Acceptable Use Policy

Last updated: May 2026

Scope

This policy applies to all users of lurk.st. The platform is intended for security researchers, red teams, penetration testers, investigators, and journalists. Users are assumed to have baseline security literacy. All use is subject to GDPR where applicable.

Permitted Uses

Security research — analyzing vulnerabilities, understanding TTPs, contributing to collective defense
Authorized penetration testing — reconnaissance for assessments with explicit written permission from the asset owner
Personal exposure monitoring — searching your own identifiers to assess breach exposure
Threat intelligence — gathering data to detect, assess, and respond to cyber threats
Journalistic investigation — verifying information for public interest reporting

Prohibited Uses

Stalking, harassment, doxxing, or any targeted harm against individuals
Identity theft or fraudulent impersonation
Credential stuffing, password spraying, or unauthorized account access
Bulk harvesting or automated scraping, regardless of intent
Reselling, licensing, or redistributing data obtained through the platform
Any use targeting minors
Circumventing rate limits, token validation, or security controls

Enforcement

Violations result in immediate and permanent token revocation without refund. We employ rate limiting and anomaly detection to identify abuse. Token revocation is applied without warning for clear violations.