Have I Been Pwned 2.0
troyhunt.com872 points by LorenDB 5 days ago
872 points by LorenDB 5 days ago
He should partner with a law firm, for class action lawsuits, for every breach due to negligence (which is probably all of them).
Tie in to a banking service, so you can do direct deposits to many millions of people, every time there's new settlements paid, and you'll be a folk hero.
Get lawyers who want negligent companies to actually regret the breaches, with judgements that hurt. (Rather than a small settlement that gets lawyers paid, but is only a small cost of doing business, which is preferable to doing business responsibly.)
Optional: Sell data of imminent lawsuits, to an investment firm.
Though, ideally, investors won't need this data, since everyone will know that a breach means a stock should take a hit. Isn't that how it should be.
Heh, such an American response. Sue everyone and everything, lawyers gets paid. But at the end of day, nothing changes.
Meanwhile in EU, we have laws like NIS2, where if negligent in non-compliance. Fines are 10mil. EUR or 2% of global annual revenue. Eg.: If Apple gets $8bil. fine, yep that changes quite a lot I think. :)
How does the EU solution make user's whole? At least with class actions, users get to see a few pennies.
I'm not trying to make an argument against strong regulatory bodies. We need those for sure. It would just be nice if the users were compensated for the exploitation and abuse they're subjected to.
The US solution does not make users whole and does not meaningfully change anything.
The EU solution meaningfully changes the offending company's behavior. I would rather have significantly less breaches of my information than a check for $6 in the mail every couple months.
> The EU solution meaningfully changes the offending company's behavior.
Citation needed. I'd imagine they just add a tiny markup to their prices to pay the eventual fine instead of investing huge amounts of money into fixing their broken processes. Comparing the list of EU-issued fines against the respective companies' profits shows that they can simply afford to make those mistakes instead of preventing them.
> they just add a tiny markup to their prices to pay the eventual fine instead
Ironically, this counter-argument applies perfectly to the "US solution".
On the contrary, EU's huge fines have a better chance of being effective.
Stock holders generally frown upon multi-billion euro fines and may want a change in management.
>The EU solution meaningfully changes the offending company's behavior
How are those cookie consent popups working out?
Great, they meant better acting corporations have no click or single click (dismiss-able with simple add-ons to proactively affirm the user's position) ribbons to get get rid of unwanted cookies. Let's be realistic anyone who hates those banners and hasn't bothered to do the google search and 5 minute task to get rid of them permanently (either enabling or disabling consent) is not having their political opinion changed by them, they are using them as an excuse to buttress their position of government bad or corporations malicious.
It is a meaningful change, or you wouldn’t be talking about it.
Meaningful does not mean a solution.
The EU solution provides incentive for the government to attack large businesses with lawsuits. That’s predatory and will lead to large businesses trying to lobby the EU to go after their competitors.
That just seems dysfunctional.
The difference between the US and the EU being: the cost of negligence is known ahead of time?
Agreed. It's unfortunate how litigious we are but it's the only language we speak apparently.
It's with American companies in mind. Though I expressly addressed that it isn't about lawyers getting paid, and also how this might change things (motivate companies to behave responsibly, in this regard)
Basically, we have a high-corruption society, especially in 2025, but there's still vestiges of a system that can be leveraged in the public's interest, if you contort just so.
Do either of these approaches actually solve the problem? I think companies won't take it seriously unless their executives do, and their executives won't unless they are personally punished in a way compensation can't compensate for. Cane them Singapore style.
> do direct deposits to many millions of people, every time there's new settlements paid
I wish I could easily donate my tiny settlements to a good cause. It might make it worth the time to register for the class.
Probably impossible, but create a slush fund where companies that behave badly are forced to pay into so we can do things like fix roads and build housing.
We could also design some kind of electoral process for picking those in charge of defining the rules and creating yet more bodies to enforce it.
Maybe this time we can come up with a better way to disincentivize corruption and bribery.
We could instead randomly select representatives instead of using popularity contests where the candidates need money for advertisements in order to get popular, or to just even let people know that they exist.[1]
https://en.wikipedia.org/wiki/Sortition
[1] But the real solution is getting rid of money.
Sure, that's still designing am electoral process. I didn't prescribe any one model in my precious comment.
So on the nose. We shouldn't have to wait for pennies from lawsuits to have good roads and adequate housing
The idea of fines as a revenue stream has never sat well with me. Fines are meant to be a disincentive. The ideal collection amount is zero. Treating them as a revenue stream creates a perverse incentive to enforce the penalty without disincentivizing the behavior.
This is literally what happened in Belgium when politicians did budget. A piece of the expected slice was traffic fines.
So that means that any kind of system that would improve traffic other than repressive measures would cost them twice, once to fix the situation and again when they can issue less fines.
If I drive carelessly and get a meaningful fine, I'll think twice next time, irrespective of who gets the money. I only care that I am fined. Unless the police starts to administer fines when they shouldn't, all is good, right? What happened in Belgium?
I don’t know about Belgium specifically, but one of the usual issues is that it incentivises aggressive policing of minor issues that make money (like parking violations), which takes resources out of other problems (like mugging).
In some situations (cough random towns with sections of highway running through them in Texas), it incentivizes an approach to traffic enforcement which is barely distinguishable from getting mugged.
That's fine for you personally, and it may sound all good from a logical, theoretical, or academic perspective, however I personally know of people who have lost their license due to multiple fines and "demerit points" (NZ) resulting in that consequence.
The fines, and loss of license hurt them personally, professionally, and financially, but didn't change their behavior outside of the very short term.
In NZ we have people that are in and out of prison due to burglaries, robberies, etc... but the penalties don't change their longer term behavior.
There's a deeper problem, and penalties are important, but not the entire fix.
The occasional fine I get (and the prospect of getting another) does affect my driving habits and attentiveness, and it's the same for people close to me. Can't talk for others, though I'd expect this to be the norm.
Then these people _obviously_ are not fit to drive a multi-ton killing machine at all and should have their license permanently revoked, when they had multiple chances for introspection.
I think whoever brought up the "fines as revenue" may have thought of Fenton, LA or the like: https://www.propublica.org/article/fenton-louisiana-brought-...