As currently configured, the site makes information that is otherwise only available on the darkweb (e.g., saliently, that you were an AdultFriendFinder user) readily accessible to anybody with an internet connection.
This would only really make sense for pwned email addresses, since there would be no easy way to prove you are the owner of a given account otherwise.
Alex, check the laws in your local jurisdiction, many countries (such as those in the EU), have laws that require companies to permanently remove your identity if requested.
Я предлагаю вам
HI, I have a problem which I can’t seem to find the answer anywhere on the web, I use to be a member of AFF & then I deleted my account, I also asked & gave them notice that I want my email address to be removed from their database & website too, however it seems that my email address is still in their database & each time I send them an email asking them to remove/delete my email address I get an automated reply which basically says they will hold my email address to stop people having duplicated accounts . to me that is just pure B.S. as they want to make people PAY extra to change their username or profile or something else, and anyone can have millions of profile on there with just creating new Hotmail account & sign in.
so is there a law or privacy protection which does allow me to DEMAND from them to remove my email address from their website & get a confirmation?
I’ve now applied the “sensitive” flag to the AFF breach as well. The additional curiosity and scrutiny that’s resulted from the Ashley Madison breach has tipped the scales in favour of it being more advantageous to hide the data from public view than to make it easily accessible.
Troy, In regards to topic on salacious hacks (AM and AFF). I really think there are lot of people, mainly innocent people, who for whatever reason had an email associated with these sites. What you did with AM makes sense. I urge you to make the same change for the AFF data. Why? The AM hack is going to get a lot of attention. This means people will be driving to your site to check emails. Both hacks are the same in nature; a gross invasion of privacy, obtained illegally. For some, having an email come up under the AFF data is just as damaging as AM. I urge you, for the sake of safety for some, to implement the same measures for AFF as you have responsibly done for AM. People who need to know can still know using the AM strategy. Tinder, OK Cupid, Grindr, what’s next.
For those that haven’t seen it, this recent blog post on how I intend to handle the Ashley Madison data (or equivalent) is pretty important:
The intention of that post is to keep sensitive data away from people casually browsing it. In terms of ‘ comments, I may well still add the ability to remove individuals from being searchable as well, at least in the immediate term there’s a mechanism to hide any new sensitive data.
Seems like this fix would help some people and hurt none. The rest of the debate is just getting clearer on *how many people* it’d help, and *how much*. Since going with ‘s suggestion presents no downside (given the stated goals of HIBP), I suppose the question becomes whether judges it’s worth his time to implement.