[HN Gopher] Women dating safety app 'Tea' breached, users' IDs p...
___________________________________________________________________
Women dating safety app 'Tea' breached, users' IDs posted to 4chan
Also:
https://www.reddit.com/r/4chan/comments/1m8z2w4/4chan_the_ha...
https://www.cnet.com/tech/services-and-software/tea-app-brea...
Author : gloxkiqcza
Score : 270 points
Date : 2025-07-25 15:36 UTC (7 hours ago)
(HTM) web link (www.404media.co)
(TXT) w3m dump (www.404media.co)
| duxup wrote:
| A flash in the pan gossip app that when it functions normally is
| not worried about anyone's privacy / accuracy ... also doesn't
| care about good policies or their user's privacy.
|
| That seems about right.
| darth_avocado wrote:
| You could say that the *Tea has been spilt*
| JohnMakin wrote:
| Painting this as a "gossip" app seems extraordinarily
| reductive. Women have a good incentive to share info about and
| to one another for safety beyond "gossip."
| duxup wrote:
| Go checkout the website, the first image is just two people
| gossiping.
|
| This app operates just like an app some creep online would
| use, people post pictures (permission or not) and gossip
| about them.
| jahewson wrote:
| There's also a ton of bad incentives for those women who lie,
| manipulate and abuse beyond "gossip".
| ryandv wrote:
| Yeah? What are they?
| darkwizard42 wrote:
| Is it reductive? It also has good incentive for someone
| jilted or misinterpreting something to suddenly tarnish
| someone's reputation with little recourse for the other
| party. It is a one-sided review app for people in a way that
| people affected may never even know!
| BizarroLand wrote:
| If guys had an app that women couldn't access where we shit
| talked all of our exes with photo evidence women would riot
| at the company HQ.
|
| But then again, can't convince people as a whole that men
| are, on average, good and decent people with normal flaws
| just like women, and therefore deserve to be protected,
| loved, and appreciated equally.
| fake-acc-420 wrote:
| And this is why you don't let dummies provision resources in the
| cloud
| bigfishrunning wrote:
| But they gave firebase money! and that money spends!
| nis0s wrote:
| How is this user data even reliable or useful when someone can
| make fake personas and populate their activity with LLMs?
|
| Drivers licenses can be faked. Moreover, someone can just pretend
| to be someone else on this app with real drivers licenses.
|
| The whole premise, implementation and process of Tea as a social
| media app is flawed, and a legal liability for the devs.
| tamimio wrote:
| I hope it served as a good lesson to the average person to be
| more cautious while submitting sensitive information like a
| government ID. Just because it's an app with a nice UI doesn't
| mean it's secure, let alone trustworthy regarding who owns it.
| Last week I was contacting a government agency here in Canada
| and the support team requested a government ID to be shared
| over email, which is anything but a secure communication. I
| tried to share it as a link to my vault, but they refused, so
| now either I will have to go in person or they will find
| another way in the meantime.
|
| The internet went from 'YouTube asking users to never use your
| real name' to 'you have to submit your ID to some random app'
| in 10 years. Crazy!
| ethagnawl wrote:
| > I hope it served as a good lesson to the average person to
| be more cautious while submitting sensitive information like
| a government ID.
|
| This absolutely should not be normalized. If I'm ever
| prompted to submit photos of a government ID to some service,
| I'm turning heel. I'll try to use their phone service (which
| I just did successfully this week), correspond via mail or
| maybe, as you've said, handle it in person but I'm probably
| content to go without.
| wosined wrote:
| I always do. I would have never made social media accounts
| if it required phone or ID. Thankfully I'm old so my
| accounts were made before normies flooded the net and
| started trusting everything.
| dabockster wrote:
| > Thankfully I'm old so my accounts were made before
| normies flooded the net and started trusting everything.
|
| It wasn't "normies" so much as it was the leadership and
| early investors of Facebook shoving "just trust us" and
| FOMO literally everywhere online. The hype (and hope) in
| 2010 was REAL and almost all privacy related
| conversations were shut down on sight. Heck, I think I
| still have my copy of Jeff Jarvis's Public Parts (ISBN13
| 9781451636352) somewhere in my closet. Amazing read if
| you really want to understand the mindset in place at the
| time.
| SoftTalker wrote:
| The sad part is that your government ID is about as likely
| to be leaked by the government agency itself than it is by
| any third party that has an scan of it.
|
| My driver's license is scanned every time I buy beer. I'm
| under no illusions that it's not quite readily available in
| any number of leaks or disclosures.
|
| If that sounds defeatist, maybe it is. Nothing online is
| private. Once it's in a database, it's only a matter of
| time before it's exposed. History has proven this again and
| again.
| gitremote wrote:
| You need to do this for background checks for employment,
| even though the employees for the background check service
| might be outsourced to a different country, and your
| government data had no protections in their jurisdiction.
| hdgvhicv wrote:
| Every hotel and his dog takes a copy of my passport, it's
| basically public domain.
| koakuma-chan wrote:
| You can send it as an encrypted PDF, fwiw
| chatmasta wrote:
| On the rare occasion when I have to do this, I blur the
| maximum amount of the image and watermark it with hundreds of
| lines of small red font saying "FOR EMPLOYMENT VERIFICATION
| BY $X_ENTITY."
|
| If they have a problem with it then I will gradually remove
| pieces until they're okay. But I haven't had to do this the
| few times I've used this tactic - it causes issues with
| automated scans but eventually some human manually reviews it
| and says it's okay.
|
| What I don't like is the "live verification" apps that leave
| me no choice but to take a photo of it.
| gruez wrote:
| >What I don't like is the "live verification" apps that
| leave me no choice but to take a photo of it.
|
| That's becoming the norm now, presumably because of concern
| that people are taking leaked scans from one site, and
| using it to commit identify fraud (eg. getting KYC scans
| from crypto exchanges and using it to apply for accounts at
| other crypto changes, for money laundering purposes).
| 10000truths wrote:
| You can use OBS to overlay your watermark on your webcam
| feed, then expose the composited output as a virtual camera
| that you select in the browser.
| dabockster wrote:
| > The internet went from 'YouTube asking users to never use
| your real name' to 'you have to submit your ID to some random
| app' in 10 years. Crazy!
|
| Because we couldn't get anyone to take the internet seriously
| if it was just a bunch of anonymous pseudonyms trolling each
| other. And maybe that was a mistake.
| hdgvhicv wrote:
| When I started on the internet it was common to use real
| name, and indeed include things like addresses and phone
| numbers in usenet .sigs
| xtracto wrote:
| CEOs and board members should be personally criminally liable
| for shared personal information coming out of their
| platforms.
|
| It's the only way they will push companies to STOP storing
| them long term.
|
| I've been in several companies (mostly FinTech) that store
| personal sensitive documents "just in case". They should be
| used for whatever is needed and deleted. But lazy compliance
| and operations VPs would push to keep them... or worse, the
| marketing people
| ronsor wrote:
| To be fair to the FinTech companies and their leadership,
| banking and finance laws are so draconian to the point
| where you'd rather store (and risk leaking) sensitive data
| than face even bigger fines from the government overlords.
| If you want that to stop, get rid of the PATRIOT Act and
| reform the KYC insanity.
| add-sub-mul-div wrote:
| If my license gets leaked and then a stalker shows up at my
| house, I will simply turn them away on the grounds that it was
| illogical to assume the license wasnt faked.
| carabiner wrote:
| > Drivers licenses can be faked. Moreover, someone can just
| pretend to be someone else on this app with real drivers
| licenses.
|
| These are actually still very hard to do. I don't know anyone
| who would let me use their license for this purpose.
| bobsmooth wrote:
| With all this talk about age verification, I have to wonder if
| the complete lack of security was intentional.
| pavel_lishin wrote:
| How do you mean?
| bobsmooth wrote:
| The UK and some US states are instituting age verification
| for adult content. Doxxing thousands of women is a great way
| to get people talking about privacy and security.
| pavel_lishin wrote:
| That feels like a hell of a risk to take just to get a
| conversation started. Not just the obvious implications of
| endangering all the users, but the cloud that's going to
| hang over everyone associated with Tea, now.
| fidotron wrote:
| https://www.teaforwomen.com/about
|
| Two people, in public.
| bravetraveler wrote:
| http://archive.today/U5Tah
|
| Freewalled
| more_corn wrote:
| Freewalled I like that
| neonate wrote:
| Is that site down? I'm just getting the default nginx page.
| bravetraveler wrote:
| Strange! Doesn't seem to be down, at least at time of
| writing _(either my original post or this one)_
|
| I linked the plain HTTP version... which seems to rely on a
| series of redirects; potentially TOR: ~ $
| curl -vLsq http://archive.today/U5Tah |& grep -Ei
| 'location:|title' < Location:
| https://archive.today/U5Tah < onion-location: http:
| //archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.
| onion/U5Tah < location: https://archive.ph/U5Tah
| <title>archive.ph</title>
|
| Tough to say :) Vaguely reminiscent of SNI troubles on the
| web server... which _can_ depend on the client. I thought
| that was becoming exceedingly irrelevant, though.
| dpedu wrote:
| I've seen this issue with certain dns providers. I don't
| have issues with google dns (8.8.8.8).
| pavel_lishin wrote:
| Good lord, why would they store those drivers' license images for
| an instant longer than it took to verify their users?
| duxup wrote:
| They shouldn't, but it appears to be a gossip app where by
| design they're also storing photos taken of other people
| (permission or not) and gossip about them...
|
| They don't seem to value privacy.
| Mountain_Skies wrote:
| According to another media report, the approval queue for new
| account verification was seventeen hours long. It's possible
| what the 4channers got was that approval queue.
| IlikeKitties wrote:
| No they got more, 23gb of files.
| AlanYx wrote:
| That's only a partial archive. There's another one with
| 55gb.
| jsrozner wrote:
| This. Appropriate regulation should make this an offense
| punishable by a large fine. There is almost no consequence to
| companies for bad practices.
|
| Ideally you'd see fines in the 10%s of revenue. In egregious
| cases (gross negligence) like this, you should be able to go
| outside the LLC and recoup from equity holders' personal
| assets.
|
| Alas, if only we had consumer protections.
| dabockster wrote:
| > Appropriate regulation should make this an offense
| punishable by a large fine.
|
| And some kind of legal penalty for the engineers as well.
| Just fining the company does nothing to change the behavior
| of the people who built it in the first place.
| chemeng wrote:
| In the US, professional certifications (PE, Bar, USMLE,
| CPA) exist to partially solve this problem when the
| certification is required to perform work legally. These
| are typically required in industries where lives and
| livelihoods of individuals and the public are at risk based
| on the decisions of the professional.
|
| Joining in with some other comments on this thread, if the
| stamp of a certified person was required to submit/sign
| apps with more than 10K or 100K users and came with
| personal risk and potential loss of licensure, I imagine
| things would change quickly.
|
| I'm personally not for introducing more gatekeeping and
| control over software distribution (Apple/Google already
| have too much power). Also not sure how you'd make it work
| in an international context, but would be simple to
| implement for US based companies if Apple/Google wanted to
| tackle the problem.
|
| I think the broader issue is that we as a society don't see
| data exposure or bad development practices as real harm.
| However, exposing the addresses and personal info of people
| talking about potentially violent, aggressive or unsafe
| people seems very dangerous.
| ryandrake wrote:
| I would at least love to see a public postmortem. What was
| the developer's rationale for storing extremely personal
| user data unencrypted, in a publicly facing database? How
| many layers of management approved storing extremely
| personal user data unencrypted, in a publicly facing
| database? What amount of testing was done that failed to
| figure out that extremely personal user data was stored
| unencrypted, in a publicly facing database?
| ohdeargodno wrote:
| >What was the developer's rationale for storing extremely
| personal user data unencrypted, in a publicly facing
| database?
|
| https://www.teaforwomen.com/about >With a proven
| background leading product development teams at top Bay
| Area tech companies like Salesforce and Shutterfly, Sean
| [Cook, creator of Tea] leveraged his expertise building
| innovative technology to create a game-changing platform
| that prioritizes women's safety
|
| If you're lucky, a clown vibe coded this trash. If you're
| unlucky, he paid someone to do so, and despite his proven
| background about leading top Bay Area companies, didn't
| even think to check a single time.
|
| The CEO is directly responsible for this.
| ryandrake wrote:
| Wow, so the entire company is a Founder and a Social
| Media Director??
|
| > With a proven background leading product development
| teams at top Bay Area tech companies like Salesforce and
| Shutterfly, Sean [Cook, creator of Tea] leveraged his
| expertise building innovative technology
|
| Blah blah blah blah blah... Just goes to show that you
| can write all sorts of powerful sounding words about
| yourself on your About page, but it doesn't say anything
| about your actual competence. I mean, I don't have a
| "proven background leading product development teams" but
| I sure as shit wouldn't make obvious amateur-level
| mistakes like this if I ever did a startup.
| ytpete wrote:
| Requiring a 3rd-party auditor perform a postmortem whose
| results are posted publicly might be an interesting
| regulatory approach to this. Companies get shamed for
| their mistakes, and also the rest of the industry learns
| more about which practices are safe and which are
| dangerous. A bit like NTSB investigation reports, for
| example.
| dannyphantom wrote:
| Absent broader regulation, we all know that apps like Tea
| depend HEAVILY on user trust. However, I am a bit concerned
| users either won't fully grasp the severity of this breach or
| won't care enough and end up sticking with the app
| regardless.
|
| A somewhat embarrassing but relevant example: my friends and
| I used Grindr for years (many still do), and we remained
| loyal despite the company's terrible track record with user
| data, privacy, and security as there simply wasn't (and still
| isn't) a viable alternative offering the same service at the
| expected level.
|
| It appears Tea saw a pretty large pop in discussion across
| social channels over the last few days so I'm pretty hopeful
| this will lend itself to widespread discussion where the
| users can understand just how poorly this reflects on the
| company and determine if they want to stick around or jump
| ship.
| hdgvhicv wrote:
| Companies, especially American ones, see data as an asset,
| rather than a liability.
|
| The GDPR in Europe attempts to reset this but it's still an
| uphill battle
| ytpete wrote:
| Or maybe require them to prominently disclose the breech to
| all current and future users on the app main screen for some
| period of time afterward (a year or two?). Sort of like the
| health-code inspection ratings posted in restaurant windows.
|
| That cuts to the issue some other comments have pointed out,
| that user _trust_ is really their most important capital -
| and with short attention spans and short news cycles, it may
| rebound surprisingly fast.
| hbn wrote:
| This is what vibe coding gets us!
| GoatInGrey wrote:
| The cynical part of me feels like certain employees had
| uncontrolled access to the user data.
|
| There would be a morbid irony in the idea of a tool marketed
| as increasing safety for women actually being a honeypot
| operation to accumulate very sensitive personal information
| on those very women.
| ytpete wrote:
| Not a fan of the "vibe coding" hype, but is there any
| evidence that this app was built that way?
| Proofread0592 wrote:
| I am just making a wild guess with no evidence to back it up,
| but I have a question and a potential answer:
|
| How was this app going to monetize?
|
| I'm guessing by selling user data, namely drivers license info
| to phone number.
| Ancapistani wrote:
| I thought 4chan died a year or so ago?
|
| Ugh. I'm clearly getting old. I don't even remember the last time
| I went to 4chan.
| tokai wrote:
| It was knocked offline and a lot of journalists and bloggers
| spun a history about it not coming back. But it did.
| morkalork wrote:
| All the mods were doxxed too, but life uh finds a way?
| Ancapistani wrote:
| Thanks - this is context I was missing :)
| linkage wrote:
| It's unironically a stronger case for network effects than
| Facebook
| jabroni_salad wrote:
| that thing is a cockroach. It will survive every tech company
| you can care to name.
| raverbashing wrote:
| "Security breach" more likely a vibe coded slop app
|
| But yeah please tell me how "we care about your privacy"
| pavel_lishin wrote:
| > _more likely a vibe coded slop app_
|
| I mean, it's fun to throw baseless accusations around, but do
| you have any actual reason to suspect this?
| raverbashing wrote:
| Do you think if that was disproved that would be better
| somehow?
| therein wrote:
| If you look at the API, it is a slop app. The IDs were being
| uploaded to a public Firebase bucket. Chats are also public
| now. The full API keys are leaked because they were in the
| shipped app.
| Vvector wrote:
| None of that ever happened before AI. Right...
| bigfishrunning wrote:
| It had to learn from somewhere!
| jasonvorhe wrote:
| Unlikely considering it allegedly launched 2 years ago:
| https://www.distractify.com/p/what-is-the-tea-dating-app
| raverbashing wrote:
| I believe this argument, still not clear why it became viral
| recently
| ridiculous_leke wrote:
| You can get Apple Legal involved if your face is on the app and
| they should get the related posts removed.
| cherryteastain wrote:
| It's on a torrent. Good luck getting that removed.
| schroeding wrote:
| I think they mean the actual posts on tea itself, not the
| leaked ID photos.
| smnthermes wrote:
| You can report it to Google Play. The category is Restricted
| Content -> User Generated Content, and the app ID is
| "com.tea.tea". https://support.google.com/googleplay/android-
| developer/cont...
| gruez wrote:
| What's the actual violation though? If you click through the
| "User Generated Content" link, it shows that it's allowed, just
| that they have to moderate it.
|
| https://support.google.com/googleplay/android-developer/answ...
| ronsor wrote:
| The actual violation would be a privacy violation
| EcommerceFlow wrote:
| How is an app that allows users to post unverified and doxxing
| information about random men allowed on the IOS app store?
|
| Apple had no issue mass censoring Parlor and others, how is an
| app like this able to reach #1 under all?
| StanislavPetrov wrote:
| If big tech didn't have double standards they'd have no
| standards at all.
| bitpush wrote:
| There's only one guiding principle for Apple - and that's
| money. Dont let their privacy marketing ("Privacy is a human
| right") fool you otherwise.
| mikestew wrote:
| One could say that about any company (because "fiduciary
| duty", amirite?).
|
| "Don't let Toyota's 'reliable car at a reasonable price'
| marketing fool you, they're all about money." Yeah, but
| does that preclude them from selling me an actually
| reliable car at a reasonable price?
| baobabKoodaa wrote:
| Why don't you try uploading an app where men doxx &
| "review" women that they date on dating apps? See if Apple
| suddenly finds morals.
| drak0n1c wrote:
| Apple fired its Chief Diversity Officer when she said that
| white men with blue eyes can also count towards a diverse
| workforce. A purely non-monetary ideological capitulation.
|
| https://www.bet.com/article/pe65fc/apple-s-black-
| diversity-c...
| adastra22 wrote:
| What was wrong about what she said?
| drak0n1c wrote:
| I think it was a perfectly reasonable statement. But
| because it does not align with a recent radical
| redefinition of diversity, she was fired. Apple certainly
| wasn't at risk of losing money over keeping her in that
| role.
| cmxch wrote:
| Safety for favored people, doxxing for the disfavored.
|
| Truth.
| baobabKoodaa wrote:
| That's because the doxxing was only allowed against men, not
| actual humans.
| bigfishrunning wrote:
| Sounds like you're someone who isn't dating men to begin
| with, and therefore don't need such an app for your "safety"
| firstplacelast wrote:
| I date men and don't think going against TOS or laws is
| okay even in the name of 'safety'. This app doesn't bother
| me and frankly I think more apps like this should be
| allowed, but it is hypocritical to think this should be
| allowed to exist and many others not.
| koakuma-chan wrote:
| Firebase again lol
| progbits wrote:
| Letting frontend bootcamp devs think they can do backend was a
| mistake .
| throwacct wrote:
| Hahaha. Bet money they left everything accessible just by
| signing in into the app.
| batmaniam wrote:
| Isn't this basically Peeple except gender locked to women? Peeple
| failed because they couldn't eliminate bias and gossip against
| anyone. If someone was jealous of another, for example, that
| person could just write false slander and claim it was real with
| no evidence. That would have affected the victim for jobs, dates,
| etc. So it was laughed at by VCs and everyone online and it shut
| down.
|
| How is Tea even legal? Isn't this just a legal libel timebomb
| waiting to happen?
| webstrand wrote:
| Not only that, I think they're forfeit their Section 230
| protections since they're exercising editorial control by
| excluding males from the platform. So they'd be directly liable
| for any defamation they publish on their platform.
| mikeyouse wrote:
| That's not how 230 works - why do people keep parroting this
| misinformation?
|
| https://www.techdirt.com/2020/06/23/hello-youve-been-
| referre...
| webstrand wrote:
| Because it's really good misinformation, thanks for the
| link. I had no idea that it was effectively unconditional
| protection.
| magicalist wrote:
| > _I had no idea that it was effectively unconditional
| protection._
|
| Defamation is still not protected, it's just the person
| who posted it who is liable. Meanwhile the site's
| "editorial control" is protected by the first amendment,
| not section 230.
| JoshTriplett wrote:
| Huge credit for actually updating in response to
| evidence.
| schoen wrote:
| It continues to confuse me that the publisher/distributor
| distinction that section 230 was meant to _remove_ (created
| by prior Federal court decisions) gets so frequently
| interpreted as if section 230 had been intended to
| _establish_ it.
|
| To me this feels as if people widely thought that the
| Apollo Program was intended to prevent people from
| traveling to the moon, or Magna Carta was meant to prevent
| barons from limiting the king's power, or Impressionism was
| all about using technical artistic skills to depict scenes
| in a realistically detailed way.
| pridzone wrote:
| It would be in Apple and Google's best interest to pull these
| apps immediately. Multiple Supreme Court justices have
| indicated an interest in narrowing the breadth of section 230
| immunity. This app, structured entirely around effecting the
| reputation of private individuals, provides a relatively
| clean case to do so. It's not a stretch that the app could be
| considered a 'developer in part' of the content it hosts, and
| thus lose section 230 protection.
|
| A narrowing of section 230 would not be good for Apple or
| Google, though they wouldn't face any liability for the Tea
| apps conduct.
| carabiner wrote:
| It's exactly like Lulu which shutdown due to privacy issues.
|
| https://en.wikipedia.org/wiki/Lulu_(app)
| prisenco wrote:
| Every couple years someone tries this and it immediately
| turns into a cesspool because no matter the good intentions
| of the makers, it attracts the worst kind of person as active
| users.
|
| It gets shut down, everyone forgets, then someone eventually
| has a brilliant idea...
|
| It come from a place of sincerity but defenders imagine
| everyone would use it for the same reasons they would:
| Warning people of genuine threats in the dating world. They
| would never use it for gossip, or revenge, or creative
| writing, etc. so they don't imagine others would.
|
| But at scale, if generously only 0.1% of women in America are
| bad actors that would weaponize this app, that's over 150k
| people (not to mention men slipping past security). And the
| thing about bad actors is that one bad actor can have an
| outsized effect.
| carabiner wrote:
| There needs to be a startup accelerator or VC that solely
| focuses on recycled ideas. We could have an app that
| gathers strangers for dinners, one for reviewing people,
| and so on. Since all of these gained traction at some
| point, the idea would be you get 1-2 quick puffs of these
| discarded cigarette butts before selling or shutting down.
| Just vibe code it, go viral, collect some subscriber fees,
| then close due to whatever reason.
| burnt-resistor wrote:
| TechStars already exists.
| junto wrote:
| These kinds of apps are already in existence across many
| cities in the world in the form of informal, invite-only
| WhatsApp and Telegram groups.
|
| The problem is the demand is there for such groups and I
| see posts that range from, "this guy tried to get me to get
| in his car", or "man exposed himself to me", to "man has
| twice approached children at my child's school" or "I was
| drugged and raped after meeting with X on Y dating app".
|
| Lots of sexual attackers are known to multiple women.
|
| Fact is that in lots of countries rape kits don't get
| processed, it's hard to secure a conviction, many serial
| sex offenders walk free and many women don't want to go
| through a reliving of their trauma in court.
|
| As a result these kinds of groups are very useful, not just
| for women who are actively dating, but for women who are
| simply existing in day-to-day public life. We have a
| president and a supreme court judge who both have been
| accused of serious sex offenses and nothing happened.
|
| Is there a chance that some man who has done nothing wrong,
| gets accused by a woman in these groups? Yes of course
| there is a chance that could happen, but many would prefer
| to not take the risk of dating someone that has been
| accused of being a sex offender and the vast majority of
| posts with confirmation by multiple women confirm that
| bias.
|
| These groups help keep women safer than without them.
| There's a good reason why many women just don't date at all
| any more. Covid lockdowns reminded them that they don't
| really need it and it's more hassle than it's worth.
|
| Sadly the vast majority of men are fine (not all men), but
| not enough call out the bad and dangerous behavior of a
| minority of their friends and peers. Until that happens
| women will be drawn to these apps and groups to try to be
| safer and not be a part of a sex crime statistic.
| prisenco wrote:
| "invite-only" is key because it requires a trust
| relationship, if not directly then through minimal
| degrees of separation. While not perfect they can
| basically work while apps for the general population
| cannot because there is no trust between the users.
| junto wrote:
| Indeed. This trust is a critical point. The invitation
| mechanism is a web of trust. Not infallible but better
| than these apps that try to centralize that through
| identification.
| duxup wrote:
| This also seems like an app ripe for actual creep / abusers to
| follow / manipulate.
|
| The claim that it provides safety really is just that, an empty
| claim.
| dabockster wrote:
| The fact that it verifies by ID scan is also not safe at all
| for a million different reasons.
|
| A better way would have been to charge a small subscription
| fee - like $2/month or something. The fee filters out 99% of
| the trolls out there (who wants to pay to troll) and also
| gives the app/website admins access to billing info - name,
| mailing address, phone number, etc - without the need for a
| full ID scan. So the tiny amount of trolls that do pay to
| troll would have to enter accurate deanonymizing payment
| information to even get on the system in the first place.
|
| And it can be made so only admins know peoples' true
| identities. For the user facing parts, pseudonyms and
| usernames are still very possible - again so long as everyone
| understands up front that such a platform would ultimately
| not be anonymous on the back end.
|
| But oh no, that won't hypergrow the company and dominate the
| internet! Think of all the people in India and China you're
| missing out on! /sarcasm
| fragmede wrote:
| Men will go to great lengths to try and have sex. $2/month
| just gets you less broke creepers.
| whatsupdog wrote:
| Imagine flipping the genders and writing this comment in
| another context: "Women will go to great lengths to try
| and manipulate men. $2/month just gets you less crazy
| bitches", and imagine the outcry and downvotes. However
| it's totally normal and acceptable to bunch all men into
| a singular group and demean 50% of the population.
| blks wrote:
| Because we live in patriarchal culture and men do
| sexually attack women on much greater scale than the
| other way around. You don't have to be even necessarily
| evil for that, honestly just some normalised behaviour in
| some men can be enough to become a creepy person for
| women.
| PaulHoule wrote:
| Men seem to attack women more often that the other way
| around but both directions are signifcant
|
| https://www.cdc.gov/intimate-partner-
| violence/about/index.ht...
|
| Notably:
|
| --- About 41% of women and 26% of men experienced contact
| sexual violence, physical violence, or stalking by an
| intimate partner during their lifetime and reported a
| related impact.
|
| --- Over 61 million women and 53 million men have
| experienced psychological aggression by an intimate
| partner in their lifetime.
| pyth0 wrote:
| > sexual violence, physical violence, or stalking
|
| > psychological aggression
|
| Not at all downplaying the seriousness of emotional and
| psychological abuse, but these are very different things.
| Which is the main reason that the concept of this app
| doesn't bother me much. The immediate physical safety
| risks of dating as a woman are significantly greater than
| for men.
| PaulHoule wrote:
| Sure, but it's about a factor of two -- the difference
| between the sun at noon and 5pm, not the difference
| between night and day.
|
| Broken bones heal, but psychological wounds can last a
| lifetime -- and cut that lifetime short either through
| self-harm or the impact on chronic diseases. Sexual
| assault is so problematic because it has a very long term
| psychological impact on people.
| Levitz wrote:
| But you are just explaining why you are bigoted, bigotry
| which, in turn, you imply explains why you don't think
| it's wrong to be sexist. Sexist enough to disregard the
| importance of publicly sharing people's information.
|
| Do you not see how this is deeply wrong?
| handedness wrote:
| Would you pursue that line of justification if the issue
| were ethnicity, nationality, sexual orientation, and/or
| gender expression? I'm not saying you should or
| shouldn't, and there are sound arguments for and against
| equating those things, but it seems like it merits
| consideration before one comments, not after.
| perks_12 wrote:
| I don't think you will find too many men being angry at
| your example comment just like no women will be pissed
| about what OP said about men. Don't be fragile.
| strken wrote:
| Your example isn't properly gender flipped. That would be
| "Women will go to great lengths to take revenge on their
| exes. $2/month just gets you less broke crazies."
|
| While the above statement would benefit from adding the
| word "Some" to the start, I'm not sure it would generate
| much outcry.
| nailer wrote:
| > $2/month just gets you less broke crazies.
|
| Women aren't evaluated on their income like men are, they
| are evaluated on their looks. An equivalent app would be
| something that lets men share if women are less
| attractive than their pictures.
| konart wrote:
| >A better way would have been to charge a small
| subscription fee - like $2/month or something.
|
| That's Pure. And they have more than 5$ I believe.
| dylan604 wrote:
| you act like it's impossible to get payment credentials
| that have nothing to do with the user
| atomicnumber3 wrote:
| no, but it is _tremendously_ more difficult than email or
| even ID scans (unless you're doing actual verification,
| which is both more expensive and complicated than just
| charging a nominal fee or even just attaching a Card
| object to a stripe customer). Just getting to stand on
| top of an extremely robust existing system (payments)
| gets you so much adjacent help in keeping bad actors out,
| or at least getting it down to a human-team manageable
| level. It can be the difference between a viable business
| and not.
| WarOnPrivacy wrote:
| > you act like it's impossible to get payment credentials
| that have nothing to do with the user
|
| This is incorrect. The parent acts like it isn't trivial
| to obtain payment methods that aren't linked to the
| payer. It seems like a reasonable possibility.
| dylan604 wrote:
| > It seems like a reasonable possibility.
|
| For whom? For people willing to be an asshole on the
| internet? For people willing to stalk other people
| online? This sounds exactly like the group of people that
| would look for ways of paying for something in ways not
| linked to them, even if that means "borrowing" someone
| else's identity
| FiniteIntegral wrote:
| I think you underestimate the willingness of people to pay
| to troll, it may filter out people but an app that was (in
| theory) meant to be secure shouldn't think of a problem as
| filtering rather than securing. Admins knowing peoples'
| identities simply moves the weakest link in the chain to
| the admins. I think an app like this was doomed from the
| start and 4chan simply pulled the plug on an already
| leaking bathtub.
| msgodel wrote:
| I've thought about buying throwaway phone numbers just to
| troll linkedin. I'd be surprised if people weren't
| finding ways to get accounts on apps like this for
| trolling.
|
| The only reason I haven't is because it feels like
| LinkedIn may have already jumped the shark and I wouldn't
| really get the value for my money.
| rKarpinski wrote:
| Whats wrong with verifying the ID?
|
| The issue is they decided to roll their own extremely
| questionable service and insecurely store sensitive images
| in a public bucket
|
| Multiple SAAS vendors provide ID verification for ~$2/each.
| They should have eaten that fee when it was small and then
| found a way pass it onto the users later
| PaulHoule wrote:
| Many people will do anything they can to hurt their ex after
| a breakup.
| danesparza wrote:
| >> How is Tea even legal? Isn't this just a legal libel
| timebomb waiting to happen?
|
| By this logic: I suppose glassdoor, yelp, or Google reviews
| aren't legal either?
|
| What about identity verification as part of any employment
| offer?
| AndroTux wrote:
| The difference is, on these platforms you're rating legal
| entities. On Tea, you're rating, or rather sharing personal
| information about, an individual. Where I come from, sharing
| personal data of someone without their consent is not
| allowed.
| voxic11 wrote:
| I think its a mostly US based app, in the US sharing your
| opinion about other people is protected speech.
| const_cast wrote:
| Sharing your opinion is protected speech, by lying is not
| always protected speech, particularly if done with the
| intent to financially hurt someone.
| gitremote wrote:
| Do you think a women's dating safety app is mainly about
| women lying and intending to hurt men, because it's rare
| for men to stalk or sexually assault women?
| prisenco wrote:
| I do. Not as an indictment of women but an indictment of
| social apps. Apps like this are way too hard to moderate,
| manage and verify. They quickly get swarmed by bad actors
| and misused. Again, not because women don't have genuine
| safety concerns in the dating world but because apps are
| not a viable way to manage those concerns.
|
| Some social problems just don't have technological
| solutions.
| gitremote wrote:
| Like online reviews, if 10 women reported that the same
| man was violent, would you see it as 10 data points or 0
| data points that say nothing?
| prisenco wrote:
| You know the answer to that is zero. There is no viable
| system a company, let alone a small unfunded startup,
| could use to verify the identity of the reporters let
| alone guarantee the trustworthiness of the account.
|
| Those ten reports could be made by one person. That one
| person might not even know the person they're accusing.
| That one person might be a man. That one person might be
| a bot.
|
| You'd have to ignore the last three decades of online
| identity, trolling and social media pitfalls to not
| recognize that.
|
| And please don't compare reviewing a can opener on Amazon
| to accusing someone anonymously of a heinous crime on an
| app built by one person.
|
| But I'm not sure I'm going to convince you with words so
| I'll suggest this:
|
| _Go and build this app_.
|
| Build it, see what happens. Nobody else has been able to
| crack this but maybe you can.
| bawolff wrote:
| That's not really relavent to whether someone is going to
| get sued for defamation.
|
| It might be relavent to who wins the lawsuit, but
| sometimes the mere existence of a lawsuit is pretty
| painful.
| gitremote wrote:
| Sure, and what was proposed was suing the women for
| warning others about an allegedly dangerous man, not
| suing the man.
| Levitz wrote:
| >for warning others about an allegedly dangerous man
|
| I mean if witches didn't do anything surely they wouldn't
| be hunted down.
| GoatInGrey wrote:
| We grant a tremendous amount of leeway and power to
| accusations made by women against men in society today.
| There are always honest people using things for their
| intended purpose. Though they are also dishonest people
| using things for their own ulterior motives.
|
| A well-designed system will maximize utility for the
| former, and minimize utility for the latter. An app where
| women can leave what are practically anonymous reviews
| for men is not such a system.
| xhkkffbf wrote:
| I'm sorry and I'll be voted down for this, but I do think
| that it will attract plenty of fibbing and deliberate or
| not-so-deliberate stretching of the truth. Anyone who is
| rejected tends to be a bit angry about it. In this case,
| women who are ghosted can say whatever they want.
|
| This isn't all of the people, but in my experience in
| life it's more than enough to make this app impossible to
| filter.
| qcnguy wrote:
| A few days ago a video leaked of a woman riding in a
| Mexican taxi, who was demanding the driver went faster.
| He refused because it'd be dangerous, and she immediately
| started threatening to report him as a harasser to the
| police. She even said he had to speed up or else the
| police would be waiting for him when they got there. She
| didn't realize her whole conversation was recorded on
| camera.
|
| A lot of men have had experiences like this one. Either
| directly or they know someone it happened to. Yeah
| #NotAllWomen but way too many will exploit the feminist
| #BelieveAllWomen culture to gain even trivial benefits.
| An app devoted to letting women anonymous gossip and
| engage in reputation warfare without fear of consequence,
| or even fear that the man might reply in self defense, is
| going to get flooded with women like the taxi passenger.
| 9dev wrote:
| "A lot of men" is doing a lot of heavy lifting here.
|
| Go read some statistics on the number of women harassed,
| abused, raped, and _killed_ every day-- _every single
| day_ --because they are women.
|
| Go ask your mother, your sister, your wife, your female
| best friend, when they had their last abusive encounter.
|
| Go ask your friends of both genders what the worst things
| are that could happen to them when walking home at night,
| and compare the responses.
|
| Go read some historic accounts of how women were treated
| for... pretty much all of history.
|
| Go look up news articles of what can happen to women when
| riding a taxi. Spoiler: it's not just a threat.
|
| Yes, there are some abusive women out there. Yes, it's
| fucked up when that happens to you. But trying to
| insinuate the levels of violence against men would be
| even remotely comparable is just plain awful.
| firefax wrote:
| Devil's advocate, but how is saying someone is an
| unreliable romantic partner going to financially hurt
| someone? Maybe the reason I haven't had success in the
| policy arena is because I've been too kind, given recent
| events :-)
| hyperliner wrote:
| Not if it's libel or slander, both which are generically
| defamation.
| gitremote wrote:
| It's not defamation if it's true. Why do you think women
| warning other women about rapey and stalker men are
| mostly lies? Even if it's only 5% of men, wouldn't the
| discussion focus on that dangerous 5% over persecuting
| the innocent 95%, as a matter of self-preservation?
| GoatInGrey wrote:
| An irony in this conversation is how normalized it is for
| women to be concerned about men as a demographic when
| it's only a small minority that inflict harm. While it's
| controversial for men to be concerned about women as a
| demographic when it's only a small minority that inflict
| harm.
|
| I still maintain my pet theory that this is a downstream
| effect of the normalization of paranoia around pedophiles
| that began hitting the mainstream in the '80s. The modern
| world is exceptionally safe, yet to the average person,
| it _feels_ exceptionally dangerous.
|
| ...While I 've got the hood up, I'll continue soapboxing.
|
| I've started seeing rare instances such as a young woman
| walking around a corner and there is a man rounding the
| same corner, surprising her by mistake, and the woman
| starts crying or breathing in a panicked way, unable to
| regulate herself for several minutes. It's not always
| walking around the corner at the same time, but there's a
| common pattern of being surprised by a man just going
| about his day and experiencing a severe fear response to
| that interaction.
|
| When I look at a lot of cultural related issues today,
| beyond just gender, I see many signs of pervasive
| psychological issues. I don't know what the solution is,
| but I'm very confident that the root cause is more
| complicated than something you can describe in a single
| sentence.
| gitremote wrote:
| > An irony in this conversation is how normalized it is
| for women to be concerned about men as a demographic when
| it's only a small minority that inflict harm.
|
| The same hypothetical 5% can inflict harm to multiple
| women, that's why multiple women and girls complained
| about Epstein and Trump.
| bcrosby95 wrote:
| Maybe it's different now, I have no clue, but I'm in my
| 40's now and don't make a habit of hanging out with 20
| year olds.
|
| But I was friends with my wife's friends before we got
| married, and in a sample size of ~20 women my age, every
| single one of them has experienced inappropriate and
| unwanted touching in social settings. And a large number
| of them were victims of outright rape.
|
| In comparison, I have many male friends and of them, I
| only know one who has been wrongly accused of sexual
| assault (the lady openly talked about doing it to help
| with a promotion...)
|
| So even if both sides may have a few bad apples, one side
| is a much more prevalent problem when it comes to the
| number of victims.
| perihelions wrote:
| But sharing *facts* about other people is potentially
| defamatory speech (in the American context). There's a
| not-at-all small nuance here: when you make concrete
| allegations about your personal experiences, you're _not_
| sharing an opinion--not sharing your subjective reaction
| to publicly-known information--rather you 're introducing
| novel facts, provable objective facts, into the
| discussion--your version of those facts. And that comes
| with genuine legal risks.
|
| A remarkable fact that's stayed with me: Ken White
| (@popehat) once said that in his defamation law practice,
| his largest category of consultations was with clients
| who'd said negative things about a past romantic partner,
| who then threatened to sue. I believe his point was those
| negative things were true most of the time, but difficult
| to prove, or defend.
| dragonwriter wrote:
| > But sharing _facts_ about other people is potentially
| defamatory speech
|
| Yes, and? The service is protected in the US by Section
| 230, and Tea doesn't operate anywhere else currently.
| Individual users who use it defame are, in principal,
| subject to defamation liability, but in the US (and,
| again, that's the only jurisdiction currently relevant),
| the burden to proving that the description was both false
| _and at least negligently made_ (as well as the other
| elements of the tort) falls on the plaintiff (it is often
| said that "truth is an absolute defense", but that's
| misleading--falsity and fault are both elements of the
| prima facie case the plaintiff must establish.)
|
| Sure, in a jurisdiction with strict liability for libel
| and where truth is actually a defense, and/or where the
| platform itself, being a deep pockets target, was
| exposed, Tea would be a more precarious business. But
| that's not where it operates.
| perihelions wrote:
| That's all true. I wasn't clear on the context of this
| thread, whether we were talking about the users or the
| platform.
| blks wrote:
| Is making a post on eg Instagram after breaking up with
| your ex and telling that she/he e.g. abused you, illegal
| too?
| reliabilityguy wrote:
| Heard of Amber Heard?;)
|
| I mean, I think it depends what you claim in this post.
| firefax wrote:
| I thought, as a practical matter, it's on the person
| alleging slander or libel to prove falsehood?
|
| I think sometimes folks don't properly threat model what
| can be done if someone chooses to think about what the
| consequences for breaking a rule are and letting that
| guide their actions, rather than striving to avoid
| breaking them out of some kind of moral principle.
| anonym29 wrote:
| Hypothetically, if I said "firefax murdered an underage
| prostitute and then sexually violated the underage
| prostitute's corpse in 2018 and was never caught, I
| witnessed it happen and tried to report it but the police
| refused to even open an investigation, firefax is a
| dangerous predator and should not be trusted", and you
| lost your job because of that, should you be the one with
| the burden to prove that never happened?
| mjbroe02 wrote:
| That doesn't apply when you publish information for broad
| consumption. Then it becomes libel. People need to
| realize that posting on a site where you can reasonably
| expect that your words may be consumed by the masses
| makes you a publisher. That comes with responsibilities
| and is not protected the same way as an individual's
| personal speech.
| DocTomoe wrote:
| So all I need to do to mark another guy (who might be,
| for example, competing for a job I want, or a certain
| woman's attention) as a rapist on a platform that's used
| by people in the location this guy lives in in the US is
| a (fake) female driver's license, a photo of the guy in
| question, and a name?
|
| coolcoolcool. I'm sure that _never_ _ever_ gets abused
| horrifically.
| gitremote wrote:
| What was leaked was women's personal data, like driver's
| licenses. What they shared with each other was their
| experiences with men who sexually assaulted them or stalked
| them and their names, not the men's personal data.
|
| Men's driver licenses were not distributed online. Only
| women's driver licenses were distributed online.
| quietbritishjim wrote:
| I'm not familiar with this app, but surely those
| accusations of sexual assault are only useful to other
| users of the men are sufficiently well identified?
| gitremote wrote:
| Name and photo.
| 9dev wrote:
| So... Personal data?
| dragonwriter wrote:
| > Where I come from, sharing personal data of someone
| without their consent is not allowed.
|
| Where you come from, people arent allowed to share their
| own experiences interacting with third parties without the
| third parties consent?
|
| Sounds pretty oppressive, but there are absolutely many
| jurisdictions where that is not the case.
| ioasuncvinvaer wrote:
| They post images of the men in question without consent.
| dragonwriter wrote:
| Unless they are intimate images (in which case revenge
| porn laws are likely to apply), copyrightable images for
| which someone other than the poster is the creator posted
| without the copyright holder's permission (in which case
| copyright applies), or being used for commercial
| promotion or to suggest endorsement (in which case,
| depending on which states law applies, state law right of
| personality/publicity, especially if the subject is a
| celebrity, might apply), that's generally legal in the
| US.
| ohdeargodno wrote:
| > that's generally legal in the US.
|
| Cool, I'm sure Tea is only available to report things
| about United States citiz... nevermind.
|
| It runs afoul of about a dozen european rights to
| privacy, imagery and consent laws. And that's just by
| posting pictures ! Libel and slander are a bunch of
| others, right to a response is also another... the list
| is long. It is, once again, yet another dudebro trying to
| skirt legality.
| dragonwriter wrote:
| > It runs afoul of about a dozen european rights to
| privacy, imagery and consent laws
|
| The EU is welcome to try to enforce its local laws on the
| US operations of a US business open only to US users, but
| I don't think its going to have much success.
| ioasuncvinvaer wrote:
| Thank god the US is the only country in the world.
| dragonwriter wrote:
| > Thank god the US is the only country in the world.
|
| Its the only country in the world where Tea operates or
| is open to users, what other country's laws do you think
| apply to it?
| PaulHoule wrote:
| Also on those platforms you can see if people are trash
| talking you even if you don't have a procedure to face your
| accuser.
|
| Even the open platforms creep me out. I don't like seeing
| unverified accounts of crime in Nextdoor, I think if you
| see some crime you go to the police. I had a series of in
| person interactions with a woman which seemed creepy in
| retrospect, her Nextdoor was full of creepy stuff including
| screenshots of creepy online interactions. At least this
| gives everyone clear evidence they should keep away.
| fkyoureadthedoc wrote:
| > By this logic: I suppose glassdoor, yelp, or Google reviews
| aren't legal either?
|
| Imagining a future where I have to pay Tea to promote and
| astroturf my profile or they lower my rating, and pay bot
| farms to post glowing reviews
| fragmede wrote:
| In this future that you want me to imagine, do you imagine,
| that I'm imagining that I am poor or I am rich? Because oh
| man, I didn't have much luck at the lottery or at blackjack
| or craps or startups or crypto, but I'm sure, this time, AI
| is gonna help me strike it rich!
| Beijinger wrote:
| I have not used the app nor read much about it but this guys
| talk about it: https://youtu.be/WjfpryoQ0Mk
|
| Yes, as far as I understand, you upload pictures of men,
| either taken in the wild or from dating sites (Tinder)
| against their will. I am pretty sure that this would be
| illegal in some jurisdictions. Especially EU.
| ajuc wrote:
| Companies aren't people (despite lots of people pretending
| they are).
| arrowsmith wrote:
| > Peeple failed because they couldn't eliminate bias and gossip
| against anyone
|
| Without bias and gossip, who would even want to use the app?
| exiguus wrote:
| A gray area in my eyes. As a father, I think it's good that my
| daughter uses the app. You only need to look at the statistics
| to see how many women are killed by their male partners every
| year.
| thefourthchime wrote:
| It's harmful to spread this kind of fear. Statistically it's
| less than 0.05% of women die because they are killed by their
| partner. This puts a stigma on men in general as some sort of
| dangerous savages.
| guywithahat wrote:
| It's also leads to racism when people break down
| relationship violence by race. It's a dumb argument that
| helps no one
| cauch wrote:
| I think the problem is not the statement, but the
| conclusion.
|
| Do we have more physical violence from men towards women
| than the opposite? I think I saw that the reality is yes.
| Does it mean that men are biologically coded to be
| violent, or is it a question of education and culture?
|
| If you conclude the second one, it is not "sexist" (on
| the contrary, it may even be that the culture that
| creates the problem is itself rooted in sexism and that
| acknowledging some reality about its existence may help
| changing this culture), and does not imply prejudice
| against men, just acknowledging that we need to be
| careful in case of bad apples.
|
| It still means that talking about this requires to be
| very careful.
|
| To react on your example, I think it is a good think to
| notice if some population have a bigger problem at this
| subject than others, and we can then identify more easily
| the places where this problem forms and target these
| places. But people who concludes "look at violence
| divided by race, so I can generalise and be prejudicial
| to everyone in some race and not other" are idiots.
| hdgvhicv wrote:
| Men are more likely to be victims of violent crimes than
| women
| exiguus wrote:
| The context was a dating app. And yes, men are also
| victims by men.
| standardUser wrote:
| Yes, primarily by other men as we all know.
| belorn wrote:
| The statistics is a bit more complex and nuanced than
| giving straight answers. Studies looking at any form of
| violence in partner relationships shows both women and
| men having equal amount. When looking at physical
| violence, especially those that lead to people being
| charged with a crime, men are over-represented in
| heterosexual relationships.
|
| However, homosexual relationships has equal rate of
| partner violence as heterosexual ones. A bisexual woman
| that has a relationship with an other woman will double
| her rate of physical violence compare to relationship
| with a man (statically). A man who has a relationship
| with an other man will half his rate of violence. This
| makes no sense at all (unless we believe that sexual
| orientation is an factor for violent behavior), unless we
| add a additional factor of sexual dimorphism. Men are on
| average larger and more muscular, and there seems to be a
| correlation between being the larger/stronger and using
| physical strength/fists during a fight. The smaller
| person is in return more likely to use tools or other
| means of violence. Statistically, fist also has a higher
| probability to do damage than improvised weapons, since
| people are more proficient in using their fists.
|
| Does it mean men are biologically coded to be violent?
| No. Is it a question about education and culture. Maybe
| in some countries/cultures, and it wouldn't hurt to use
| the education system to teach people conflict resolution.
| Getting people who are physically larger to not exploit
| that fact during a heated fight is likely a hard problem
| to solve on a population level.
| exiguus wrote:
| The risk of females being murdered by an intimate partner
| is five times higher than for males. And murder is just
| the very end of the spectrum. And by definition, calling
| out men, is not racism.
| Rebelgecko wrote:
| Are there other groups that are 5x more likely to commit
| murder? Even if there are, IMO we shouldn't judge every
| member of that group for the actions of a small minority
| exiguus wrote:
| Are we still talking about a App that helps with dating?
| standardUser wrote:
| Your inability to distinguish between race relations in
| America (and the extremely specific history that caused
| it) and the all-but-universal imbalance in violence
| between genders, makes your race-baiting comment a little
| too transparent.
| standardUser wrote:
| Race is America is extremely idiosyncratic. Gender
| relations exhibit a far more consistent dynamic cross-
| culturally.
| octopoc wrote:
| Calling it "extremely idiosyncratic" is not indicative of
| reality:
|
| > Black people are the most likely to experience domestic
| violence--either male-to-female or female-to-male--
| followed by Hispanic people and White people.2 Centers
| for Disease Control and Prevention. The national intimate
| partner and sexual violence survey: 2010-2012 state
| report.
|
| > Asian people are the least likely to experience
| intimate partner violence.[1]
|
| [1] https://www.verywellmind.com/domestic-violence-
| varies-by-eth...
| standardUser wrote:
| You misunderstood my comment and instead gave examples
| that further support the idea that race relations in
| America are unique and particular to our history and
| geography. That's why race statistics in the US are not
| well-suited for cross-cultural comparison, let alone for
| drawing gargantuan conclusions about inherent racial
| traits (as racists are often looking to do).
| spinach wrote:
| Statistically that is a rather small number. But if we take
| the number of women in say, America, a web search says
| 334.9 million. 0.05% of that is 167,450. That is quite a
| lot of women being killed by their partner.
| kgwgk wrote:
| > the number of women in say, America, a web search says
| 334.9 million
|
| Doesn't look correct.
| ehutch79 wrote:
| That looks like the general population of the US, and is
| out of date, it's 340m+
| pbhjpbhj wrote:
| USA population is c.350M total, so they're probably off
| by half.
|
| https://www.worldometers.info/demographics/us-
| demographics/
| edmundsauto wrote:
| 5k women are murdered in America each year, fwiw.
|
| 18k men are murdered. But women are murdered by their
| partners at a higher rate.
| deathanatos wrote:
| According to the UNODC[1], in 2023, the rate of _all_
| murders of women in the US was 0.00205%. (2.05 per
| 100,000) Partner violence appears to account for ~34% of
| violence against women[2] (but vs. 6% for men), so that
| would be 0.697 per 100k or ~0.0007%, or ~1190 women /yr
| in the US[3]. Assuming I've done the math right... the
| risk is more than two orders of magnitude smaller than
| what you came up with.
|
| > _Partner violence appears to account for ~34% of
| violence against women[2] (but vs. 6% for men)_
|
| And this is sort of the point of the comment higher up:
| when you cut the stat this way, it seems like men are
| wildly dangerous creeps. But it is a statistic comparing
| one _group_ to another _group_. We need to instead look
| at the absolute rate of partner violence to decide if men
| are on the whole violent murders or so, and there, the
| overall risk is low.
|
| [1]: https://dataunodc.un.org/dp-intentional-homicide-
| victims
|
| [2]: https://bjs.ojp.gov/female-murder-victims-and-
| victim-offende...
|
| [3]: (I've assumed a round population of 340M for the US,
| with 50/50 gender, just an approximation.)
| adolph wrote:
| > when you cut the stat this way, it seems like men are
| wildly dangerous creeps.
|
| Not exactly. The statistics didn't specify the gender
| identity of the perpetuator, just the relationship to the
| victim and the gender identity of the victim.
| exiguus wrote:
| I don't know were you have this numbers from, but in 2021
| 34% of women were killed by partner and 76% of women where
| killed by a known person (family, friends, colleges,
| partner) [1].
|
| Edit: 100% are murder victims
|
| https://bjs.ojp.gov/female-murder-victims-and-victim-
| offende...
| qualeed wrote:
| Your stats are for murder victims. I assume that the
| parent poster was talking about all causes of death.
|
| I have no idea if their number is correct for that
| either.
| exiguus wrote:
| Could be. But I'm not. And the context is App for dating.
| qualeed wrote:
| > _But I 'm not._
|
| But... you're trying to correct their statistics?
|
| I agree with you that in the context, your stats maybe
| make more sense. But if you're going to correct someone,
| you generally should recognize what they were trying to
| communicate in the first place.
| exiguus wrote:
| I don't want to imply that someone tried to find the
| smallest possible number in order to deliberately
| misunderstand my comment, but we are still in the context
| of the dating app.
| K0balt wrote:
| I think poster is looking at mortality risk, not
| mortality cause.
| edmundsauto wrote:
| That's out of women who were murdered or killed in
| manslaughter cases. OP was talking about base rates.
| 5000/170000000 is about 0.03%.
| GoatInGrey wrote:
| Your wording here is clumsy. You're saying that 34% of
| the adult female population was murdered by their
| partner. I'm assuming you meant female murder victims and
| not women in general?
| exiguus wrote:
| To clarify, its about murdered victims. I thought this
| was clear. I thought we are still talking about
| partnership and dating.
| HPsquared wrote:
| It's better to think in terms of overall life damage and
| "quality of life years lost". I think it's very debatable
| which side loses more from getting involved in
| relationships.
| standardUser wrote:
| As a man, I find it absurd and even dangerous to _not_
| attach some stigma to men. That you feel the need to invoke
| "dangerous savages" is maybe your own prerogative, but by
| _any_ sober and fact-based analysis it is indisputable that
| women are justified in acting cautiously when dealing with
| strange men.
| adolph wrote:
| > Statistically it's less than 0.05% of women die because
| they are killed by their partner.
|
| 2020 USA Per Capita Count of Mortality Event:
| Assault(Homicide), Female: 0.00139%
|
| https://datacommons.org/tools/visualization#visType%3Dtimel
| i...
| jabjq wrote:
| I wonder how well-received this comment would be if it
| mentioned crime statistics regarding something else than
| gender.
| saparaloot wrote:
| You still think so?
| jameslk wrote:
| I keep seeing the defense for Tea as an app for women's
| safety, which is of course a valid concern. Wouldn't it make
| more sense for a service to exist, like some kind of
| enforcement service provided by the government, where others
| can report safety concerns and that service goes and does
| something about it legally?
|
| If such a service exists and isn't being too effective,
| shouldn't that be worked on?
|
| My guess is that there's more to the reasons for why Tea is
| popular but the safety argument is largely being used to
| defend it
| ronsor wrote:
| > Wouldn't it make more sense for a service to exist, like
| some kind of enforcement service provided by the
| government, where others can report safety concerns and
| that service goes and does something about it legally?
|
| I think this is called "the police"
| blks wrote:
| Online men-dominated forums often dislike and feel personally
| attacked by people talking about sexual abuse/harassment done
| by other men. I guess they immediately imagine themselves
| being falsely accused of such acts, rather than being a woman
| that is attacked.
| xhkkffbf wrote:
| I believe that at least one person has gotten a posting removed
| about himself by complaining directly to Apple. He presumed
| that Tea wouldn't care.
|
| https://x.com/JacobJohnson494/status/1948222924235624870
| viccis wrote:
| Whew, one look at his account and I can imagine what women
| who've been on dates with him would be saying haha
| singleshot_ wrote:
| "False slander" is not a thing.
|
| The answer to your last two questions is found within section
| 230 of the Communications Decency Act.
| pdabbadabba wrote:
| > "False slander" is not a thing.
|
| It's only not a thing because, in the U.S., it's redundant.
| In other jurisdictions, it _might_ be a thing, because there
| are places where a claim can be both defamatory and true.
| singleshot_ wrote:
| > in the U.S.
|
| I know.
|
| > In other jurisdictions,
|
| I know (but I couldn't care less.
| givemeethekeys wrote:
| There are large Facebook groups dedicated to "Are we dating the
| same guy?" / "Are we dating the same woman?" that predate this
| app.
| tptacek wrote:
| Defamation (libel and slander) consists of false statements (or
| _direct_ implications) of fact. Actionable defamation consists
| either of those false claims that cause quantifiable damages,
| or that claim things that are _per se_ considered damaging ---
| a specific and limited list.
|
| "This guy is a creeper and treats romantic partners terribly"
| is pure opinion, and cannot be defamatory. The (rare) kinds of
| opinion statements that can be defamatory generally take the
| form of "I believe (subjective thing) about this person because
| I observed (objective thing)", where "(objective thing)" is
| itself false. "The vibe I get about this person is that they
| hunt humans for sport" does not take that form and is almost
| certainly not defamatory.
|
| Under US law, providers are generally not liable for defamatory
| content generated by users unless you can show they materially
| encouraged that content in its specifics, which is a high bar
| app providers are unlikely to clear.
| akerl_ wrote:
| A general plug that if you read this comment and thought
| "damn, 1st amendment law sounds complex and interesting", you
| may want to check out https://www.serioustrouble.show/ , a
| podcast about legal news with a recurring focus on 1st
| amendment law and cases
| jjangkke wrote:
| Some observations:
|
| - The fact that this app exists solidifies the data that a small
| group of men/women do most of the dating on tinder etc while the
| vast majority land dates far less if none at all.
|
| - This creates distorted market supply and demand where those
| small group of men/women become sought after and its only human
| nature in that they value their supply less than the rest.
|
| - Toxic behavior is expected from that small group of highly
| attractive people that do all the dating.
|
| - It was only a matter of time before such app would run into
| legal issues or attract angry individuals. Now the damage to the
| leaked identities will be prolonged. With the AI tech today, the
| extent to which a damage can be doned with the information from
| the leaks is unknown.
|
| - As for the company behind Tea, they are done. They face a
| monumental class action lawsuit as well as ongoing individual
| civil/criminal cases that will arise from the leaked identities,
| in particular the photo of driver licenses as well as selfies,
| usernames, emails drastically increase the surface area for
| damages.
|
| - The users of this site and those that have directly posted
| images, details have opened themselves up to significant
| liability from not only the men they have targeted but from law
| enforcement.
|
| - We'll see some new laws being formed from this case. Once
| again, we see the hidden dangers of blindly trusting large
| popular platforms with sensitive data but the twist with Tea here
| is the defamation activity that opens up its users to both civil
| and criminal liability.
| pavel_lishin wrote:
| > _The fact that this app exists solidifies that a small group
| of men /women do most of the dating on the quick fleeting
| connections on tinder etc while the vast majority on a few if
| not none at all._
|
| I don't follow.
|
| > _This creates distorted market supply and demand where those
| small group of men /women become sought after_
|
| Isn't that true in the real world as well? I'm not exactly a
| hunk; people weren't tripping over themselves to ask me out,
| whereas some of my friends and acquaintances did have to
| figuratively beat people off with a stick.
| arrowsmith wrote:
| It's true in the real world, but dating apps make it much
| more exaggerated.
| firefax wrote:
| >Isn't that true in the real world as well?
|
| I suspect the folks complaining about "markets" in online
| dating are not the kind of people who can connect offline.
|
| To be fair, I think online dating _has_ gotten worse -- sites
| like OkCupid used to match you based on shared affinity...
| the issue there is you could be a very high match on shared
| values but not someone 's "type" visually -- imagine being
| shown the girl of your dreams only to find out the feeling is
| not mutual :-)
|
| Conversely, I feel like people sometimes forget that they
| opted into these interactions, it's not like someone strolled
| up in a bar and began talking at them.
|
| Anyways... if you're frustrated with apps, I'd suggest doing
| just that. Talk to people.
|
| I met my last girlfriend at a bus stop. Before that, on a
| porch -- I was walking by and struck up a convo.
|
| If you can't connect with people organically, no amount of
| tech can save you.
| throw838384 wrote:
| Is there a way, to verify if potential partner uses this app? Or
| if they are in "are we dating the same guy" type of group?
|
| I take doxing, stalking, revenge porn and cyber bullying very
| seriously! And I would pay good money for a background check, to
| stay away from such people.
| more_corn wrote:
| Easy post negative information about yourself on there.
| jeroenhd wrote:
| You need to verify you're a woman with some form of ID before
| you can get into the app. Faking an ID and a picture can't be
| that difficult in the age of AI (especially not when the
| company that's supposed to verify you is this callous with
| their users' PII), but it's not as quick and easy as you
| suggest.
| SrslyJosh wrote:
| > And I would pay good money for a background check, to stay
| away from such people.
|
| Buddy, believe me, women who are using Tea would pay to know
| that they need to avoid _you_ too.
|
| Seems like the simple solution here is for Tea to allow men to
| register and advertise themselves as not interested in Tea
| users, maybe by linking profiles from dating apps.
| generalizations wrote:
| There is now.
| jjangkke wrote:
| - The fact that this app exists solidifies the data that a small
| group of men/women do most of the dating on tinder etc while the
| vast majority land dates far less if none at all.
|
| - This creates distorted market supply and demand where those
| small group of men/women become sought after and its only human
| nature in that they value their supply less than the rest.
|
| - Toxic behavior is expected from that small group of highly
| attractive people that do all the dating.
|
| - It was only a matter of time before such app would run into
| legal issues or attract angry individuals. Now the damage to the
| leaked identities will be prolonged. With the AI tech today, the
| extent to which a damage can be done is unknown (ex. deepfake,
| impersonations, further doxxing).
|
| - Tea user's driver licenses as well as selfies, usernames,
| emails, posts about their dates will drastically increase the
| surface area for lawsuits, fraud and exploitation by malicious
| agents.
|
| - The users of this site and those that have directly posted
| images, details have opened themselves up to significant legal
| and criminal liability. Given these apps were probably popular in
| large city centers like California, NY have heavy punishment for
| digital harassment and privacy violations on top of the damages
| that can be claimed against them by the men who's information and
| details were posted.
|
| - Tea is largely insulated from what the users post which means
| that their biggest exposure might be just neglect and failure to
| secure data which comes with a slap on the wrist. Which will make
| it harder for Tea's userbase to claim large damages against it.
|
| I read more details about this case and its beyond egregious.
| Unencrypted firebase and full public buckets. There is no hacking
| involved, the tokens were being used to pull data from roughly
| all 30,000 users of Tea and were only blocked short while ago.
|
| Allegedly, 60GB of photos, user personal information, driver
| license, gps data being shared on torrent. A map of all 30,000
| users tied to GPS data is being posted as well.
|
| Given the extreme neglect to secure their data, I now believe Tea
| will be open to even bigger legal liability possibly criminal
| even.
| wosined wrote:
| Let's be real you wrote men/women only to be PC. You really
| meant small group of men.
| packetlost wrote:
| No, it really does apply to both. Women who are not dating or
| are in a stable relationship won't use that app.
| jjangkke wrote:
| People with stable values and relationships most likely
| won't be on these apps. The wide acceptance of hookup
| culture via apps is not universal.
|
| In some cultures, mentioning dating apps will immediately
| lead to negative assumptions and connections are done
| through vetted networks and specific establishments where
| "hunting" activity is allowed, some with even more boundary
| pushing that would be impossible in Western culture.
| gruez wrote:
| Not sure about what "some cultures" you're talking about,
| but AFAIK "dating apps" is the #1 answer (or at least in
| the top 3) to "how did you meet your partner" in many
| countries. They're not just for hookups. Many even market
| themselves as being for committed relationships, or have
| features to facilitate that (eg. filters).
| arrowsmith wrote:
| Yes but for the women who _are_ on the app, the
| distribution of dates is much less skewed. (I assume.)
| packetlost wrote:
| Oh yeah, my whole point was the a selection bias.
| phkahler wrote:
| >> Let's be real you wrote men/women only to be PC. You
| really meant small group of men.
|
| Let me share a message I got from a woman I met a couple
| years ago on a dating site: "Just a side note about the
| dating thing on here. I get very annoyed with how horribly
| men take care of themselves or even try to communicate. Most
| men today on these sites are repulsive. It was refreshing to
| see you smile, and look nice. Thank you for that."
|
| So it's not a bunch of red-pill alpha guys. I'm an average
| guy with basic manners and a _lack of creepiness_. Heck I was
| near my all time high weight at the time. Every single woman
| on those things has at least one story about a guy she met
| that will make you cringe from his behavior. My fav was the
| guy who sent a woman flowers before even meeting her - _at
| her workplace_! Dude the cyberstalking you need to do to pull
| that off is CREEPY AF - not romantic.
|
| If you want to be in that top 10 percent of men the bar is
| incredibly low.
| IlikeKitties wrote:
| > Allegedly, 60GB of photos, user personal information, driver
| license, gps data being shared on torrent. A map of all 30,000
| users tied to GPS data is being posted as well.
|
| Yeah, I wouldn't worry about the allegedly part, 4chan is
| dissecting that torrent as we speak, it's quite the party.
| cmxch wrote:
| A case for ironclad data privacy laws that allow people to pierce
| the veil and request deletion.
| 8f2ab37a-ed6c wrote:
| Sad that a common response to "we might not want this app to
| exist" is "well, if you weren't cheating, you wouldn't have a
| problem with it".
|
| Why do people want to live in a panopticon of their own creation,
| with random anonymous strangers morally policing, judging each
| other with zero consequence to them?
|
| Don't think we'll ever learn our lesson when it comes to privacy,
| it will be Eternal September forever.
| duxup wrote:
| I think for many people see <cause> and any criticism of
| something that claims to be relate to that cause is seen as
| criticism of the cause and that's a full stop when it comes to
| thinking much further.
|
| The irony in this case being that this app operates like a lot
| of creep subreddits and forums out there with people posting
| photos of other people without their permission and gossiping /
| telling stories about them...
| 8f2ab37a-ed6c wrote:
| I agree that you could make a Tea app for every faction's
| favorite cause, and use "safety" as the justification: report
| your local communist, report your local infidel, report your
| local secret white supremacist, report your local secret
| Western imperialism agent, report your local suspected
| jihadi, report a homosexual, report a suspected illegal
| immigrant, report a local adulterer, report an apostate,
| report a kulak.. etc. _chefkiss_
|
| Witch Hunt as a Service, with a delightful UX, a little
| gamification, and soon integration with your favorite apps.
| Coming to an App Store near you.
| cjs_ac wrote:
| I think this is also called 'politician's logic':
| https://www.youtube.com/watch?v=vidzkYnaf6Y
| scarmig wrote:
| It's a useful app, as it helps men avoid the type of women
| who'd use such an app.
| BizarroLand wrote:
| How would you even identify who is on the app?
| zetanor wrote:
| The app conveniently offers its users' driver's licenses to
| the public.
| jeroenhd wrote:
| The leak contains drivers' licenses, but also location
| information. Someone on 4chan made a map of all the
| coordinates they could find and posted a public link.
|
| So much for the "anonymous" app.
| bawolff wrote:
| Because our entire civilization is built on recipricoal
| alturism, which requires reputation so that in the event
| someone defects it carries negative consequences to discourage
| defection.
| standardUser wrote:
| I mostly agree, but it's different for women due to how
| frequently they are subject to violence and how comparatively
| defenseless they are compared to the average man. Many women
| (and men) would gladly give up some privacy in exchange for
| (perceived) safety. And any man who doesn't understand that is
| either lying or has never known a woman.
| redeeman wrote:
| yeah because ALL women are the same, right? you seem kinda
| sexist here
| tonymet wrote:
| Maybe this is a good time to think about what policy could help
| discourage these horrific practices (it sounds like their storage
| was unprotected)
|
| * App Store review requires a lightweight security audit /
| checklist on the backend protections.
|
| * App Store CTF Kill Switch. Publisher has to share a private CTF
| token with Apple with a public name (e.g. /etc/apple-ctf-token ).
| The app store can automatically kill the app if the token is ever
| breached.
|
| * Publisher is required to include their own sensitive records (
| access to a high-value bank account) within their backend . Apple
| audits that these secrets are in the same storage as the consumer
| records.
| tonymet wrote:
| * Mandate 3rd party auditing once an app reaches > 10k users
|
| * App publishing process includes signatures that the publisher
| must embed in their database. When those signatures end up on
| the dark web, App Store is notified and the App is revoked
| fn-mote wrote:
| > * Mandate 3rd party auditing once an app exceeds 10k users
|
| You have a lot of interesting suggestions.
|
| I would love to see some kind of forced transparency. Too bad
| back-end code doesn't run under any App/Play Store control,
| so it's harder to force an (accurate) audit.
| tonymet wrote:
| thanks. Yeah I think there are a lot of ways to decouple
| App store from publisher and auditor . That way the
| publisher can retain autonomy / control , while still
| developing trust with the consumer.
|
| We could do better in our trade at encouraging best
| practices in this space. Every time there's a breach , the
| community shames the publisher . But the real shame is on
| us for not establishing better auditing protocols. Security
| best practices are just the start. You have to have
| transparent, ongoing auditing and pen-testing to sustain
| it.
| tonymet wrote:
| also i remember maybe Facebook trying to do this when they
| acquired Parse. For a while they were promoting developers
| host their backends on Parse / FB .
|
| The idea has merit. You have to relinquish some control to
| establish security. Look at App Store, Microsoft Store ,
| MacOS App store -- they all sandbox and reduce API scope in
| order to improve security for consumers.
|
| I'm more on the side of autonomy and trust, but then we
| have reckless developers doing stuff like this, putting the
| whole industry on watch.
| beeflet wrote:
| just use your brain and don't upload your face and driver's
| license to a gossip website. when I was growing up, it was
| common knowledge that you shouldn't post your identity online
| outside of a professional setting.
|
| The onus is on users to protect themselves, not the OS. As long
| as the OS enables the users to do what they want, no security
| policy will totally protect the user from themselves.
| tonymet wrote:
| The app store is auditing & restricting functionality within
| the iPhone, but the backend protections are a wild west.
|
| "use your brain" is no substitute for security. This is a
| hacker forum. We think about how to protect apps. Even smart
| people have slipped up
| dvngnt_ wrote:
| This is becoming more unfeasible as it becomes required to
| access online services like reddit, nexusmods, verification
| on dating apps. Sending facial, and documentation data is
| becoming mandated by governments across the world.
| alecco wrote:
| > reddit, nexusmods, verification on dating apps.
|
| You know life is better without those, right? (inb4
| whataboutism reply)
| nemomarx wrote:
| Do you think it'll stop with those sites? You might need
| it for your banking app soon, or to browse LinkedIn, or
| etc.
| alecco wrote:
| Banks already ID you in person (at least the ones with
| branches). And LinkedIn has been useless for years for
| most of my family and friends.
| bigfishrunning wrote:
| Then I'll do my banking in person, and stop browsing
| LinkedIn. I'm looking forward to my reduced dependence on
| the internet.
| bathtub365 wrote:
| Your bank will close branches thanks to the incredible
| convenience of online banking.
| bigfishrunning wrote:
| They haven't done that yet, and if they do there are tons
| of other banks for me to use.
| JoshTriplett wrote:
| For banking it's fine; I expect to need to prove my
| identity to my bank, and it's tied to my bank accounts.
| And I expect a bank to have high security.
|
| The vast majority of online services have no good reason
| to want my ID, nor will they ever get it.
| ImJamal wrote:
| Is there a single bank that doesn't require ID to start
| an account?
| dvngnt_ wrote:
| life is better with skyrim mods
| arrowsmith wrote:
| > just use your brain and don't upload your face and driver's
| license to a gossip website
|
| Meanwhile, in the UK, new legislation requires me to upload
| my face and driver's license just to browse Reddit.
| aydyn wrote:
| You only require ID verification for NSFW subreddits,
| right?
| Mindwipe wrote:
| Nsfw includes subreddits that discuss beer.
| GoatInGrey wrote:
| You know, what's funny about NSFW is that a lot of things
| tagged NSFW are actually regularly discussed _at work_!
| NekkoDroid wrote:
| While true, using that logic I can say porn is also
| discussed _at work_ if you work in the porn industry :)
|
| On a more serious note, implementing such a law without
| also providing a 0-knowledge authentication system ready
| to use by the government is just so unbelievably stupid
| (for multiple unrelated reasons).
| arrowsmith wrote:
| All of Reddit is NSFW. Why are you on Reddit, you should
| be working!
| selfhoster11 wrote:
| And requiring KYC to access a subreddit marked NSFW is
| somehow legitimate why, exactly?
| ronsor wrote:
| The fact that UK politicians cannot use their brains is a
| separate issue. May I interest you in a VPN?
| qualeed wrote:
| > _just use your brain and don 't upload your face and
| driver's license to a gossip website._
|
| It isn't just gossip websites requiring this, and it isn't
| just gossip websites suffering breaches.
| Beijinger wrote:
| Yeah, just upload the pictures of unsuspecting guys.
|
| Sorry, well deserved ladies. It just made my day. ROTFL.
|
| And please provide an app with all the names and pictures of
| the ladies who used it. So that I can easily check who not to
| date.
| adamrezich wrote:
| Good thing our children will learn all about this at their
| mandatory Internet Literacy Fundamentals course they have to
| take in high school.
|
| Oh wait--no such thing exists!
|
| It's up to us to teach this to our children. There's no hope
| of getting the current generations of Internet users to grasp
| the simple idea that app/website backends are black boxes to
| you, the user, such that there is absolutely nothing
| preventing them from selling the personal information you
| gave them to anyone they see fit, or even just failing to
| secure it properly.
|
| Without being a developer yourself or having this information
| drilled into you at a young age, you're just going to grow up
| naively thinking that there's nothing wrong with giving
| personal information such as _photos of your driver 's
| license_ to random third parties that you have no reason to
| trust whatsoever, just because they have a form in their app
| or on their website that requests it from you.
| tonymet wrote:
| education is helpful, but it's also inadequate. we need
| good drivers, and good driver safety systems. they go hand
| in hand.
|
| even the most savvy consumers slip up, or are in a hurry.
| it's impossible to make a perfect security decision every
| time
| 9dev wrote:
| Nice, some unsolicited victim blaming!
| gruez wrote:
| >* App Store CTF Kill Switch. Publisher has to share a private
| CTF token with Apple with a public name (e.g. /etc/apple-ctf-
| token ). The app store can automatically kill the app if the
| token is ever breached.
|
| How do you enforce the token actually exists? Do app developers
| have to hire some auditing firm to attest all their infra
| actually have the token available? Seems expensive.
| tonymet wrote:
| it could be made available just to apple servers via ACL or
| protected token. but no one else .
| gruez wrote:
| That still doesn't make sense. How does the ACL work? What
| prevents the usual shenanigans like cloaking to prevent
| legitimate detection from working? Moreover what secrets
| are you even trying to detect? The app API token?
| tonymet wrote:
| i'll make you a deal. Be constructive and make a
| suggestion, and I'll address your inquiry. that way I can
| tell you actually are interested in having a
| conversation.
| gruez wrote:
| I can't be constructive when your proposal is too vague
| to know how it works, I'm forced to take pot shots at
| what I think it is, and you getting upset because I'm not
| "constructive". Thoroughly explain how your plan works
| beyond the two sentences in your original post, and I can
| be "constructive".
| tonymet wrote:
| come up with 1 idea
| tonymet wrote:
| why don't you try making a suggestion instead
| yjftsjthsd-h wrote:
| It's perfectly possible to point out a flaw without
| suggesting a replacement.
| tonymet wrote:
| but not constructive
| yjftsjthsd-h wrote:
| I disagree; if you suggest doing something, and someone
| points out a (legitimate) potential
| flaw/problem/shortcoming/difficulty, then that person has
| helped you and improved the conversation. Full stop. It
| might be _nice_ if they can also suggest something
| better, but it 's not necessary. It might even be in the
| final outcome that the original idea is still the best
| option, and even then it is preferable that its problems
| are known and hopefully considered for mitigation.
| tonymet wrote:
| we're not in that phase yet. the dude is just trolling
| tbrownaw wrote:
| Yes, pushing companies away from mobile apps and towards PWAs
| or even ordinary websites _does_ sound like an excellent idea.
| tonymet wrote:
| it could be an enhanced certification like "Enhanced
| SEcurity" or "End to End security" to allow gradual adoption.
| tbrownaw wrote:
| So like those EV certs that turn the address bar green.
| tonymet wrote:
| better, in that the app store has more weight and more
| leverage to establish more comprehensive auditing.
|
| The EV certs failed because general SSL identity is
| pretty weak. Consumers don't know how to use it to
| establish trust. There's no enforcement on how the names
| are used. for example, my county treasurer has me
| transfer thousands of dollars on a random domain name.
| benlivengood wrote:
| In this case it appears to be a public Firebase bucket;
| shutting down the app wouldn't help. Quite possibly access to
| Firebase was mediated through a backend service and Apple
| couldn't validate the security of the unknown bucket anyway.
| tonymet wrote:
| I partially agree. At least the threat of app shutdown would
| be enough consequence for the publisher to take things
| seriously
| benlivengood wrote:
| I think iOS and Android already holds the threat of app
| store removal over developers' heads.
|
| Presumably the risk/reward still favors risky practices.
| tonymet wrote:
| but it's not contingent on backend violations, only
| frontend ones. I'm proposing decoupled ways for app store
| validation to audit backend security.
| tonymet wrote:
| Also about validating the backends, apple has the resources
| to provide a level of auditing over the common backends. S3,
| Firebase -- perhaps the top 5. It's easy to provide apple
| with limited access to query backend metadata and confirm
| common misconfigurations.
| dabockster wrote:
| The world is moving away from App Stores and walled gardens.
| Figure out other options.
| tonymet wrote:
| that sounds preposterous . can you qualify that?
| bigfishrunning wrote:
| Linux is up to 5% of the desktop. Gog and Itch.io are DRM-
| free, and are slowly gaining ground against Steam.
| Fediverse networks are slowly gaining ground against
| traditional social media. Signal is more popular then ever.
|
| There will always be lowest-common-denominator users, but
| there is clearly _some_ demand for an alternative to the
| biggest 5 websites...
| tonymet wrote:
| i see thanks for clarifying
| ohdeargodno wrote:
| >There will always be lowest-common-denominator users,
|
| Interesting play, calling 95% of users "lowest-common-
| denominator". Those silly, blabbering morons that don't
| understand that they should be running Bazzite on their
| Framework laptops instead of using evil evil sofware.
|
| >there is clearly some demand for an alternative to the
| biggest 5 websites...
|
| This demand doesn't pay, and also happens to be some of
| the most demanding, entitled users you'll have ever seen.
| TZubiri wrote:
| >Apt install app
|
| Mmmhmm
| Rendello wrote:
| > Publisher is required to include their own sensitive records
| within their backend.
|
| Now that's a creative solution! Every admin must have a table
| called `MY_PERSONAL_INFO` in their DB.
| tonymet wrote:
| wouldn't it be funny if the app store had to review it and
| make sure the personal info was sensitive and possibly
| humiliating enough . "sir your app has been denied because
| MY_PERSONAL_INFO table requires at least 3 d-pics"
| bawolff wrote:
| Make company liable for damages when breached.
|
| If you want companies to care about security then you need to
| make it affect their bottom line.
|
| This wasn't the work of some super hacker. They literally just
| posted the info in public.
| tonymet wrote:
| I agree, but relying on lawsuits is far too slow and costly .
| We can reduce the latency of discovery and resolution by
| adding software protocols.
| bawolff wrote:
| Having the threat of lawsuits is not really about the
| actual lawsuit, its about scaring people into being more
| careful. If you actually get to the lawsuit stage, the
| strategy has failed.
|
| > We can reduce the latency of discovery and resolution by
| adding software protocols.
|
| Can we? What does this even mean?
|
| [Edit: i guess you mean the things in your parent comment
| about requiring including some sort of canary token in the
| DB. I'm skeptical about that as it assumes certain db
| structure and is difficult to verify compliance.
|
| More importantly i don't really see how it would have
| stopped this specific situation. It seems like the leak was
| published to 4chan pretty immediately. More generally how
| do you discover if the token is leaked, in general? Its not
| like the hackers are going to self-report.]
| GoatInGrey wrote:
| That's a reactive measure. Certainly, it's worth pursuing.
| Though like the notion that you can't protect people from
| being murdered if you only focus on arresting murderers,
| there is a need for a preventative solution as well.
| ryandrake wrote:
| This is the only way to deter this. Negligence and
| incompetence needs to cost companies big money, business-
| ruining amounts of money, or this is just going to keep
| happening.
| itake wrote:
| the problem is what are the damages? how much are those
| damages?
|
| My SSN / private information has been leaked 10+ now. I had
| identify fraud once, resulting in ~8 hours of phone calls to
| various banks resulting in everything being removed.
|
| What are my damages?
| bawolff wrote:
| I would suggest that damages should be punative, not to
| make the victims whole. So i dont think it matters.
| standardUser wrote:
| There has to be a better way than just adding another
| deterrent to starting a company. Could there be an industry
| standard for storage security? Certification (a known hurdle)
| is better than "don't fuck up or we'll fine you to death".
| bawolff wrote:
| Certification is essentially "don't fuck up or we'll fine
| you to death" with extra steps. Especially because it
| mostly comes down to the company self-verifying (auditors
| mostly just verify you are following whatever you say you
| are following, not that its a good idea).
|
| Its not like anyone intentionally posts their entire DB to
| the internet.
| LPisGood wrote:
| I think fines are very reasonable. If you can't safely do
| the thing, you should be punished for doing it. If you
| can't safely safely do the thing then there is no issue.
| TZubiri wrote:
| Maybe the idiot that published this didn't even form an llc,
| "waste of 200$"
| TZubiri wrote:
| I like the ctf one, but it would probably be hidden way deeper
| than the rest of the info.
| tacker2000 wrote:
| More power to app store reviewers? Please no. They already deny
| apps for random reasons and figuring out why is often a hair
| pulling experience.
| tonymet wrote:
| i agree about the power concerns, but where would you assign
| the authority if not the app store?
| dang wrote:
| Related ongoing thread; others?
|
| _Women are anonymously spilling tea about men in their cities on
| viral app_ - https://news.ycombinator.com/item?id=44682914 - July
| 2025 (17 comments)
| honeybadger1 wrote:
| it should have never been allowed to be published anyway. not
| trying to justify what is happening, but these kind of apps are
| historically abused and create more problems than they
| intentionally try to solve.
| trallnag wrote:
| Damn, this app is going down quicker than coalfax
|
| Edit: Nevermind, looks like Tea has been around for quite some
| time already. But it kinda flew under the radar with a fairly
| small user base.
| exiguus wrote:
| Kind of meta toxic behaviour to download the data from a App that
| has the goal to prevent woman from men toxic behaviour.
| az226 wrote:
| Doxxers getting doxxed is peak irony.
| jahewson wrote:
| Let's not kid ourselves, the goal is to shame men in an attempt
| to control them.
| archagon wrote:
| Maybe if all these creepy men just dated each other and left
| women alone, the problem would solve itself.
| lupusreal wrote:
| Great suggestion, very practical and well intentioned. On
| that note, I had another idea; toxic women should stop
| associating with men. They should take themselves off the
| dating apps and stop ruining the lives of any men that
| might be unfortunate enough to pair up with them. My
| suggestion is just as practical as your suggestion I think.
| The toxic women can self-identify and voluntarily exclude
| themselves just as well as the creepy men.
| loeg wrote:
| I don't think that's the actual goal, or outcome.
| aaaja wrote:
| This is such excruciating incompetence by the app developers I'm
| wondering if it was intentional. Done to punish the women who
| dared to speak up about vile men.
|
| I just hope they can pursue legal action for this, whether it was
| a deliberate trap or not.
| motohagiography wrote:
| for someone who thought Tea was a good idea, what would be the
| objection be if this leaked contributor data were used to
| populate a similar app to warn men off?
| Frost1x wrote:
| A rather brilliant idea I must say.
| motohagiography wrote:
| obviously it would be malicious and unethical, but since that
| didn't seem to stop Tea users, I'd be interested in what
| their arguments against it would be.
| baobabKoodaa wrote:
| that's horrible! that would violate the human rights' of women!
| robotnikman wrote:
| With all the state/countries starting to do ID verification, this
| is a good lesson in what can go horribly wrong with these types
| of policies.
| throwacct wrote:
| This x100.
| SomaticPirate wrote:
| "An app was created to help women stay safe on dates and avoid
| creeps, proceeds to be hacked by creeps"
|
| Not a great look here.
|
| However, Tea could have done a modicum of cybersecurity work (or
| hired an outside firm) to prevent this. If they are claiming to
| want to keep women safe (and not just running a gossip board)
| then this should be a red alert for them. No public
| acknowledgement is concerning...
| Levitz wrote:
| An app that was created to publicly share images and public
| information of people got the images and public information of
| the people sharing it exposed.
|
| I don't know how can anyone feel wrong about this without
| feeling even worse for what was already taking place.
| loeg wrote:
| "Safety" is doing a lot in this headline. It's a gossip app.
| amelius wrote:
| Isn't Apple supposed to protect these app users? I suspect a
| lawsuit is in the making.
| spacebanana7 wrote:
| There's nothing Apple can really do about backend security of
| apps.
|
| Conceivably these storage endpoints might've never been
| directly exposed to mobile clients, instead going through other
| proxies or CDNs.
| Beijinger wrote:
| LOL, well deserved. https://youtu.be/WjfpryoQ0Mk
| Beijinger wrote:
| Why the downvote? It is just pictures and names. Both disclosed
| against their will but, and this is the ROTFL part, this is
| exactly what the ladies did. Uploading pictures and names of
| unsuspecting male victims and violating their privacy.
|
| Let ladies have some of their own medicine.
| whatsupdog wrote:
| I have a free billion dollar idea for any developers with free
| time on their hands. Hell, I'll even throw in a 10,000$
| investment.
|
| Coffee: a dating "safety" app for men. Rate the women you went on
| dates with: did she meet you just for free food/drinks? How
| "easy" she is? Did she try to gaslight/manipulate you into
| anything? Did she get jealous and keyed your car? Did she level
| false sexual assault allegations against you? Did she level false
| domestic violence allegations against you? Did she try to keep
| your children away from you with frivolous restraining orders?
| Did you she try to poison your kids against you by lying to them?
|
| These are all the things that women routinely do, with a varying
| definition of "routinely" depending upon which side of the fence
| you are.
| IlikeKitties wrote:
| 4Chan suggested a better name BodyCountr. Where you rate woman
| on how high their respective bodycount is.
| whatsupdog wrote:
| Totally valid. If men can be shamed for number of sexual
| partners they have (I'm talking about calling someone an
| incel), so should be women.
| ryoshu wrote:
| https://x.com/tolly_xyz/status/1948375237994672389 - BoxScore.
| Someone did it.
| 1970-01-01 wrote:
| "Breached"
|
| 1st sentence: "exposed database"
|
| We need a more nuanced headline here. They did nothing
| responsible. 404 should title this story with something that will
| blame them first and the 'hackers' 2nd.
| zahlman wrote:
| My general observation thus far has been that submissions from
| 404media are rarely anything that I'd consider quality content
| for HN.
| prophesi wrote:
| I wouldn't go that far. What they uncover with their FOIA
| requests that the general public would otherwise never know
| about tends to be quality content. And, like the Wired, their
| FOIA-based articles aren't paywalled.
| ch_fr wrote:
| Yeah, the term "breached" was a very poor choice, because it
| sounds like "this was breached recently" instead of telling
| "the database could be seen by anyone ever since the app's
| conception, and it only came to light today" which has much
| worse implications.
| indycliff wrote:
| My guess, hired the absolute lowest paid developers and got what
| they paid for.
| kashnote wrote:
| I'm a firm believer that if you want to start a tech company, at
| least one of the founders has to have a technical background.
| Even if you outsource all the work, you need to be able to ask
| the right questions related to security.
|
| It's not just that this database was accessible via the internet.
| It was all _public data_. Storing people 's IDs in a public
| database is just... wow.
| kenjackson wrote:
| Tech background isn't sufficient. They need to have security
| background. Some of the worst people I've met with respect to
| security have been technical enough to have the wrong level of
| confidence.
| TZubiri wrote:
| Doctors need to study 5 to 8 years and pass rigorous exams
| Attorneys the same Structural architects and engineers the same
|
| We have a couple of decades more until we lock tech up, up
| until now it was all fun and games, but now and in the future
| tech will be everywhere and will be load bearing
| alibarber wrote:
| But now we have amazing vibe coding tools that mean that you
| don't need to be technical or whatever - you can just deliver
| results. After all, the best LinkedIn influencers and founders
| don't care about how something is delivered, just what.
|
| Yeah, we've finally, nearly, just got to the point where
| realizing that treating IT and security and such as simply a
| cost centre to be minimised maybe quite wasn't leading to
| optimal security outcomes - to throwing it all away again.
| jackdawipper wrote:
| a few more of these incidents and they'll care a lot more
| redeeman wrote:
| thats a joke right?
| TechDebtDevin wrote:
| Isnt there like millions of misconfigured firebase dbs in the
| wild with no auth, some including fortune 500 companies?
|
| https://www.bleepingcomputer.com/news/security/misconfigured...
| anal_reactor wrote:
| This is legit funny
| ok123456 wrote:
| We need to stop allowing companies that are not directly engaged
| in financial services to request government IDs.
|
| Facebook shouldn't legally be allowed to demand an ID any more
| than this disaster of an "app."
|
| Now tens of thousands of people will be subject to identity theft
| because someone thought this was a neat growth hacking pattern
| for their ethically dubious idea of a social networking site.
| 1123581321 wrote:
| A secure Know Your Customer API would be a useful service for
| Apple and Google to provide to developers. It could scan the ID
| and reveal individual pieces of information with permission to
| the application or multiple applications. Forgive me if it
| already exists and this app just wasn't using it.
| arianvanp wrote:
| Apple is launching such a service in iOS26
|
| https://developer.apple.com/videos/play/wwdc2025/232/
| ok123456 wrote:
| Or we could deny providing "app" developers with any such
| information.
| bilekas wrote:
| So it wasn't "breached" ... It was just so badly made that the
| bucket was public. Vibe coding ?
| elicash wrote:
| Lots of us were bad at this even before AI.
| throwpoaster wrote:
| Oh no, they doxxed the users of the doxxing app. Shocking (tiny
| violin emoji)!
| jackdawipper wrote:
| In 2008 when the GFC every company we worked IT for on contract
| fired their IT staff first. Two weeks later, we had bonanza
| period right through into the next year. They realised the hard
| way that those lowly cheap IT staff were quietly keeping them
| afloat. We charged a lot to fix their problems they created
| because their CEO thought IT was a waste of money.
|
| This will prove security in IT coding is necessary, so enjoy
| watching the drama unfold.
|
| IT security bonanza time. It wont be long.
| fHr wrote:
| hahahhahaha
___________________________________________________________________
(page generated 2025-07-25 23:00 UTC)