This isn't, by no means, a belittlement against Troy Hunt, but here are some things to consider:
What makes Troy Hunt any more trustworthy? Do you think he can't make a mistake? What if his operation suddenly can't handle something because of X reason? What if he's breached himself or any of the services he's using break down or worse, provide invalid data or incorrect data? What if user Y searches his site, finds out they aren't vulnerable due to a missed data dump or data dump that isn't been loaded yet, then all of sudden gets compromised? Who's to say his employees won't screw something up.
Troy is right. He can't efficiently do this anymore. From the architecture I've seen, all he's doing is monitoring a twitter feed for new data. What if that twitter feed gets compromised and he just ends up uploading password? If he's dealing with millions of records, there is no way he could "manually verify" if every record was safe to upload, yet he claims he does manually verify them without much elaboration of the process...
Imagine allowing legitimate companies to upload their breaches to the site or maybe other security companies could upload data. It could be so much more accurate. Plus the extra hardware could handle the load and help verify the data being uploaded much better than the current operation.
I'm afraid I agree with basically nothing you've written here!
I trust Troy Hunt more than I trust OP's examples of Facebook and Verizon. I also trust his competence more than I trust theirs. Whose to say that anybody won't make any of the mistakes you mention. FWIW I would doubt he would sell to either of these companies, but it's undeniable that you give up control when you sell and people have made incorrect judgments before.
Nobody is suggesting he continue alone, rather that, if he feels that they're the only two options, he take some venture capital instead of selling the business.
The main reason not to do this is the one that he's given: it may not be the best thing for him personally, and the venture capital plan may be particularly negative for him. I think this reasoning has a lot of merit.
Your argument is self contradictory because you seem to make an exclusion for Troy's fallibility by pointing to my same argument about the fallibility of others. There's no reason other than you think Troy is some super human.
Troy has basically said nothing about his manual verification process and he says its the worst part of the architecture. There seems to be no mechanism of removing your email from the list once it's added so he'll just keep adding/merging data I guess until it starts giving false positives. He doesn't have the infrastructure to make this scale into a reasonable utility. Even if he did hire employs, he's now delegating responsibility which will introduce new potential judgement holes into the process.
Simply put, it's too big for him. And it has nothing to do with trust. Venture capital is a crap excuse because now there's a profit motive for the service for something that should arguably be non-profit. Venture capital has a track record for producing several, high profile companies that make no profit for years and are compromised in themselves.
The best thing he could do is pass it to Mozilla or some other tech non-profit. It would be even better if it was a government service.
Remember, the founder of Facebook still runs the company. It got big, and look what happened.
The argument was not self-contradictory. I did not say that Troy was infallible, I specifically said that anybody, not just Troy, could make the mistakes you listed. That was to demonstrate the fallacy in your argument that he should give up HIBP because he might make mistakes.
Contrary to what you say, Troy has detailed his verification process. There also is an opt out form on the site which will allow you remove your email from the current dumps and future ones.
Troy is talking about somebody acquiring HIBP. This implies he is not necessarily looking to give it away for free. There are already paid aspects of HIBP.
I would have no issue with it going to Mozilla.
I can't tell if you're joking by suggesting he give it to a government or by comparing him to Zuck.
I guess we're at least agreed on Mozilla, who he is already talking to.
I looked at his architecture diagram and his complaints about it. He specifically cites his manual verification process as being a problem and does not go into detail on how its done. How do we know dumpmon is legit? The file is a legitimate compromised file? Whether the file contains adequate data and is adequately scrubbed? Why isn't HIBP open source?
And what I was trying to argue is that we shouldn't put so much faith in one man. Whatever he does, it will, more than likely, not be feasible for him to control all himself. Especially with the legal ramifications of storing private data.
And I don't know why you think it's a joke to trust the government with something like this. We trust them with a lot more dangerous things. Considering it's the only entity that can compel a business to do something, it could actually work out if there was ever a law requiring breaches to be reported.
But until that point, you might have a good enough product: One that has momentum and requires effort to corrupt, that users are aware of and have expectations about, and that presents value that people otherwise might not have known is possible. Control being lost doesn't necessitate that all the value & impact is lost with it.
What makes Troy Hunt any more trustworthy? Do you think he can't make a mistake? What if his operation suddenly can't handle something because of X reason? What if he's breached himself or any of the services he's using break down or worse, provide invalid data or incorrect data? What if user Y searches his site, finds out they aren't vulnerable due to a missed data dump or data dump that isn't been loaded yet, then all of sudden gets compromised? Who's to say his employees won't screw something up.
Troy is right. He can't efficiently do this anymore. From the architecture I've seen, all he's doing is monitoring a twitter feed for new data. What if that twitter feed gets compromised and he just ends up uploading password? If he's dealing with millions of records, there is no way he could "manually verify" if every record was safe to upload, yet he claims he does manually verify them without much elaboration of the process...
Imagine allowing legitimate companies to upload their breaches to the site or maybe other security companies could upload data. It could be so much more accurate. Plus the extra hardware could handle the load and help verify the data being uploaded much better than the current operation.