Re: Huh, does it log searches?
> I always wondered about entering your personal info on a site like this
It does require trust, but I think you can usually tell by how they talk about the potential issues. This guy's always been open about that worry, and it's always been clear he actually understands people's concerns in that respect.
HIBP's policy:
> When you search for an email address
> Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never explicitly stored anywhere. See the Logging section below for situations in which it may be implicitly stored.
> Logging
> Only the bare minimum logs required to keep the service operational and combat malicious activity are stored. This includes transient web server logs, logging of unhandled exceptions using Raygun, Google Analytics to assess usage patterns and Application Insights for performance metrics. These logs may include information entered into a form by the user, browser headers such as the user agent string and in some cases, the user's IP address.
Ok, you still have to trust him that's true, but I've met plenty of people who would gleefully hoard people's data, and they'd never in a million years phrase their lies like that.
It's when they talk vaguely, or that dismiss concerns outright that I'm wary of. I don't even have to go looking into that Genderify outfit to know their privacy statements would have been meaningless waffle, exaggerated promises, or doublespeak...