By encrypting the data on your db side, youre keeping malicious users from benefiting by grabbing that data. You’ve got a massive list of keywords in your possession that belongs to the users that inputed that into your system. You also know what keywords are successful and which ones are not. You shouldn’t be able to see them, nor should some script kiddy running some sql injection scripts, only the user.

I think you’ve got a really good model here — there are just way to many flaws to justify me dumping my keyword lists into it. I “trust” you — its your system I do not trust. Even if you gave this product away for people to use on their own servers, you should have encryption built into it.

Yeah if we did it, it would be closed sourced most likely, it could be potentially open source but I think we would try to limit it. It’s kinda a tough call we have some trade secrets with how we filter out data, and the formula would be seen by everyone, so its sorta like how coca cola builds their cola, and don’t tell anyone the recipe they use, we have a trade secret on filtering process which I developed and the whole system is based on that, and if it was visible it be a huge loss to us.

@ Dr Nick

I assume this only works if you have a landing page type setup correct? Where the user punches in a javascript key to encrypt it? I see what you mean, but wouldn’t users still feel at the end of the day that I we could potentially crack it if we really wanted to? Or would you argue not so much?

Basically, you need to implement/copy two javascript functions. The user gives you a public key, that you apply to encrypt any keyword or textual data in your tracking script that the user places on their pages. The user can verify that you are not passing on any additional information to your servers by looking at your js code.

Your second javascript function requires a private key that is entered by the user and stored client-side (i.e. a cookie) — something that is never passed to your server. When you display data, before you output any keywords or text, you call the decrypt function with the user’s private key.

e.g. “document.write(decrypt(’kjfvclaylsery’,$cookie_private_key));”

Your database can number-crunch just as it did before — it’s only on the HTML output that you need to add the decrypt javascript functions too. It shouldn’t even take long to implement.

If you need more clarification, feel free to send me an email on this (email in comment form).

@ Dr. Nick
Just to clarify, are you mentioning something like Derick’s idea, and each user would have a specific “encryption key” that encrypts and decrypts a user’s data? I’m not sure I understand exactly what you mean yet, am I on the right path?

@ Zin
Hey Zin, absolutely if you are planning on developing more tools for the industry I’d love to network and bounce off ideas, we have some more products that we like to launch and would be happy to network with another developer in the AM realm! My AIM is T202Wes if you want to contact me directly, would love to network.

@ Tim
Hey Tim, I actually like your idea that makes the most sense of what I’ve read so far, that it will be cracked, and then I guess the way is just to keep coming out with new updates so it will throw off the crackers (or just make it so everyone keeps upgrading), I think your on to something, that would probably be the only way to do it (depending on how fast I can come up and develop new features tho, lol, sometimes a feature can take me several weeks to just get it right.) But your model you mentioned I think would, that is the best way to potentially do it a self-hosted. We’re still not sure if were going to do the self-hosted, and honestly it would be 6 months to a year out but I think I’d be safe to say we’d run with your suggestion on releasing updates on a frequent level to make it inconvenient to really want to hack new version every time. Lol@ the UberAffliate comment on the commissions

—-

Hey thanks everyone for the comments and suggestions, they have all been takin heed, we are talking about a self-hosted but it is 50/50 between the other people I work with and everyone in unsure, I think it is obvious now that this is what the market is interested in, I think we will be thinking about this one for a long time, because it is going to have some dramatic long-term effects, both negative and positive in certain aspects.

I like your beliefs. I am also a programmer-affiliate marketer. I code in Ruby/Rails and attend Ruby events in London. Very much like yourself with PHP.

My aim is to learn to code as well as I can in order to build reliable affiliate marketing web apps for myself. I also want to release related Ruby plugins and foster an Open Source Affiliate Marketing community. Perhaps we can share code/designs in the future.

I’m going to check out Tracking 202 now. Thank you for making this freely available.

Zin

It requires a bit more setup on the user side, but it will at least provide them with a way of securing their own data themselves, plus you could prove that you do not have access to any meaningful data.

The beauty of it is that you would not need to change anything to your database calls, but you will need to develop some cookie-based javascript code for storing some algorithms & passwords defined by the user.