I got nerd sniped with this and thought I’d send you my opinion:
( Feel invited to disregard )
I would imagine you can use an extra set of k/v pairs to assess that user/site combo’s existance.
essentially give yerself a namespace to be able to safely leave yourself breadcrumbs to be able to constrain userdata exposure and be able to predict the data a bit.
that way, jondoe-myinstanceone can be a different credential than billdoe-myinstanceone
create a key in which you enumerate which sites youve seen thus far. something like [myinstance]
and then create a key for myinstanceone with a val of [jondoe, billdoe]
(hashed somehow such that you’d not be obviously revealing anything to someone perusing datasets looking for ‘Oh Interesting…’ )
then you know which sites you’ve seen before
and you know which usernames already should have their own set of creds
and they’re all stored safely… because each value and each key is idempotently encyphered before it’s saved… so you have to decrypt it before you display it, but since most of the time you’ll be able to ask if there’s a match rather than asking for a list of things to display, the overhead of that isn’t quite as painful… as you only have to encypher the username and make the query which will tell you if that username is a value you’ve seen before for that domain, and therefore whether or not you have a credential stored for it…
without revealing anything meaninfully sensitive,
without overloading upstream things,
if you’re able to store a thing securely,
you’re able to store many things,
you’re able to store many distinct things securely,
then you have the foundational isolation necessary to be able to reasonably obfuscate the underlying data, without overcomplicating things too terribly much… the downside is that human readability of datasets becomes completely useless as a diagnostic; but that’s kinda the the point in certain areas, right? :)
anyways… hope this helps more than it doesn’t?
and if it doesn’t… well… mea culpa… at least maybe the knowledge that someone wanted to say thank you for making something cool and had an idea that might make your day a little easier, or might not, but I didn’t want to not offer my … uh… $.03…