When we implement secret votes, we should be obfuscating usernames so that they are not plaintext in the database. Consider using something like a sha sum to compute unique identifiers that aren't directly human readable.
This won't make it impossible to read who voted what, but it will make it into an effortful and willful act, so someone going in to do maintenance or accidentally reading the db would not unintentionally learn of such.
When we implement secret votes, we should be obfuscating usernames so that they are not plaintext in the database. Consider using something like a sha sum to compute unique identifiers that aren't directly human readable.
This won't make it impossible to read who voted what, but it will make it into an effortful and willful act, so someone going in to do maintenance or accidentally reading the db would not unintentionally learn of such.