Intelligence, I do believe it will start to get a cat-and-mouse game where the developers (the "cat") attempt to try to implement more CAPTCHA services or spam detection tools like Akismet to stop the bots (the "mouse"). No system, whether it use Machine Learning or Generative AI, will stop spam. It can also discriminate against those with disabilities.
• Password recovery: One could argue Passkeys (or at least using a password manager) is more secure.
• Communication: I would love to use my own push notification service, rather than having it go through FCM or APNS, another service that I must rely on.
• Marketing and monetization: I do not like people sending me marketing mail nor do I want my E-mail sold to the highest bidder.

So, we moved to account numbers. If you're an existing user of this service, you've gotten the following E-mail:

Dear User,

This email informs you of a significant update to our authentication system and related data processing practices. To enhance security and further minimize the personal data we store, we are phasing out the existing email-based "magic link" login method.

Beginning today, you must use an account number to log in. We have generated an account number for you, which you will find below. Concurrent with this change, and in line with our data minimization principle, we are permanently deleting all user email addresses from our production database.

Your Account Number: [a bunch of numbers]

To proceed:

1. Go to snout.nu/login.
2. Enter your account number above.
3. Enjoy using snout.nu!

This change constitutes an update to our data processing activities under Article 12 of the GDPR, which requires us to provide transparent information about such changes. Our updated Privacy Policy reflects these modifications.

Going forward, on the notification front: you can choose to set a ntfy.sh URL of your choosing to get push notifications. On the login front, you can use passkeys. Passkeys are asymmetric login credentials stored on your device. Common examples are: Windows Hello, Apple Touch ID/Face ID, and security keys (e.g., YubiKey)

In the next few days, we will allow you to provide an E-mail (stored and hashed using bcrypt) as account recovery methods; although, it is not something we would recommend.

Delinked transactions

Snout.nu costs €5 per 30 days. You add "time" to your account, like at a trampoline park for how long you wish to jump for.

The base cost for the Service is 5 Euros per account for a 30-day period. Snout.nu operates on a pre-paid "time" basis; each payment adds a corresponding service period to your account.

We didn't want to keep payment logs, so how do we respect the right to withdraw and prevent chargeback fraud? In our database, we made a transaction model, with each transaction having the following:

• id: Random ID
• amount: Amount of euros (in cents)
• accountNumber?: Your account number, which is stored until the expiresAt is reached.
• createdAt: When the transaction happened. The date is kept but the time portion is purged when expiresAt is reached.
• expiresAt: When information which connects an account to a payment should be purged. expiresAt is purged when expiresAt is reached.
• method: Whether it was Cash, Credit Card, Cryptocurrency, etc.
• merchant: Which payment processor or store handled it?
• txn: Used primarily for Stripe but will also be used if/when more payment processors are added. This is the only link to personally identifiable information. This is purged when expiresAt is reached.

For this, we had to take (heavy) inspiration from services such as IVPN, Mullvad, etc.

So, how do we determine how long to keep a record for? Based on the risk of processing the payment. We classify each payment into three types:

1. Payment services with payment reversal (e.g., Stripe): In this case, it is stored for 120 days. This is the longest time a chargeback can be filed under normal circumstances with Visa and Mastercard.
2. Payment services through a 3rd party (e.g., a gift voucher): In this case, it is stored for 30 days. This allows for payment reversal initiated by the 3rd party.
3. Payment services we do not offer refunds for (e.g., cryptocurrency and cash): There is no reason to keep the data, therefore it is never linked to your account.

In short, these might seem like small details, such as using account numbers instead of emails, expiring transaction links, but they stem from a core principle: respect for user data is a feature, not an afterthought or something that should come at a premium.