The downloads are the way to go IMHO. But this is coming a little too late. "HIBP" is already making money from "paid API" and other commercial nonsense. Profiting from data breaches. While posing as a hero, catering to a dedicated following. This is, IMHO, everything that is wrong with the web.
The issue I am raising is not whether a particular website operator claiming to be in posession of data breach dumps, that any web user can download themselves, is "trustworthy" or not. The point I am raising is the unnecessary data collection. If these downloads were available from the website from day one, then there would be no "paid API" nor partnerships with so-called "tech" companies or HN HIBP following. There would not be "HIBP" proponents trying to suppress any criticism of it, defending its every move despite its past mistakes. Most importantly, there would less/no need for "trust".
HIBP is a particularly ugly symbol of the problem of web intermediaries/middlemen and everything/anything "as a service". As expected, HN commenters will not like this viewpoint as they may themselves be trying to profit from such intermediation and the data collection it enables. They may have even convinced themselves they are doing good.
Just think about it: HIBP hinges on a person doing his stuff, putting in his time and finances. That affects personal life. However that is a very valuable utility that guy is doing. Good that CF donates cache and help is here and there... but do you think you would have managed that service better?
Would it have been better if HIBP was sold and managed by a real company? Who knows. But long term it is of course healthier if HIBP isn't affected by a single person personal life situations.
The issue I am raising is not whether a particular website operator claiming to be in posession of data breach dumps, that any web user can download themselves, is "trustworthy" or not. The point I am raising is the unnecessary data collection. If these downloads were available from the website from day one, then there would be no "paid API" nor partnerships with so-called "tech" companies or HN HIBP following. There would not be "HIBP" proponents trying to suppress any criticism of it, defending its every move despite its past mistakes. Most importantly, there would less/no need for "trust".
HIBP is a particularly ugly symbol of the problem of web intermediaries/middlemen and everything/anything "as a service". As expected, HN commenters will not like this viewpoint as they may themselves be trying to profit from such intermediation and the data collection it enables. They may have even convinced themselves they are doing good.