[mike_d]

I appreciate what HIBP does, but I believe it serves Troy's personal brand more than it would any corporate owner. The biggest issue is the data is super stale. Things regularly pop up in SpyCloud 6-12 months before HIBP, and as a result they are a much more attractive acquisition target.

There is also an unreasonable dependency on CloudFlare kool-aid for HIBP and his other services. I reached out to Troy about sponsoring Report-URI because it was a service I believed benefitted the internet. In response I received a snarky response about how I didn't understand how web-scale CloudFlare was, when I was effectively offering to cover all the companies infrastructure costs for the foreseeable future (multiple dozens of servers and XX Gbps of bandwidth).

[tomschlick]

> There is also an unreasonable dependency on CloudFlare kool-aid for HIBP and his other services.

How it is unreasonable? Do you criticize the hosting platform / cdn of every service you use?

CF has been a huge help to Troy with optimizing caching and helping him with the k-anonymity setup to make the scale of HIBP possible with less infrastructure. Their network is top notch (sub 10ms for most population centers) and they are trying to give back to the broader community by donating the bandwidth and cache to greater good projects like this.

[lmm]

If your whole raison d'etre is to be a trusted source on privacy and security matters, then putting yourself in a position where you can't speak objectively about the organisation that controls 10% of the internet's traffic is massively compromising that. I'm sure Hunt will do his best, but how could anyone possibly make a fair judgement of something controversial like "Flexible SSL" when his livelihood is dependent on them?

[jgrahamc]

I am sure that literally any one of our competitors would give Troy their service for free. He's free to leave whenever he wants. And he's 100% free to criticize us while remaining a customer.

[smoyer]

I love that you're here ... and as transparent as possible. Thanks for the work you do in keeping the Internet running (and as far as possible - "safe".

[jgrahamc]

Well, I've been here close to 13 years (https://news.ycombinator.com/user?id=jgrahamc). Seems a shame to leave now.

[matsemann]

> I was effectively offering to cover all the companies infrastructure costs

So basically what CF does today? Except he would have reengineer everything to fit a new setup? Was he snarky or just explaining himself?

[Abishek_Muthian]

HIBP's M&A process & Troy's hurdles in running HIBP highlights two fundamental points of friction in running a single person company.

Reg. Value of a single person company.

>This was another really unexpected part of the experience - how people perceived me personally and put a value on my brand.

May be Troy really didn't expect that only person running an entity to be bought would be valued, sometimes even higher than the product/service itself; but it also needs to be understood that the company which is willing to buy an entity for a single person is undertaking an extraordinarily huge risk due to the Bus factor.

Reg. Compliances of a Business when running as a single person.

>I still manually verified every breach, hand edited every logo of a pwned company, issued (and chased) every invoice, did the tax returns and prepared the business activity statements.

At-least Troy seems to be located in a jurisdiction with straight forward business regulations. May be, most of the compliances could be automated.

There are countries out there where companies, even if run by a single person needs to comply with literally hundreds of regulations, with a new one popping up each month all to benefit the corrupt bureaucracy i.e. If you want to comply every regulation there, you still need to bribe. But the system and people who help with such regulations(auditing, lawyers) favour those who don't comply just because of larger bribes! So, even if you automate every other part of our business, you cannot automate out of corrupt bureaucracy.

M&A is one of the fundamental hurdles in a single person company, although there are other advantages such as freedom, cost-benefit etc.[1]

[1]https://hitstartup.com/being-single-founder-vs-having-co-fou...

[harikb]

Edit: Retracted

[mintplant]

I think you misread. Report-URI is a service of Troy's which the GP was interested in sponsoring. The GP has no other affiliation with Report-URI.