Newgrounds.com — Everything, By Everyone.

I've been building a user management system, and I use the email for login, so an email should only appear once in the database. This means, that when a person tries to register with an email that already is registered, it won't let them. But I see a privacy problem here. "Anyone" can try to register with victims_email@blah.com, and find out if they are a member or not. Hmm, let's see if tfulp@fast.net is a member of fatnakedchicks.com by seeing if it lets us register or not. Get the picture?

So my question to you is, if the email is already registered, how would you handle it, without giving away the fact that the email is already registered? I'm thinking of just giving them the same "success" page as if it was a successful registration, but without actually doing anything.

Why not just do user names rather than email addresses? User names are unique and won't cause any of the privacy issues that you want to avoid if someone was to register with that name and you can say "sorry, that name is already taken, please try another one" or something like that.

Yes, but even with unique usernames, the email still has to be unique for the password reminder to work. The password reminder I see on lots of sites is an even easier way to mine data, they will tell you either "activation link sent!" or "email not found", which is too much information to be giving out to people.

Nah, almost every membership software requires unique email.

You're fine - its not a big privacy issue.