@boots Couldn't you sorta brute-force the reporter's handle by just hashing all the account names on that instance though?

@indi add a long salt to the full handle. bam.

@boots @indi just like cooking and esports spectating, any crypto problem is better with salt

@boots Good idea! I think the simplest way to do this might be for each instance to have a random secret, and replace the reporter's username with an HMAC of the secret and the username.

@jamey yeah, i was just thinking
sha-[good number] "[salt][username][salt?]@[instance]"

@boots I think that's OK as long as the "salt" is kept secret (so it's not exactly a salt, right?) and unchanged every time that user files a report, but I'd feel more confident using a standard crypto construction such as HMAC. If the salt isn't secret, then it's easy to guess-and-check which username hashed to that UUID. If it is secret, then using the same one across a whole instance should be safe. ...I think.

@jamey i think salts are suppsosed to be secret by default but iunno

@boots Maybe you've seen a usage of the term I haven't, I don't know either! In hashed passwords the salt has to be stored in cleartext along with the hash or you can't check the password later. But I'm just nitpicking terminology now, I think.

@superbranch it should federate like a direct message and not like a boost though (only have it go to admin)

@boots I think that is a choice that can be made at both the instance and client UI levels