I just watched back a little segment from this week’s video and somehow landed at exactly the point where I said “I am starting to lose my patience with repeating the same thing over and over again” (about 46 mins if you want to skip to it), which is precisely how I wanted to start this post. In running HIBP for the last 10 and a bit years, there have been so many breaches where people have asked for the data within them beyond just the email address to be made available. As I say in the video, I understand the reasons for the interest in the data, my frustration is when there’s an unwillingness to understand why that isn’t feasible, and for so many good reasons.
There’s a very simple course of action available for anyone that feels strongly enough about this to be critical of my not providing additional data: do exactly what you would have done had I not loaded anything about this incident into HIBP. Of course, this simply then amounts to “ignorance is bliss” whereby your data is out there but you choose not to know about it, which can also be achieved by unsubscribing from the HIBP notification service. But complaining because I’m unwilling to take on huge amounts of additional overhead and risks whilst running a service on a shoestring that the vast majority of people use for free is just not cool. Alrighty, that feels better, here’s the video 🙂
References
- Sponsored by:Â 1Password Extended Access Management: Secure every sign-in for every app on every device.
- It’s not too late to get your ticket to NDC Oslo next week! (opening keynote + 3D printing talk with Elle = MEGA WEEK!)
- The Ticketmaster / Santander / Snowflake drama is still unfolding (I’ll keep that thread updated as anything more substantial comes to light)
- Another 361M records from combolists scraped out of Telegram went into HIBP (most people who were notified about this were appreciative of the effort 🙄)