Yep, I appreciate your comments here. I mean my comment as a generality. And I think that any press release such as this one could put the hashing mechanism in small print at the bottom, or in a link, without confusing the average reader. We shouldn't have to turn to HN to find it.
Why do you feel that a private company that is communicating with the press and it's users has any obligation to also inform in the same way (the blog post or press release) hackers and security personnel that would like to know the answer to these questions?
Disclosing these things is nice of course but it's not core to kickstarters business in terms of people who use kickstarter (projects or consumers).
Also be aware that in business there are a ton of behind the scenes things I would like to know that would help me. [1] And if your argument is that security information disseminated is helpful to all that's fine and is correct. So that can be disclosed at the companies discretion. But they have no obligation and aren't going to lose business because security people are mad at them or people on hacker news think a certain thing should have happened.
[1] For example more details on the Comcast merger and the back and forth. But Comcast is not in the business serving it's customer base by giving me info that is helpful to me.
I disagree. They do have obligation to tell me how my privacy is being protected. Morally at least. How the passwords and other sensible data are stored should be noted somewhere in the website. This applies to any site, not only kickstarter.
