[dustinmoris]

> One thing I want to be crystal clear about here is that the $3.50 fee is no way an attempt to monetise something I always wanted to provide for free.

If this was true, then all revenue made from those 3.5 would get donated to a worthy cause, not donated into Troy's own pocket. I am not saying that he shouldn't monetise it, but please let's be honest about it.

> The point is that the $3.50 number is pretty much bang on the mark for the cost of providing the service.

The cost of the service is the actual final bill which has to be paid for this service, taken into account all the free credits Troy gets as a Microsoft Regional Director, free credits for hugely advertising Azure at every occasion, free credits from Cloudflare for constantly advertising for them, the tax which he doesn't pay as a registered company, etc. divided by the actual amount of customers who use the API. This cost could be much more, or significantly less than $3.5. If Troy wanted to be more transparent then he could, but given that he is very secretive and very selective about the bits of information he shares around all of this, my guess is the cost is much less than what Tory makes everyone believe.

Overall I don't think it is ethical to monetise a service which is built on stolen data. There is a good chance that Troy holds data on me, my parents, my sister, wife and lots of other people who's data have been breached over the years and have no idea who Troy is, what the heck HIBP is or even know how to contest or request from Troy to remove their data from his service, yet it's being used for monetisation.

There was never a consent from anyone to hord our data. It's stolen, and only because stolen data is easily discoverable on the internet doesn't make it alright to actively search, store and monetise that data. It's still stolen and should get deleted from everywhere.

[jtbayly]

This is such a clearly useful, legitimate service. You cannot tell the bad guys to delete your data. The next best thing is to be alerted when your data is found in a bad guy’s trove.

[wolco]

Just because you have a legitimate reason doesn't mean everyone does.

There are no bad guys just selfo serving people.

[jtbayly]

As I've said elsewhere in this thread, I've come to realize that giving other people the ability to mine my data is definitely different than what I understood this service to be about. However, it's apparently what he does. And now he charges for it. I definitely see a problem here.

Of course, if there's no bad guys, I guess you don't see any problem. That's one weird point of view.

[dustinmoris]

It's not that clear cut unfortunately.

What do you really know about Troy and his service? Really just what he wants you to know.

For example, Troy stores extremely valuable information about millions of people without their consent. A lesbian women in the Arabs, who might have had her credentials breached on a gay forum, who also has a gambling addiction and had her password breached on a gambling website and on another dating website for prostitution services might not want some Aussie guy selling all that information about her to anyone who pays him money. There is nothing, absolutely nothing ethical about this!

My sister does not know anything about Troy, I showed her his Twitter profile and the first things which stood out to her:

- Old man

- Orange skin like Trump

- Loves to show off outdated cars

- Making occasionally snarky comments about Indians, Indonesians and other Asian people, always suggesting that anything illegal is coming from those countries

- Constantly tries to self validate himself by bragging with something expensive he's recently bought in life

- Very capitalistic and money focused individual

It's not great optics for people who have never seen his blog. His blog is just marketing at the end of the day. There is no regulation, no actual organisation or anyone who can be held accountable for gross mishandling of the data.

It's just an old Aussie guy who stores hordes of stolen data on his private laptop and in his private cloud and sells it to other people who clearly gain benefit from collecting that data from his service.

There is trust and naivity, and in this case anyone who doesn't find it slightly dodgy is simply naive. Sorry, but that is the reality.

[bbatsell]

I am trying to assume good faith, but I confess to being incredibly confused by this post. I just skimmed the last two months of Troy’s tweets (which constitutes quite a few — he is prolific) and couldn’t find a _single_ one that matches up with any of your summations. Would you mind showing your work?

[gjm11]

I'm wondering whether (deliberately or accidentally) dustinmorris pulled up the wrong Twitter profile or something. No part of his description seems to me like it has any connection with reality.

[Ayesh]

This is definitely to most grateful comment I have seen on HN this far... Time out.