top | item 8302867

(no title)

I don't know about you, but I can't bring myself to punch my ID into a random website.

discuss

They should really accept a hash of your email/username to lookup. Then we can an idea of if we've been pwned without giving additional information if we haven't been.

jdludlow|11 years ago

I'm not sure how that would help. They would have to generate a matching hash on their end, giving them a lookup table to work backwards from hash to email address.

Now if they wanted to supply a list of hashes to the public, then you could check your own without knowing any of the other addresses used to generate the remaining hashes.

rwallace|11 years ago

It only asks for your e-mail address, not your password or any other secret information.

drivingmenuts|11 years ago

I feel like I will have been pwnd.

Maybe that's the next website to build: willihavebeenpwnd.com and then whenwillibepwnd.com

jgeorge|11 years ago

It's time to break out Dr. Dan Streetmentioner's new Guide to Future Domain Names.

mseebach|11 years ago

Unless you use different usernames/email addresses for all the websites you sign up for, this website isn't any more or less random than any of the hundreds of websites you've punched your ID into (and of which some, more likely than not, has been compromised).

superuser2|11 years ago

The fact that your username exists is almost always public information, and all you'd be disclosing. That's why we have passwords.

sprash|11 years ago

If you fear your credit card info has been stolen, enter it here and you can find out for free. Avoiding fraud has never been easier!

kazinator|11 years ago

Not the same thing at all because your e-mail address isn't a security token. e-mail addresses aren't secret; you give them away all the time.

Would you put your credit card info on a business card and give it to people you meet?

wglb|11 years ago

But the point is that your email is possibly already out there, circulating around. Would you rather not know?