I looked at his architecture diagram and his complaints about it. He specifically cites his manual verification process as being a problem and does not go into detail on how its done. How do we know dumpmon is legit? The file is a legitimate compromised file? Whether the file contains adequate data and is adequately scrubbed? Why isn't HIBP open source?
And what I was trying to argue is that we shouldn't put so much faith in one man. Whatever he does, it will, more than likely, not be feasible for him to control all himself. Especially with the legal ramifications of storing private data.
And I don't know why you think it's a joke to trust the government with something like this. We trust them with a lot more dangerous things. Considering it's the only entity that can compel a business to do something, it could actually work out if there was ever a law requiring breaches to be reported.
And what I was trying to argue is that we shouldn't put so much faith in one man. Whatever he does, it will, more than likely, not be feasible for him to control all himself. Especially with the legal ramifications of storing private data.
And I don't know why you think it's a joke to trust the government with something like this. We trust them with a lot more dangerous things. Considering it's the only entity that can compel a business to do something, it could actually work out if there was ever a law requiring breaches to be reported.