Now everyone just needs to send their email addresses to HIBP, i.e., email HIBP, so he can connect these identities with IP addresses and working email accounts. For peoples' protection of course.
After everyone "has been pwned" then there is no need for HIBP. The answer is always "yes". Yet I am certain sites like "HIBP" will never go away. Something about email marketing.
Some HN commenter(s) will inevitably try to defend HIBP. But this comment also refers to sites "like HIBP" that use data breach dumps opportunistically to generate web traffic, collect IP and email addresses. Some folks just do not see what is wrong with the idea.
The offline lookup is just for passwords (the pwned passwords service) and is used to prevent people from using known breached passwords.
There is no offline availability for the Have I Been Pwned data on which emails were present in which breaches. Access to thus data is rate limited and paid API keys are needed for bulk access.
The downloads are the way to go IMHO. But this is coming a little too late. "HIBP" is already making money from "paid API" and other commercial nonsense. Profiting from data breaches. While posing as a hero, catering to a dedicated following. This is, IMHO, everything that is wrong with the web.
The issue I am raising is not whether a particular website operator claiming to be in posession of data breach dumps, that any web user can download themselves, is "trustworthy" or not. The point I am raising is the unnecessary data collection. If these downloads were available from the website from day one, then there would be no "paid API" nor partnerships with so-called "tech" companies or HN HIBP following. There would not be "HIBP" proponents trying to suppress any criticism of it, defending its every move despite its past mistakes. Most importantly, there would less/no need for "trust".
HIBP is a particularly ugly symbol of the problem of web intermediaries/middlemen and everything/anything "as a service". As expected, HN commenters will not like this viewpoint as they may themselves be trying to profit from such intermediation and the data collection it enables. They may have even convinced themselves they are doing good.
Just think about it: HIBP hinges on a person doing his stuff, putting in his time and finances. That affects personal life. However that is a very valuable utility that guy is doing. Good that CF donates cache and help is here and there... but do you think you would have managed that service better?
Would it have been better if HIBP was sold and managed by a real company? Who knows. But long term it is of course healthier if HIBP isn't affected by a single person personal life situations.
Using data breach dumps to get web traffic and IP/email addresses under the guise of "helping" is lame. Then partnering with so-called "tech" companies that collect data as a "business". Data collection is the cause of the problem not the solution.
After everyone "has been pwned" then there is no need for HIBP. The answer is always "yes". Yet I am certain sites like "HIBP" will never go away. Something about email marketing.
Some HN commenter(s) will inevitably try to defend HIBP. But this comment also refers to sites "like HIBP" that use data breach dumps opportunistically to generate web traffic, collect IP and email addresses. Some folks just do not see what is wrong with the idea.