If Troy is giving access to information which is already free and publicly available on the web, it doesn't really matter who he gives access to.<p>He is free to choose whoever he likes, but if I were in his position, I'd give access to anyone and everyone. If the API starts costing too much money to run, I'd start charging money for it, and then allow anyone who can pay.
He’s talking about allowing governments to search for their own government domains.<p>The threshold should be “am I confident the user I’m giving access to actually owns the accounts.”<p>I don’t see an issue in allowing a terrible regime the ability to more efficiently see if it’s own accounts have appeared in leaked databases.<p>Maybe, maybe, maybe if there is concern the government will persecute the hackers in a way that violates human rights. Maybe.<p>At the same time “it doesn’t feel right” matters. If your moral compass tells you something is off, listen to it.