Consider logging user phone number and/or name less frequently (or not at all)

[toolness]

Currently our logging output frequently mentions the phone number and/or name of our users, largely due to the fact that our JustfixUser.__str__() implementation includes them.

In the OWASP Logging Cheat Sheet, under "Data to exclude", it's mentioned that for "Non sensitive personal data (e.g. personal names, telephone numbers, email addresses)":

Consider using personal data de-identification techniques such as deletion, scrambling or pseudonymization of direct and indirect identifiers where the individual's identity is not required, or the risk is considered too great.

In the case of logging, I don't think it's especially required for us to mention the user's name and/or phone number; we could mention e.g. the user pk instead, and while it might make things a bit more annoying to read in some situations, it would still allow us to look up users in the admin (if e.g. we noticed a particular user was having lots of problems submitting a form).

For the most part this should just involve changing the implementation of JustfixUser.__str__(), and then changing a bunch of tests that rely on it (which would admittedly be annoying, especially since we can't really rely on a stable primary key during tests).

Update: Oh derp, we could just stringify the username, and set the username to a hash of the user's phone number instead of their actual phone number, which would de-identify it. And then tests could still rely on the stringification being stable too.