[nezza-_-]

Yeah, but it's still easy to do mistakes this way. For instance, the keyspace of phonenumbers isn't really large, so just hashing wouldn't help much against someone trying to get phone numbers. With e-mail addresses it's a bit better I guess.

A client-side, bloom-filter based solution would be nice IMHO. You would get either a definitive "No, your data wasn't leaked" or a "Your data was very likely (xx% possibility) leaked."

This all still doesn't help non-technical people decide whether a site can be trusted though :)