Setting the bar for government access to Have I Been Pwned

If Troy is giving access to information which is already free and publicly available on the web, it doesn&#x27;t really matter who he gives access to.<p>He is free to choose whoever he likes, but if I were in his position, I&#x27;d give access to anyone and everyone. If the API starts costing too much money to run, I&#x27;d start charging money for it, and then allow anyone who can pay.

He’s talking about allowing governments to search for their own government domains.<p>The threshold should be “am I confident the user I’m giving access to actually owns the accounts.”<p>I don’t see an issue in allowing a terrible regime the ability to more efficiently see if it’s own accounts have appeared in leaked databases.<p>Maybe, maybe, maybe if there is concern the government will persecute the hackers in a way that violates human rights. Maybe.<p>At the same time “it doesn’t feel right” matters. If your moral compass tells you something is off, listen to it.