Mastodon

Donations, why I don’t need them and why I’m now accepting them for “Have I been pwned?”

So we were about halfway through watching the Wolf of Wall Street at the local cinema the other day and the iPhone starts buzzing like a mad thing. It’s on silent, of course, but you get that sense that something important is happening just by virtue of the frequency of the thing randomly jumping around in your pocket every few seconds. But it’s a night out with my wife – a rare night out – and I’m not about to risk a sneaky glance at the phone.

Now this is a long movie (as awesome as it was), but once it’s finally over and the social etiquette allows, I take a look at what’s going on. (Ok, I snuck away to the bathroom then took a look.) Forbes has been hacked and there’s a million user accounts now floating around the web. The chorus of tweets and emails I was receiving was in equal parts to bring this to my awareness and to ask “Are the accounts now in Have I been pwned?

You see, the thing with this service is that it works best the earlier I get data in. When an event like Forbes is hitting the headlines, I want subscribers of the notification service to already know their account was popped rather than being left wondering because you can be sure it’ll be many hours and often days before the impacted company actually tells customers themselves. Plus of course getting the data up early gets HIBP into the headlines and makes it easy for concerned customers reading the morning news to actually be able to figure out if they’re impacted or not.

The problem in the above scenario was dinner – it had to happen before any downloading of pwned accounts or publishing into my system. Thing is though, dumps like this are often yoinked pretty quickly so I’ve got this potentially very small window in which to grab the data and then a slightly larger window in which to publish it. You know how painful it is to grab a 63MB zip file off the web with an iPhone?

Anyway, I explain the significance to my very understanding and supportive and beautiful and… well, you get the point. I proceed to somehow get the iPhone to do things that Jobs originally said we’d never need to. I somehow coerce the zip file off the hackers’ dumping ground and into my Dropbox whilst enjoying the first course of a lovely dinner (I think it was lovely, I was a bit preoccupied).

Here’s the point I’m driving at: Building and running this service takes sacrifices. Not much of a financial toll (although I guess you could argue there’s an opportunity loss while I’m preoccupied with HIBP), but a toll on my time which has to fit in around a more “normal” job and a young family. It’s not just loading the dumps, it’s obviously expanding the functionality and the work that had to go in as I simply did not see it becoming a raging success. I’ve had the proverbial baby, now I need to support it.

Handouts Donations

I never intended to accept donations, the thought just never crossed my mind and when anyone brought it up, it always seemed a bit like a handout. Indeed I spent a lot of time writing about how cheap it is to host such a service on Azure, even a service with some decent scale. I didn’t need donations, at least not to cover the costs of running the service. Yet somehow, people kept offering them. No really, many people asked for a donate button and I simply didn’t see it as necessary, but the question kept coming up.

It was finally on reflection of the sort of events I outlined earlier on in this post that I considered the idea, so I asked people what they thought. The response was unanimously, overwhelmingly in support of the idea, indeed many people would like to kick-in to something they find useful and by all accounts, this has been a rather handy little service.

So here’s what I’ve decided to do: I’m now accepting donations not to cover the insignificant hosting costs, but to cover the other things that help make this service successful. I’ve put up a bunch of stuff on the donate page that helps make the magic happen or that I frequently sacrifice to make the aforementioned magic happen. This is stuff ranging from the coffee I drink while driving and absorbing podcasts to the cost I pay for the email service to the quiet drink I like to have after pushing a feature and yes, making it all up to my wife by taking her out to dinner. Again. Without my phone.

In fact I came up with 10 separate things tiered across different values:

CoffeeRent a DVDMonth of SendGrid mailSix pack of Little Creatures Pale Ale2,500 WHOIS API queriesTake the kids to a movieWoodform ReserveGitHubWifeSaving your ass

My view is that frankly, it’s a lot more interesting to understand what goes into a service like this and the sacrifices that need to be made then donate to those than it is to just contribute some arbitrary amount of money that ends up in the personal treasury. Who knows how it will be received though, time will tell.

On donating

The service remains free; free for searching by email or username, free for the automated notification service and free for domain-wide searches including the notifications also built into those. None of that changes. I’m far more interested in making the service useful and accessible to everyone right now than trying to turn a profit.

Donate what you feel like, including nothing at all if it pleases you. By all means, hit the API a million times and don’t give a cent; use the website and find yourself pwned somewhere you weren’t expecting and buy me a beer (or six). Either way, use the service, find a way to make it valuable to you and keep sending me feedback on what I need to do for its continuing success.

Have I Been Pwned
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals