Hacker News new | past | comments | ask | show | jobs | submit login

haveibeenpwned could/should make a browser extension that tell you if the site your on has been pwned



HIBP isn't about pwned sites. It's about leaked credentials. The source of leaked data on HIBP isn't verifiable in most cases.


Nope.

https://haveibeenpwned.com/PwnedWebsites


OK, so there's a Yahoo! breach from 2012. Should I not visit Yahoo now?

Also please note the '?' marks for unverified sources.


Do you have a better solution than not using a service? Not using it is like voting with your wallet. So yes, I would say stay away from yahoo. Where do we draw a line otherwise? It is the same boat as "I don't like Facebook collecting data on me but I'll still use their service".


Yes, it's in the same boat, we (almost) all do it with Google.

I don't know where to draw a line, but I don't think a single data breach, even minor one, should mean a death sentence to business. Maybe some sort of audit/certification should be mandatory after breach.


I think the idea is more about informing users than it is about trying to drum up a boycott that results in a "death sentence".

For example, with regards to search engines, what if I go on Google and it tells me "hey, Google has had 3 data breaches that have effected users like you". And then I go on DuckDuckGo and it says "DDG has never had a data breach". Not everyone will switch from Google to DDG, but some people will, and I don't think that's a bad thing.


We can't inform users how a particular breach affected a particular user (based on the fact of breach alone). Anything else is just FUD. It's like saying life in California is dangerous because there were deadly hurricanes there in the past that took lives.

We can't completely control hacker attacks. We should treat them more like software bugs or service outages. It just happens, we should focus on minimizing potential damage and proper response.


> It's like saying life in California is dangerous because there were deadly hurricanes there in the past that took lives.

I'm not sure this is the analogy you are looking for. If you are concerned with how a hurricane might impact your livelihood, it's generally a much better idea to live in Colorado than on the coast of California.

Except unlike hurricanes, we absolutely can prevent hacks that leak a lot of user information.


There is a difference between not liking the OC's idea of an extension, and saying that HIBP does not have the data required to make such an extension.

First you said the latter, now you're saying the former.

Own up to your mistakes.


You are correct, I souldn't be arguing to you on OC's idea. Thank you.

But I didn't say HIBP doesn't have these data. My point is these data isn't enough to give recommendations or warnings to site visitors.


HIBP has an API! Be the change you want to see.


Not the same thing, but 1Password has HIBP integration.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: