This is why ID verification, especially for an app that was just recently made, is a really awful idea.
I mean, this app was a terrible idea. Tea is about as unethical as KiwiFarms or 4chan itself. Any data breach is of course very unfortunate and tragic for the victims though.
7 Likes
SomeOrdinaryGamers just released a video on this too. Informative, if anyone wants to learn more about it.
That also.
Also here’s a link to bypass the signup wall:
https://archive.ph/djeyb
3 Likes
Thanks!
However, this is one website people should pay for if they can. They do great work!
1 Like
Order complete!
Just a quick vibe check, but I pretty sure apps with at least some intention of helping women is better than the incel cesspool of 4chan. Being a woman comes with different challenges. Questionable app, sure, but I’ll be damned to say that it’s as bad 4chan.
That said, storing PII in plaintext is what I would describe as f***ing dumb. The race to the bottom line and disregarding any security is so annoying in this age of software development.
3 Likes
Personally, I don’t think the ethics of a given situation really changes depending on who the perpetrator is, but I guess that is debatable. I’m not really a philosophy professor who can take on a moral objectivism discussion 
I can certainly say the users were the bigger victims in this case, 4chan is not justified with this blatantly irresponsible security disclosure by any means. Having your government ID and PII leaked is technically worse than having a social profile with your age and photos and other metadata built about you. It’s kind of an everyone loses situation though.
On the technical side, I agree and we will only see more of this as vibe coding (which I believe was used in this case) has taken off.
1 Like
signs up to leak personal information about other people without their consent
own personal information leaked instead
Objectively speaking, how?
A gossip app user getting a drivers license leaked does become more at risk of attackers trying to commit some fraud attacks, though nowadays more factors of authentication are required than that. Victims of the app are more in direct risk of social ostrasization, or getting fired, and are inherently unable to defend themselves from false claims or may not even know they’re under attack by a malicious actor.
I am certain that if the app was gender-swapped - a male-only app meant designed to talk about women behind their backs - it likely would of been shut down immediately.
On the technical side, I agree and we will only see more of this as vibe coding (which I believe was used in this case) has taken off.
There is a silver lining. Maybe tech companies will realize that mass-firing experienced developers in favor of insecure “vibecode” slop was a mistake, and start hiring more?
3 Likes
I believe this is a US centric problem. While the US gains mind boggling velocity in terms of technology development with AI, which is kinda cool I guess, it has come at the cost of tech feudalism, poor security, poor privacy, and dark patterns everywhere. I’d trade away AI development for user privacy protecting laws in a heartbeat. But vibe coding has just accelerated and amplified what already was there.
I could rant about it for days, but I figured I’m preaching to the choir here.
2 Likes
Jesus Christ, there’s a 2nd breach. Just learned about it from Tech Lore.
404 Media article:
Archive:
App for demonizing random guys based on bullshit unverified gosip doesn’t sound like it helps women in the long run. If this app would get very popular, guys would just stop being themeselves in the fear of being “outed” as a horrible person for something ridiculous that any normal woman would understand, like not going to a second date etc.
1 Like
Didn’t say it wasn’t bad, and personally think it’s a horrible app.
So…even chats are involved now?
It is one thing to leak the identities of Tea users. It is another thing entirely to leak sensitive information about folks who don’t even know are on the app itself.
This is a messy situation that goes beyond the usual culture war topics (which are off-topic in this forum by the way). If your private conversations and pictures are uploaded somewhere without consent, a data breach is the worst case scenario for you by far. You can’t even prevent that from happening
At least similar Facebook Groups have implemented some form of E2EE private DMs…
1 Like