Tough to say :) Vaguely reminiscent of SNI troubles on the web server... which can depend on the client. I thought that was becoming exceedingly irrelevant, though.
dpedu · 20h ago
I've seen this issue with certain dns providers. I don't have issues with google dns (8.8.8.8).
>DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!
>Tea App uploads all user verification submissions to this public firebase storage bucket with the prefix "attachments/": [link, now offline]
>Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It's a public bucket. I have written a Python script which scrapes the bucket and downloads all the images, page by page, so you can see if you're in it: [pastebin link]
>The censoring in picrel was added by me. The images in the bucket are raw and uncensored. Nice "anonymous" app. This is what happens when you entrust your personal information to a bunch of vibe-coding DEI hires.
>I won't be replying to this or making any more threads about it. I did my part, God bless you all. Regards, anon
Being so careless with people's personal data should be a major crime, tbh. If I manipulated thousands of people to let me scan their passports and various other bits of personal info, then just left the copies around the city for people to find, I'd be prosecuted, and rightfully so.
ipnon · 12h ago
The irony of a doxxing app being wrecked by the anonymous is too much for me!
No comments yet
tinyoli · 36m ago
It is, in the EU.
moritzwarhier · 38m ago
> Being so careless with people's personal data should be a major crime, tbh. If I manipulated thousands of people to let me scan their passports and various other bits of personal info, then just left the copies around the city for people to find, I'd be prosecuted, and rightfully so.
Good analogy. Also, this is the main point of the EU GDPR.
udev4096 · 2h ago
Are you being serious right now? No one forced those people to upload their data to this sketchy site. Everyone with one brain cell would know the repercussions of uploading IDs to a no-name site
mr_00ff00 · 2h ago
Exactly, this is why if I walk down a street that looks sketchy and I get assaulted/robbed, it’s not a crime and no one can be charged!
Any bad behavior should be legal if the victim should have realized the warning signs.
mnky9800n · 2h ago
i think you are assuming a level of computer literacy that doesn't exist in the general population. most people seem to not actually know where data goes when they put it in their phone, how that data is used, or what actually happens on computers in general. They mostly appear as magic to them.
udev4096 · 45m ago
I am being downvoted for being real. How is the general populous not aware of it? That's wild. Again, you have to be aware of this. It's like privacy 101
tmerc · 34m ago
The general population hasn't taken privacy 101. They get asked to email their id to their doctor.
If turns out the doctor also hasn't taken privacy 101.
Bridged7756 · 45m ago
Victim blaming isn't right. Yes, they could have exhibited more caution. No, it's not their fault.
udev4096 · 42m ago
It's the only way people learn. Real world is not going to hold your hand, real world is full of facebooks, not signals
soraminazuki · 28m ago
Vigilante justice is wrong, but at the same time, I have a hard time calling registered users of a Kiwi Farms clone "victims."
batmaniam · 21h ago
Isn't this basically Peeple except gender locked to women? Peeple failed because they couldn't eliminate bias and gossip against anyone. If someone was jealous of another, for example, that person could just write false slander and claim it was real with no evidence. That would have affected the victim for jobs, dates, etc. So it was laughed at by VCs and everyone online and it shut down.
How is Tea even legal? Isn't this just a legal libel timebomb waiting to happen?
tptacek · 17h ago
Defamation (libel and slander) consists of false statements (or direct implications) of fact. Actionable defamation consists either of those false claims that cause quantifiable damages, or that claim things that are per se considered damaging --- a specific and limited list.
"This guy is a creeper and treats romantic partners terribly" is pure opinion, and cannot be defamatory. The (rare) kinds of opinion statements that can be defamatory generally take the form of "I believe (subjective thing) about this person because I observed (objective thing)", where "(objective thing)" is itself false. "The vibe I get about this person is that they hunt humans for sport" does not take that form and is almost certainly not defamatory.
Under US law, providers are generally not liable for defamatory content generated by users unless you can show they materially encouraged that content in its specifics, which is a high bar app providers are unlikely to clear.
gizmo686 · 13h ago
> or that claim things that are per se considered damaging --- a specific and limited list
Standard disclaimer that law varies by jurisdiction. However, that limited list typically includes claims that the person committed a crime. Many juristictions also include accusing someone of having a contagious disease, engaging in sexual misconduct, or engaging is misconduct that is inconsistent with proper conduct in their profession.
In other words, the types of things I would expect people to be talking about on tea overlap heavily with defamation per-se.
If the users were careful to make all of their statements opinions, that defense would work. However, I doubt that is the case. Instead, I expect many users to include example of what their ex did that led to their opinion; which gets directly into the realm of factual statements.
The provider protections are real, and likely protect the app from direct lawsuits (or, at least from losing them), but do not protect the app's users. A few news stories about an abusive ex going after their former partner based on what they posted in the app could be enough to scare users away. You don't even need to win the lawsuit if your goal is to harass the other person.
tptacek · 13h ago
It does, but those bars to defamation claims are based on the US Constitution more than they are on state law. I think another way to put that is that I gave the maximally generous interpretation to the plaintiff there.
krisoft · 13h ago
> "This guy is a creeper and treats romantic partners terribly" is pure opinion, and cannot be defamatory.
That is true. But i think untrained and emotionaly involved individuals will have trouble navigating the boundaries of defamation. Instead of writing opinions like “treats romantic partners terribly” they will write statements purporting facts like “this creep lured me to his house, raped me, and gave me the clap”. This is not an opinion but three individually provable statements of facts. Plus the third would be considered “defamation per se” in most jurisdictions if it were false. (The false allegation that someone has an STD is considered so loathsome that in most places the person wouldn’t need to prove damages.)
Unles specifically coached people would write this second way. Both because it is rethoricaly more powerfull, but also because they would report on their own personal experience. To be able to say “treats romantic partners terribly” they would need to canvas multiple former partners and then put their emotionaly charged stories into calm terms. That requires a lot of work. While the kind of message i’m suggesting only requires the commenter to report things they personaly know about. And in an emotionaly charged situation, like a breakup, people would be more likely to exagarate in their descriptions, making defamatory claims more likely.
> Under US law, providers are generally not liable for defamatory content generated by users…
This is true, and i believe this is the real key. Even if the commenters would be liable, the site themselves would be unlikely to become liable with them.
tptacek · 13h ago
Just keep in mind there are two very high bars you need to clear to come out ahead on a defamation action:
1. To prove that the factual claims made by the defendant were false, and that the defendant should have known they were false
2. That you suffered actual damages from those claims
Very hard to make happen on a dating app.
swores · 1h ago
Worth pointing out that you're talking purely from a US point of view, and different countries treat slander and libel differently.
For example in the US, to sue for defamation you need to prove something is false, whereas in the UK the defendant has to prove that what they said or wrote (and are being sued for) is true.
(I've no idea whether this app had any non-US use, but thought worth adding this comment regardless since it's a general point about defamation law and being discussed on a site with a big international audience.)
mullingitover · 8h ago
It’s hilarious that we earnestly debate whether women should be allowed to have a space to speak anonymously about whatever the hell they want, but it’s completely unquestioned that 4chan is a perfectly legal operation.
tptacek · 2h ago
I'm not earnestly debating anything but the definition of libel, which I doubt applies to this app.
josteink · 7h ago
I guess a significant difference is than 4chan is fully public. Whatever anyone says there can be observed by anyone and refuted by anyone. You can’t secretly slander anyone there.
What happened on the tea app were probably not knowable, observable or refutable for those actually being doxxed or slandered.
That isn’t me saying 4chan is absolutely morally in the clear, but it’s still quite a significant distinction.
fn-mote · 6h ago
The difference _for you_ is in the public or private nature.
It seems like your argument is based on (1) the discussion being slander (assumption); and (2) the idea that you could refute it if it were public (good luck, low credibility, also most men would immediately respond with vulgar name calling and - at least if anonymous - threats).
smeeger · 1h ago
tea is more akin to kiwi farms than 4chan and kiwi farms is controversial even among incels
FirmwareBurner · 3h ago
>women should be allowed to have a space to speak anonymously
It was only anonymous for the women speaking there, but not for the men they were speaking about, hence the justified outrage, since anonymous strangers are gossiping/slandering you in a public online space behind a 2$ entry fee.
Would you also support if men had their own such public "safe spaces" to gossip anonymously about real women with their names? I can assure you it would be shut down immediately.
So then why do we allow double standards where only one sex should loose their right to online privacy?
akerl_ · 2h ago
So your concern is that it’s paywalled?
Because like the earlier comment points out, letting anonymous people trash talk real people and name them is a core feature of 4chan.
John-117 · 1h ago
The concern is that it is exclusive to only women, not only allowing, but encouraging them to post narratives about men who are not allowed on the app by policy. How is anyone going to verify the truth of these claims except the man, who is not allowed to look?
smeeger · 1h ago
no its not. 4chan is meant to be ephemeral. threads vanish quickly and they arent archived by 4chan.org. you cannot search the website for peoples names and there is no data structure for finding and contributing to a “file” on individual people. and when doxxing of anyone especially a woman occurs it is taken down by any mod who notices it because it could create a huge legal headache. so youre literally completely wrong. weird
akerl_ · 16h ago
A general plug that if you read this comment and thought “damn, 1st amendment law sounds complex and interesting”, you may want to check out https://www.serioustrouble.show/ , a podcast about legal news with a recurring focus on 1st amendment law and cases
dyauspitr · 14h ago
But you can ruin a person’s life on a whim. That cannot be allowed.
akerl_ · 14h ago
Can you cite that? Because in the US I’m not aware of a law against sharing negative opinions about someone.
danparsonson · 14h ago
Right - that's basically the business model of Twitter these days
duxup · 20h ago
This also seems like an app ripe for actual creep / abusers to follow / manipulate.
The claim that it provides safety really is just that, an empty claim.
dabockster · 19h ago
The fact that it verifies by ID scan is also not safe at all for a million different reasons.
A better way would have been to charge a small subscription fee - like $2/month or something. The fee filters out 99% of the trolls out there (who wants to pay to troll) and also gives the app/website admins access to billing info - name, mailing address, phone number, etc - without the need for a full ID scan. So the tiny amount of trolls that do pay to troll would have to enter accurate deanonymizing payment information to even get on the system in the first place.
And it can be made so only admins know peoples' true identities. For the user facing parts, pseudonyms and usernames are still very possible - again so long as everyone understands up front that such a platform would ultimately not be anonymous on the back end.
But oh no, that won't hypergrow the company and dominate the internet! Think of all the people in India and China you're missing out on! /sarcasm
FiniteIntegral · 17h ago
I think you underestimate the willingness of people to pay to troll, it may filter out people but an app that was (in theory) meant to be secure shouldn't think of a problem as filtering rather than securing. Admins knowing peoples' identities simply moves the weakest link in the chain to the admins. I think an app like this was doomed from the start and 4chan simply pulled the plug on an already leaking bathtub.
ada1981 · 10h ago
Are there any premium troll
Sites?
fooker · 8h ago
Twitter with check mark
ada1981 · 1h ago
Great point.
msgodel · 17h ago
I've thought about buying throwaway phone numbers just to troll linkedin. I'd be surprised if people weren't finding ways to get accounts on apps like this for trolling.
The only reason I haven't is because it feels like LinkedIn may have already jumped the shark and I wouldn't really get the value for my money.
konart · 19h ago
>A better way would have been to charge a small subscription fee - like $2/month or something.
That's Pure. And they have more than 5$ I believe.
jandrese · 10h ago
> A better way would have been to charge a small subscription fee - like $2/month or something. The fee filters out 99% of the trolls out there
Have you seen who has the blue checkmarks on Twitter/X now? I'll give you a hint, it's not the people who argue in good faith.
kryogen1c · 3h ago
> Have you seen who has the blue checkmarks on Twitter/X now? I'll give you a hint, it's not the people who argue in good faith.
So the same as it was before you could buy them?
raydev · 10h ago
> who wants to pay to troll
You've never visited X (formerly known as Twitter)?
rKarpinski · 16h ago
Whats wrong with verifying the ID?
The issue is they decided to roll their own extremely questionable service and insecurely store sensitive images in a public bucket
Multiple SAAS vendors provide ID verification for ~$2/each. They should have eaten
that fee when it was small and then found a way pass it onto the users later
dylan604 · 18h ago
you act like it's impossible to get payment credentials that have nothing to do with the user
atomicnumber3 · 17h ago
no, but it is _tremendously_ more difficult than email or even ID scans (unless you're doing actual verification, which is both more expensive and complicated than just charging a nominal fee or even just attaching a Card object to a stripe customer). Just getting to stand on top of an extremely robust existing system (payments) gets you so much adjacent help in keeping bad actors out, or at least getting it down to a human-team manageable level. It can be the difference between a viable business and not.
makeitdouble · 14h ago
› extremely robust existing system (payments)
It is not, indeed.
The first part is its goal: identity is secondary, the main purpose is money. It means a customer can put a fake name and address as long as the money part is considered OK. Most PSPs won't check the cardholder name (it can be used for fuzzy scoring, but exact match is a fool's errand). Address is usually only required for physical goods and won't be checked otherwise. And 3DSecure will shift the blame enough that the PSP won't need to care that much about the details.
The second part is the whole mess that comes with payments. You'll become a card testing pot in no time, and you'll be dealing with all the fuss just to check identities, you'll soon be rising the token payment to a significant amount to cover the costs, and before you realize it half your business has shifted into payment handling.
WarOnPrivacy · 17h ago
> you act like it's impossible to get payment credentials that have nothing to do with the user
This is incorrect. The parent acts like it isn't trivial to obtain payment methods that aren't linked to the payer. It seems like a reasonable possibility.
dylan604 · 16h ago
> It seems like a reasonable possibility.
For whom? For people willing to be an asshole on the internet? For people willing to stalk other people online? This sounds exactly like the group of people that would look for ways of paying for something in ways not linked to them, even if that means "borrowing" someone else's identity
PaulHoule · 18h ago
Many people will do anything they can to hurt their ex after a breakup.
No comments yet
djohnston · 4h ago
Hey now! They use ID verification bub - how are you gonna fake that? It’s not like there are just public buckets of legitimate ID photos taken by real women for you to hoover up. Check mate.
danesparza · 20h ago
>> How is Tea even legal? Isn't this just a legal libel timebomb waiting to happen?
By this logic: I suppose glassdoor, yelp, or Google reviews aren't legal either?
What about identity verification as part of any employment offer?
AndroTux · 20h ago
The difference is, on these platforms you're rating legal entities. On Tea, you're rating, or rather sharing personal information about, an individual. Where I come from, sharing personal data of someone without their consent is not allowed.
PaulHoule · 18h ago
Also on those platforms you can see if people are trash talking you even if you don’t have a procedure to face your accuser.
Even the open platforms creep me out. I don’t like seeing unverified accounts of crime in Nextdoor, I think if you see some crime you go to the police. I had a series of in person interactions with a woman which seemed creepy in retrospect, her Nextdoor was full of creepy stuff including screenshots of creepy online interactions. At least this gives everyone clear evidence they should keep away.
bluescrn · 15h ago
> On Tea, you're rating, or rather sharing personal information about, an individual.
Or in this case, sharing personal information about yourself...
Bilal_io · 6h ago
No, they'd be sharing the man's photo, name and phone number if I am not mistaken, and obviously without his consent.
dragonwriter · 18h ago
> Where I come from, sharing personal data of someone without their consent is not allowed.
Where you come from, people arent allowed to share their own experiences interacting with third parties without the third parties consent?
Sounds pretty oppressive, but there are absolutely many jurisdictions where that is not the case.
ioasuncvinvaer · 18h ago
They post images of the men in question without consent.
dragonwriter · 18h ago
Unless they are intimate images (in which case revenge porn laws are likely to apply), copyrightable images for which someone other than the poster is the creator posted without the copyright holder’s permission (in which case copyright applies), or being used for commercial promotion or to suggest endorsement (in which case, depending on which states law applies, state law right of personality/publicity, especially if the subject is a celebrity, might apply), that's generally legal in the US.
oc1 · 8h ago
Honey, that's generally not legal in many jurisdictions in the world, including most of europe.
ioasuncvinvaer · 17h ago
Thank god the US is the only country in the world.
dragonwriter · 16h ago
> Thank god the US is the only country in the world.
Its the only country in the world where Tea operates or is open to users, what other country’s laws do you think apply to it?
oc1 · 8h ago
You seem very confused how law applies. Please inform yourself before posting.
nickthegreek · 24m ago
please inform us before hitting post.
ohdeargodno · 18h ago
> that's generally legal in the US.
Cool, I'm sure Tea is only available to report things about United States citiz... nevermind.
It runs afoul of about a dozen european rights to privacy, imagery and consent laws. And that's just by posting pictures ! Libel and slander are a bunch of others, right to a response is also another... the list is long. It is, once again, yet another dudebro trying to skirt legality.
dragonwriter · 16h ago
> It runs afoul of about a dozen european rights to privacy, imagery and consent laws
The EU is welcome to try to enforce its local laws on the US operations of a US business open only to US users, but I don’t think its going to have much success.
ohdeargodno · 11h ago
It's cute that the Americans think they're some special, unrestricted by law type of citizens: they're not.
That boat already sailed and it already happened. "US only operations" does not matter (which is already bullshit, as Tea does not verify that users are US ones, they merely disabled downloading in the play/app store): posting pictures of European citizens runs afoul of European laws. Sure, they can't come and arrest you on US soil. Just don't travel too much.
Quarrel · 6h ago
While the GDPR has extraterritoriality, you are over-reaching here.
Tea can collect and use photos of EU citizens, if it collected them in the USA, with (all other things being equal) no fear of GDPR violations.
So, yes Facebook can't collect photos of EU citizens, then process and do "stuff" with them in the USA, without violating GDPR, because that'd be the easiest out ever for multinational tech companies.
It is the location of the subject of the personal data collection that matters, not their citizenship.
fc417fc802 · 6h ago
Unrestricted by foreign law, yes. Would you be in favor of having US law enforced against you? It bewilders me why anyone would want more of this nonsense in the world instead of less.
The document you linked is interesting but I'm skeptical that you actually read it. It effectively says that in practice there's no hope of enforcing actions against entities that are purely in the US unless their behavior has run afoul of state or federal policy.
It does note that if concrete damages are recognized by the court that there is a decent chance US courts will cooperate to enforce the judgment. But the vast majority of GDPR enforcement is punitive as opposed to compensatory so it's not particularly relevant.
I'm also not clear why you think traveling would matter. DPA penalties are administrative in nature, not criminal. They are also likely to be levied against corporations as opposed to individuals. My guess is that the extremely unlikely worst case is your entry or visa application getting denied.
ohdeargodno · 4h ago
US law is _already_ enforced upon me. Banks regularly ask if you are a US citizen, or subject to the IRS in any way. The US affirms at every step the extraterritoriality of its harmful laws and attempts to use their pathetic excuse of "free speech" to defend multimillion dollar companies evading taxes in my country while damaging democracy. The US imposes its definition of copyright to the world, destroying access to culture and knowledge to billions.
Needless to say, I am very happy about making the US eat shit.
zoklet-enjoyer · 13h ago
Why would they care if they're breaking European laws? They're not a European company.
ohdeargodno · 11h ago
European laws apply to any European citizen, _anywhere in the world_.
Quarrel · 6h ago
This is not true. Like, (almost) at all. (There are a few tiny exceptions, for instance, if an EU national commits child sexual abuse overseas, they can be prosecuted for it in the EU)
Two Germans shooting each other in Australia break Australian law, but not German law.
zoklet-enjoyer · 52m ago
Are you saying the developers are European or what?
9dev · 3h ago
No, that isn't true. To the contrary actually, the GDPR applies to anyone on European soil, even US citizens. When you're on American soil, you fall under American legislation.
fc417fc802 · 6h ago
Ah yes, the notorious extraterritorial "right to be forgotten". Whereby the EU military dispatches its special forces to smash up computers in foreign data centers.
dyauspitr · 14h ago
Why have revenge porn laws and not revenge libel laws.
dragonwriter · 10h ago
What are "revenge libel laws", and, in particular, how would they differ from regular libel laws?
umanwizard · 15h ago
> Where I come from
…is clearly not the US, which has probably the most expansive understanding of “freedom of speech” in the world.
9dev · 3h ago
So totally free, unless you criticise the empero… err, Trump or the government, of course. Or if you're against Israeli settlements. Or in favour of humane treatment of the People of Palestine. Or have information on the customers of Jeffrey Epstein. Or…
chneu · 5h ago
lol no it doesn't. american freedom is a bit of a joke but it's par for the course in the USA to make shit up and then defend it.
The USA doesn't even rank in the top 15 on the human freedom index. Most freedom indices don't even put the USA in the top 20. A few don't even put the USA in the top 30.
throwaway48476 · 4h ago
In my personal and equally arbitrary freedom index north korea is #1.
wqaatwt · 3h ago
I neither agree nor disagree with the specific point about the US but all those indexes are silly, pointless and shouldn’t be taken seriously.
Also they have very little to do with “measuring” freedom of speech anyway.
voxic11 · 20h ago
I think its a mostly US based app, in the US sharing your opinion about other people is protected speech.
perihelions · 19h ago
But sharing *facts* about other people is potentially defamatory speech (in the American context). There's a not-at-all small nuance here: when you make concrete allegations about your personal experiences, you're not sharing an opinion—not sharing your subjective reaction to publicly-known information—rather you're introducing novel facts, provable objective facts, into the discussion—your version of those facts. And that comes with genuine legal risks.
A remarkable fact that's stayed with me: Ken White (@popehat) once said that in his defamation law practice, his largest category of consultations was with clients who'd said negative things about a past romantic partner, who then threatened to sue. I believe his point was those negative things were true most of the time, but difficult to prove, or defend.
firefax · 17h ago
I thought, as a practical matter, it's on the person alleging slander or libel to prove falsehood?
I think sometimes folks don't properly threat model what can be done if someone chooses to think about what the consequences for breaking a rule are and letting that guide their actions, rather than striving to avoid breaking them out of some kind of moral principle.
anonym29 · 16h ago
Hypothetically, if I said "firefax murdered an underage prostitute and then sexually violated the underage prostitute's corpse in 2018 and was never caught, I witnessed it happen and tried to report it but the police refused to even open an investigation, firefax is a dangerous predator and should not be trusted", and you lost your job because of that, should you be the one with the burden to prove that never happened?
umanwizard · 15h ago
We are talking about what is the law in a specific country, not what “should” be the law. Also, the bizarrely graphic description is out of place here.
anonym29 · 13h ago
It's a visceral thought experiment, intended to instill a sense of bewilderment at what being falsely accused actually feels like to someone who seems to offer a normative assertion that privileges bad-faith accusers, without actually causing any of the harm of a real false accusation. That is topically relevant and experientially informative while being restrained enough to not be actually harmful.
No comments yet
dragonwriter · 18h ago
> But sharing facts about other people is potentially defamatory speech
Yes, and? The service is protected in the US by Section 230, and Tea doesn't operate anywhere else currently. Individual users who use it defame are, in principal, subject to defamation liability, but in the US (and, again, that’s the only jurisdiction currently relevant), the burden to proving that the description was both false and at least negligently made (as well as the other elements of the tort) falls on the plaintiff (it is often said that “truth is an absolute defense”, but that’s misleading—falsity and fault are both elements of the prima facie case the plaintiff must establish.)
Sure, in a jurisdiction with strict liability for libel and where truth is actually a defense, and/or where the platform itself, being a deep pockets target, was exposed, Tea would be a more precarious business. But that’s not where it operates.
TheOtherHobbes · 14h ago
The most obvious legal claim at the moment is that Tea was negligent about its security.
I suspect that's going to be more of a problem for Tea than hypothetical individual defamation cases.
Although having said that, how can you sue someone for defamation if you never find out you're being defamed?
Any woman can say "Don't date [name], he's a bad person" and the victim will never know.
Unless he asks a female friend for a social credit check, all [name] will see is a shrinking pool of opportunities.
naet · 10h ago
If it's an opinion or a statement of a fact it isn't defamation.
"He's a bad person and you shouldn't date him" is an opinion you can legally express anywhere as much as you want.
perihelions · 18h ago
That's all true. I wasn't clear on the context of this thread, whether we were talking about the users or the platform.
bigfatkitten · 14h ago
Even if it’s true and provable, very few people have the money to defend a defamation matter.
blks · 18h ago
Is making a post on eg Instagram after breaking up with your ex and telling that she/he e.g. abused you, illegal too?
reliabilityguy · 18h ago
Heard of Amber Heard?;)
I mean, I think it depends what you claim in this post.
const_cast · 20h ago
Sharing your opinion is protected speech, by lying is not always protected speech, particularly if done with the intent to financially hurt someone.
firefax · 17h ago
Devil's advocate, but how is saying someone is an unreliable romantic partner going to financially hurt someone? Maybe the reason I haven't had success in the policy arena is because I've been too kind, given recent events :-)
const_cast · 9m ago
I'm not sure, it depends case to case and what the court thinks. I think, generally, if you can prove it directly caused you to lose lots of money then you can make an argument.
lazide · 12h ago
What words do you think a vindictive ex uses? I don’t think ‘unreliable romantic partner’ are any of them.
I have seen false rape claims, false claims of child abuse, neglect, etc.
With zero repercussions, of course.
parineum · 8h ago
If you're boss is on the app.
gitremote · 19h ago
Do you think a women's dating safety app is mainly about women lying and intending to hurt men, because it's rare for men to stalk or sexually assault women?
qcnguy · 18h ago
A few days ago a video leaked of a woman riding in a Mexican taxi, who was demanding the driver went faster. He refused because it'd be dangerous, and she immediately started threatening to report him as a harasser to the police. She even said he had to speed up or else the police would be waiting for him when they got there. She didn't realize her whole conversation was recorded on camera.
A lot of men have had experiences like this one. Either directly or they know someone it happened to. Yeah #NotAllWomen but way too many will exploit the feminist #BelieveAllWomen culture to gain even trivial benefits. An app devoted to letting women anonymous gossip and engage in reputation warfare without fear of consequence, or even fear that the man might reply in self defense, is going to get flooded with women like the taxi passenger.
9dev · 17h ago
"A lot of men" is doing a lot of heavy lifting here.
Go read some statistics on the number of women harassed, abused, raped, and killed every day—every single day—because they are women.
Go ask your mother, your sister, your wife, your female best friend, when they had their last abusive encounter.
Go ask your friends of both genders what the worst things are that could happen to them when walking home at night, and compare the responses.
Go read some historic accounts of how women were treated for… pretty much all of history.
Go look up news articles of what can happen to women when riding a taxi. Spoiler: it’s not just a threat.
Yes, there are some abusive women out there. Yes, it’s fucked up when that happens to you. But trying to insinuate the levels of violence against men would be even remotely comparable is just plain awful.
lazide · 12h ago
By the time a man has hit his 40’s, it is exceptionally uncommon he hasn’t seen someone hit with a false rape claim - or had one himself - by a vindictive ex. Or has been threatened with (or directly attacked) with physical violence.
By people going on the same sort of rants like you just did.
Some People are terrible, especially when they think they can act without consequences.
Does that excuse men doing bad things too? No.
But it sure does (or should!) make anyone with a brain question hyperbolic claims of abuse or violence without actual evidence.
9dev · 3h ago
The problem is that you're equating the wide range of violence against women with a specific kind of violence against men by calling both "bad things", insinuating those are even remotely comparable. They are not. 90% of rape victims are female. In the US alone, every 68 seconds, a woman is sexually assaulted.
After the big war, some Germans were quick to point out that their people had suffered when they were displaced from the land they occupied in Poland, for example, and that "both sides had suffered". I assume you're also incapable of understanding why the victims of the Nazi regime were completely aghast by that?
> But it sure does (or should!) make anyone with a brain question hyperbolic claims of abuse or violence without actual evidence.
What do you suggest to do instead? Sexual violence is often a crime with only the perpetrator(s) and the victim as witnesses. In most cases, rape doesn't leave persistent traces. Rape victims tend to be in shock, however, and often need time to process what happened. Your suggestion seems to be that we should question these claims?
Judging these cases correctly is incredibly complicated, and claims of wide swaths of men falling prey to abusive women don't really help anyone affected.
lazide · 3h ago
There is a reason ‘he said, she said’ is widely known as the shittiest type of situation, eh?
Yes, we should question those claims, and any others. Or everyone who wants to be shitty will do it via that route. It’s basic shitty human behavior.
That it screws actual victims is why people gaming the system should be punished.
But not challenging these claims just makes more victims too. And eventually people will just tune out accusations, because the shittiness has gotten too pervasive. And then the predators/shitty humans will get be doing more actual rape eh? Which is terrible.
This is why it’s also prudent to be very careful who anyone is alone with, favor video recording of public spaces, etc. as well. Because the best way to avoid a situation is to make it as difficult as possible for the situation to occur, and minimize the chances of any ambiguity. Which is also shitty for everyone.
Personally, I also don’t trust the stats because I’ve seen many (5+) women retcon clearly consensual behavior (that they were even bragging about before!) into ‘he raped me’ when someone tried to shame them for it later, or there was some leverage they could get out of it. I had one who literally admitted to me when I investigated that she was doing it to punish the guy for refusing to date her later. Another was fine until she went home and her mom gave her crap about her dating behavior, and then all the sudden it was rape. Until we started to interview her for her story, and then she admitted it was consensual.
I very much believe actual rapes and SA’s occur. I personally have literally never seen an accusation for rape or SA that stood up to even the lightest scrutiny, within the environments I’ve been responsible for. And not because I was trying to avoid them!
The joys of being a manager of mixed sex groups eh?
If we could figure out the actual truth of these situations, then we could punish actual offenders and not constantly be in this BS situation.
prisenco · 19h ago
I do. Not as an indictment of women but an indictment of social apps. Apps like this are way too hard to moderate, manage and verify. They quickly get swarmed by bad actors and misused. Again, not because women don't have genuine safety concerns in the dating world but because apps are not a viable way to manage those concerns.
Some social problems just don't have technological solutions.
gitremote · 19h ago
Like online reviews, if 10 women reported that the same man was violent, would you see it as 10 data points or 0 data points that say nothing?
prisenco · 18h ago
You know the answer to that is zero. There is no viable system a company, let alone a small unfunded startup, could use to verify the identity of the reporters let alone guarantee the trustworthiness of the account.
Those ten reports could be made by one person. That one person might not even know the person they're accusing. That one person might be a man. That one person might be a bot.
You'd have to ignore the last three decades of online identity, trolling and social media pitfalls to not recognize that.
And please don't compare reviewing a can opener on Amazon to accusing someone anonymously of a heinous crime on an app built by one person.
But I'm not sure I'm going to convince you with words so I'll suggest this:
Go and build this app.
Build it, see what happens. Nobody else has been able to crack this but maybe you can.
philodeon · 1h ago
You’ve never read the story of the Halifax Slasher, have you?
> Do you think a women's dating safety app is mainly about women lying
That's not what it is intended for, but many people after relationships end can be extremely emotional and sometimes very spiteful. It's not uncommon for people to embellish or lie about the truth to make themselves look better and the other person look shitty. Especially if you're the one being dumped, you may be even more likely to engage in petty behaviour.
I personally have experienced an ex making up a sexual assault story. This kind of app didn't exist then, but she even went as far as reporting me to the police. Luckily the police investigated and could easily discern it was a lie. Going to the police is obviously a much higher burden than using an app, and yet many females still go make false SA claims there. Do you really think it wouldn't be a common problem for people to do the same in an app at a much higher rate?
People often believe things like SA claims without any evidence and will often even attack people trying to defend the person or insist on some kind of proof. It means that someone making up bull crap on these apps is going to be treated like it is true, yet the rates of lies would likely be pretty high.
People can just be so crazy when it comes to relationships/love. Especially when it comes to people in their teens or early 20's, the brain isn't fully developed and dealing with these emotions is even more challenging and leads to even more rash decision making.
Mawr · 9h ago
> because it's rare for men to stalk or sexually assault women?
The more common it is, the more damaging false claims of it are. It's a self-defeating linear relationship.
GoatInGrey · 19h ago
We grant a tremendous amount of leeway and power to accusations made by women against men in society today. There are always honest people using things for their intended purpose. Though they are also dishonest people using things for their own ulterior motives.
A well-designed system will maximize utility for the former, and minimize utility for the latter. An app where women can leave what are practically anonymous reviews for men is not such a system.
bawolff · 19h ago
That's not really relavent to whether someone is going to get sued for defamation.
It might be relavent to who wins the lawsuit, but sometimes the mere existence of a lawsuit is pretty painful.
gitremote · 18h ago
Sure, and what was proposed was suing the women for warning others about an allegedly dangerous man, not suing the man.
Levitz · 17h ago
>for warning others about an allegedly dangerous man
I mean if witches didn't do anything surely they wouldn't be hunted down.
xhkkffbf · 18h ago
I'm sorry and I'll be voted down for this, but I do think that it will attract plenty of fibbing and deliberate or not-so-deliberate stretching of the truth. Anyone who is rejected tends to be a bit angry about it. In this case, women who are ghosted can say whatever they want.
This isn't all of the people, but in my experience in life it's more than enough to make this app impossible to filter.
mjbroe02 · 18h ago
That doesn't apply when you publish information for broad consumption. Then it becomes libel. People need to realize that posting on a site where you can reasonably expect that your words may be consumed by the masses makes you a publisher. That comes with responsibilities and is not protected the same way as an individual's personal speech.
DocTomoe · 17h ago
So all I need to do to mark another guy (who might be, for example, competing for a job I want, or a certain woman's attention) as a rapist on a platform that's used by people in the location this guy lives in in the US is a (fake) female driver's license, a photo of the guy in question, and a name?
coolcoolcool. I'm sure that neverever gets abused horrifically.
hyperliner · 19h ago
Not if it’s libel or slander, both which are generically defamation.
gitremote · 19h ago
It's not defamation if it's true. Why do you think women warning other women about rapey and stalker men are mostly lies? Even if it's only 5% of men, wouldn't the discussion focus on that dangerous 5% over persecuting the innocent 95%, as a matter of self-preservation?
GoatInGrey · 19h ago
An irony in this conversation is how normalized it is for women to be concerned about men as a demographic when it's only a small minority that inflict harm. While it's controversial for men to be concerned about women as a demographic when it's only a small minority that inflict harm.
I still maintain my pet theory that this is a downstream effect of the normalization of paranoia around pedophiles that began hitting the mainstream in the '80s. The modern world is exceptionally safe, yet to the average person, it feels exceptionally dangerous.
...While I've got the hood up, I'll continue soapboxing.
I've started seeing rare instances such as a young woman walking around a corner and there is a man rounding the same corner, surprising her by mistake, and the woman starts crying or breathing in a panicked way, unable to regulate herself for several minutes. It's not always walking around the corner at the same time, but there's a common pattern of being surprised by a man just going about his day and experiencing a severe fear response to that interaction.
When I look at a lot of cultural related issues today, beyond just gender, I see many signs of pervasive psychological issues. I don't know what the solution is, but I'm very confident that the root cause is more complicated than something you can describe in a single sentence.
bcrosby95 · 18h ago
Maybe it's different now, I have no clue, but I'm in my 40's now and don't make a habit of hanging out with 20 year olds.
But I was friends with my wife's friends before we got married, and in a sample size of ~20 women my age, every single one of them has experienced inappropriate and unwanted touching in social settings. And a large number of them were victims of outright rape.
In comparison, I have many male friends and of them, I only know one who has been wrongly accused of sexual assault (the lady openly talked about doing it to help with a promotion...)
So even if both sides may have a few bad apples, one side is a much more prevalent problem when it comes to the number of victims.
gitremote · 18h ago
> An irony in this conversation is how normalized it is for women to be concerned about men as a demographic when it's only a small minority that inflict harm.
The same hypothetical 5% can inflict harm to multiple women, that's why multiple women and girls complained about Epstein and Trump.
gitremote · 19h ago
What was leaked was women's personal data, like driver's licenses. What they shared with each other was their experiences with men who sexually assaulted them or stalked them and their names, not the men's personal data.
Men's driver licenses were not distributed online. Only women's driver licenses were distributed online.
quietbritishjim · 18h ago
I'm not familiar with this app, but surely those accusations of sexual assault are only useful to other users of the men are sufficiently well identified?
gitremote · 18h ago
Name and photo.
9dev · 17h ago
So… Personal data?
tgsovlerkhgsel · 7h ago
The article says that what gets shared with the app is a picture of the man, and it's not just "those who sexually assaulted them or stalked them" but anyone they want feedback about.
I assume the app then runs facial recognition.
This may be legal in the US, but not under GDPR. Pictures of faces are biometric data (explicitly listed as such), which falls under additional restrictions beyond personally identifiable information.
A drivers license with the picture blacked out would be less sensitive than the picture itself!
9dev · 3h ago
> This may be legal in the US, but not under GDPR.
This whole story is an amazing example of why the GDPR is correct about this, IMHO.
tgsovlerkhgsel · 3h ago
There are soo many examples from the US showing why GDPR is a good thing: Clearview AI (biometric mass surveillance, essentially "search the internet by face"), car manufacturers collecting and selling location data, phone companies collecting and selling location data, ISPs collecting and selling browsing behavior, companies running mass surveillance on license plates and selling the data to law enforcement and really anyone who pays, some DNA sequencing related abuses that I don't remember the details of, all the data collected by the ad "ecosystem" (note that this still happens in GDPR-land because enforcement is lacking), this, ...
fkyoureadthedoc · 19h ago
> By this logic: I suppose glassdoor, yelp, or Google reviews aren't legal either?
Imagining a future where I have to pay Tea to promote and astroturf my profile or they lower my rating, and pay bot farms to post glowing reviews
fragmede · 19h ago
In this future that you want me to imagine, do you imagine, that I'm imagining that I am poor or I am rich? Because oh man, I didn't have much luck at the lottery or at blackjack or craps or startups or crypto, but I'm sure, this time, AI is gonna help me strike it rich!
Yes, as far as I understand, you upload pictures of men, either taken in the wild or from dating sites (Tinder) against their will. I am pretty sure that this would be illegal in some jurisdictions. Especially EU.
ajuc · 18h ago
Companies aren't people (despite lots of people pretending they are).
arrowsmith · 20h ago
> Peeple failed because they couldn't eliminate bias and gossip against anyone
Without bias and gossip, who would even want to use the app?
dyauspitr · 14h ago
Almost everyone? And not in a cheap throwaway comment way, I mean genuinely. The value is that it’s informative not a gossip rag.
theflyinghorse · 9h ago
I don't think you understand humans. Spicy social gossip is far more attractive to people rather than anything informative.
givemeethekeys · 17h ago
There are large Facebook groups dedicated to "Are we dating the same guy?" / "Are we dating the same woman?" that predate this app.
Fogest · 13h ago
A lot of these groups have also had people get successfully sued for defamation.
ssalka · 15h ago
I would imagine Tea enjoys protections from Section 230, same as all other social media sites.
carabiner · 21h ago
It's exactly like Lulu which shutdown due to privacy issues.
Every couple years someone tries this and it immediately turns into a cesspool because no matter the good intentions of the makers, it attracts the worst kind of person as active users.
It gets shut down, everyone forgets, then someone eventually has a brilliant idea...
It come from a place of sincerity but defenders imagine everyone would use it for the same reasons they would: Warning people of genuine threats in the dating world. They would never use it for gossip, or revenge, or creative writing, etc. so they don't imagine others would.
But at scale, if generously only 0.1% of women in America are bad actors that would weaponize this app, that's over 150k people (not to mention men slipping past security). And the thing about bad actors is that one bad actor can have an outsized effect.
junto · 17h ago
These kinds of apps are already in existence across many cities in the world in the form of informal, invite-only WhatsApp and Telegram groups.
The problem is the demand is there for such groups and I see posts that range from, “this guy tried to get me to get in his car”, or “man exposed himself to me”, to “man has twice approached children at my child’s school” or “I was drugged and raped after meeting with X on Y dating app”.
Lots of sexual attackers are known to multiple women.
Fact is that in lots of countries rape kits don’t get processed, it’s hard to secure a conviction, many serial sex offenders walk free and many women don’t want to go through a reliving of their trauma in court.
As a result these kinds of groups are very useful, not just for women who are actively dating, but for women who are simply existing in day-to-day public life. We have a president and a supreme court judge who both have been accused of serious sex offenses and nothing happened.
Is there a chance that some man who has done nothing wrong, gets accused by a woman in these groups? Yes of course there is a chance that could happen, but many would prefer to not take the risk of dating someone that has been accused of being a sex offender and the vast majority of posts with confirmation by multiple women confirm that bias.
These groups help keep women safer than without them. There’s a good reason why many women just don’t date at all any more. Covid lockdowns reminded them that they don’t really need it and it’s more hassle than it’s worth.
Sadly the vast majority of men are fine (not all men), but not enough call out the bad and dangerous behavior of a minority of their friends and peers. Until that happens women will be drawn to these apps and groups to try to be safer and not be a part of a sex crime statistic.
prisenco · 17h ago
"invite-only" is key because it requires a trust relationship, if not directly then through minimal degrees of separation. While not perfect they can basically work while apps for the general population cannot because there is no trust between the users.
junto · 17h ago
Indeed. This trust is a critical point. The invitation mechanism is a web of trust. Not infallible but better than these apps that try to centralize that through identification.
carabiner · 12h ago
> Is there a chance that some man who has done nothing wrong, gets accused by a woman in these groups? Yes of course there is a chance that could happen, but many would prefer to not take the risk of dating someone that has been accused of being a sex offender and the vast majority of posts with confirmation by multiple women confirm that bias.
The concern of false accusation appears to be... brushed aside. Are you a man? How would you feel if you were falsely accused? Knowing that this could snowball into being doxxed, having your employer informed etc. Innocent men have been jailed for this.
chneu · 5h ago
Innocent people have killed themselves over this stuff. The mob don't care.
derbOac · 5h ago
Based on some of the things I've seen in my professional and personal circles, I'd say there's much more than a chance, and the level of potential distortion is probably much greater, with more consequences, than some are acknowledging.
carabiner · 18h ago
There needs to be a startup accelerator or VC that solely focuses on recycled ideas. We could have an app that gathers strangers for dinners, one for reviewing people, and so on. Since all of these gained traction at some point, the idea would be you get 1-2 quick puffs of these discarded cigarette butts before selling or shutting down. Just vibe code it, go viral, collect some subscriber fees, then close due to whatever reason.
The answer to your last two questions is found within section 230 of the Communications Decency Act.
pdabbadabba · 18h ago
> “False slander” is not a thing.
It's only not a thing because, in the U.S., it's redundant. In other jurisdictions, it might be a thing, because there are places where a claim can be both defamatory and true.
No comments yet
xhkkffbf · 18h ago
I believe that at least one person has gotten a posting removed about himself by complaining directly to Apple. He presumed that Tea wouldn't care.
Whew, one look at his account and I can imagine what women who've been on dates with him would be saying haha
kingkawn · 15h ago
That dude is a pos tho
exiguus · 19h ago
A gray area in my eyes. As a father, I think it's good that my daughter uses the app.
You only need to look at the statistics to see how many women are killed by their male partners every year.
thefourthchime · 19h ago
It's harmful to spread this kind of fear. Statistically it's less than 0.05% of women die because they are killed by their partner. This puts a stigma on men in general as some sort of dangerous savages.
standardUser · 18h ago
As a man, I find it absurd and even dangerous to not attach some stigma to men. That you feel the need to invoke "dangerous savages" is maybe your own prerogative, but by any sober and fact-based analysis it is indisputable that women are justified in acting cautiously when dealing with strange men.
fsckboy · 15h ago
mothers are more than twice as likely as fathers to kill their children. and the same is true for child abuse and neglect.
humans in general act like psychos, the danger comes more from the size differential than propensity to act like a jerk.
standardUser · 15h ago
Most violence is perpetrated by men. If you're only response to that hard, cold fact is some stat about infanticide, maybe you're not honestly grappling with the issue.
throwawayq3423 · 7h ago
Most violence is perpetrated by men, but men are also equal victims.
throwanem · 15h ago
I'm justified in acting cautiously when dealing with strange pit bulls, too. That isn't the same as saying pit bulls deserve to be stigmatized. Or I don't think it is.
guywithahat · 19h ago
It's also leads to racism when people break down relationship violence by race. It's a dumb argument that helps no one
cauch · 19h ago
I think the problem is not the statement, but the conclusion.
Do we have more physical violence from men towards women than the opposite? I think I saw that the reality is yes. Does it mean that men are biologically coded to be violent, or is it a question of education and culture?
If you conclude the second one, it is not "sexist" (on the contrary, it may even be that the culture that creates the problem is itself rooted in sexism and that acknowledging some reality about its existence may help changing this culture), and does not imply prejudice against men, just acknowledging that we need to be careful in case of bad apples.
It still means that talking about this requires to be very careful.
To react on your example, I think it is a good think to notice if some population have a bigger problem at this subject than others, and we can then identify more easily the places where this problem forms and target these places. But people who concludes "look at violence divided by race, so I can generalise and be prejudicial to everyone in some race and not other" are idiots.
belorn · 18h ago
The statistics is a bit more complex and nuanced than giving straight answers. Studies looking at any form of violence in partner relationships shows both women and men having equal amount. When looking at physical violence, especially those that lead to people being charged with a crime, men are over-represented in heterosexual relationships.
However, homosexual relationships has equal rate of partner violence as heterosexual ones. A bisexual woman that has a relationship with an other woman will double her rate of physical violence compare to relationship with a man (statically). A man who has a relationship with an other man will half his rate of violence. This makes no sense at all (unless we believe that sexual orientation is an factor for violent behavior), unless we add a additional factor of sexual dimorphism. Men are on average larger and more muscular, and there seems to be a correlation between being the larger/stronger and using physical strength/fists during a fight. The smaller person is in return more likely to use tools or other means of violence. Statistically, fist also has a higher probability to do damage than improvised weapons, since people are more proficient in using their fists.
Does it mean men are biologically coded to be violent? No. Is it a question about education and culture. Maybe in some countries/cultures, and it wouldn't hurt to use the education system to teach people conflict resolution. Getting people who are physically larger to not exploit that fact during a heated fight is likely a hard problem to solve on a population level.
cauch · 15h ago
Not sure what is your point.
I think "any form of violence" is not a constructive direction. First, this ends up being very subjective: between 2 forms of psychological violence, which one is the most violent? Secondly, if indeed it is cultural, it implies that different sub-culture may have different ways of acting, so we can always play the subgroups to make it says whatever we want. But most importantly, it is not very relevant for our context: in the case of the first interactions during heterosexual dating, pretending that men risk as much as women seems a very unconvincing claim, for several reasons (even if under-represented it should be under-represented to an unrealistic level to reach an equal level, and it also does not fit with plenty of cultural tropes (I can find a video explaining explicitly that manly men need to dominate their female partner. I'm sure it exists, but the simple fact that I cannot easily find a video explaining explicitly that womenly women need to dominate their male partner shows it's not that of a trope. On the other hand, I can also easily find videos about "trad wife" that will explain that a womenly woman must be with a dominating man))
For the rest, I think we say the same thing: talking about the visible issues is not a problem in itself, but people instrumentalising these issues to be racist or sexist are the problem.
Dylan16807 · 9h ago
> Not sure what is your point.
If it's almost all about the size of the specific two people in a relationship, it's a terrible terrible idea to aggregate that by gender, leading to completely misplaced wariness and judgement.
cauch · 6h ago
Why would it be the size of the specific two people in a relationship?
It looks very clear to me that violent behavior in relationship (and more specifically, in the first few days of dating) is a question of education, not the result of one person being bigger. For example, every parents are stronger than their young children, but only some kind of parent are violent towards their children. If it's a question of education, reducing the problem of the size of the people is a terrible terrible idea: the problem will never go away because you don't understand the source and therefore don't act on the source to fix it.
It feels like some people here are framing the problem in "men vs women" framework, as if it is a competition and they don't want to accept that maybe men behavior is different from women behavior because the way they are raised in our society. I don't really see the point: I'm a man, and yet I don't take it personally. The same way I don't take it personally when someone says "don't accept candy from strangers": I'm a stranger for a lot of kids, and yet I understand why they should be prudent and I understand that, in situation where I have to interact with an unknown kid, I should do things differently (for example not giving them candy), not because I'm a danger for them, but because it is true that there is danger and that they cannot know if I'm a danger or not.
So many men take it uselessly and nonconstructively personally as soon as it is dating.
Dylan16807 · 24m ago
> Why would it be the size of the specific two people in a relationship?
That's the main argument of the grandparent post. If you're missing that then you're not really responding to what they said.
They went into significant detail so I feel like trying to reword it myself would be worse than suggesting you read the post again.
> If it's a question of education, reducing the problem of the size of the people is a terrible terrible idea: the problem will never go away because you don't understand the source and therefore don't act on the source to fix it.
Nah. Root cause analysis is entirely different from risk analysis. This is about risk analysis. If a woman dates a man that's smaller than her, who should be more worried about violence? That's not the time to worry about why and how to fix society.
> maybe men behavior is different from women behavior
Maybe it is! But then you need a really good explanation for the data in the above post. Or you need to say the data is wrong. But you can't just dismiss it as being defensive.
hdgvhicv · 18h ago
Men are more likely to be victims of violent crimes than women
standardUser · 17h ago
Yes, primarily by other men as we all know.
cauch · 15h ago
Not sure what is your point?
It feels a bit like saying "there is a bug in software X, but there is also a bug in software Y, so let's not fix the bug in software X".
Of course, men also suffer from problems.
It even feels that it is usually also due to machismo or something similar.
Sometimes, it feels like the majority of men's problem is in fact self-inflicted by the manosphere. They both complain of suicide rate, army draft, violence against men, but they also promote a culture of not-showing-emotion-otherwise-you-are-not-manly, a-man-is-worthless-if-they-dont-succeed, army-is-manly-and-women-are-weak, a-man-should-show-dominence-and-other-men-are-a-threath, ...
People likes to see things in black or white, but the reality is more complicated, and there is no advantages that does not bring also some disadvantages.
exiguus · 18h ago
The context was a dating app.
And yes, men are also victims by men.
standardUser · 18h ago
Race is America is extremely idiosyncratic. Gender relations exhibit a far more consistent dynamic cross-culturally.
octopoc · 17h ago
Calling it "extremely idiosyncratic" is not indicative of reality:
> Black people are the most likely to experience domestic violence—either male-to-female or female-to-male—followed by Hispanic people and White people.2
Centers for Disease Control and Prevention. The national intimate partner and sexual violence survey: 2010-2012 state report.
> Asian people are the least likely to experience intimate partner violence.[1]
You misunderstood my comment and instead gave examples that further support the idea that race relations in America are unique and particular to our history and geography. That's why race statistics in the US are not well-suited for cross-cultural comparison, let alone for drawing gargantuan conclusions about inherent racial traits (as racists are often looking to do).
exiguus · 18h ago
The risk of females being murdered by an intimate partner is five times higher than for males. And murder is just the very end of the spectrum.
And by definition, calling out men, is not racism.
Rebelgecko · 18h ago
Are there other groups that are 5x more likely to commit murder? Even if there are, IMO we shouldn't judge every member of that group for the actions of a small minority
exiguus · 18h ago
Are we still talking about a App that helps with dating?
HPsquared · 19h ago
It's better to think in terms of overall life damage and "quality of life years lost". I think it's very debatable which side loses more from getting involved in relationships.
adolph · 17h ago
> Statistically it's less than 0.05% of women die because they are killed by their partner.
2020 USA Per Capita Count of Mortality Event: Assault(Homicide), Female: 0.00139%
Statistically that is a rather small number. But if we take the number of women in say, America, a web search says 334.9 million. 0.05% of that is 167,450. That is quite a lot of women being killed by their partner.
deathanatos · 18h ago
According to the UNODC[1], in 2023, the rate of all murders of women in the US was 0.00205%. (2.05 per 100,000) Partner violence appears to account for ~34% of violence against women[2] (but vs. 6% for men), so that would be 0.697 per 100k or ~0.0007%, or ~1190 women/yr in the US[3]. Assuming I've done the math right… the risk is more than two orders of magnitude smaller than what you came up with.
> Partner violence appears to account for ~34% of violence against women[2] (but vs. 6% for men)
And this is sort of the point of the comment higher up: when you cut the stat this way, it seems like men are wildly dangerous creeps. But it is a statistic comparing one group to another group. We need to instead look at the absolute rate of partner violence to decide if men are on the whole violent murders or so, and there, the overall risk is low.
[3]: (I've assumed a round population of 340M for the US, with 50/50 gender, just an approximation.)
adolph · 17h ago
> when you cut the stat this way, it seems like men are wildly dangerous creeps.
Not exactly. The statistics didn't specify the gender identity of the perpetuator, just the relationship to the victim and the gender identity of the victim.
kgwgk · 19h ago
> the number of women in say, America, a web search says 334.9 million
Doesn't look correct.
pbhjpbhj · 17h ago
USA population is c.350M total, so they're probably off by half.
That looks like the general population of the US, and is out of date, it’s 340m+
edmundsauto · 18h ago
5k women are murdered in America each year, fwiw.
18k men are murdered. But women are murdered by their partners at a higher rate.
cwmoore · 3h ago
How many men are murdered by their partner's other or would-be partners? Not none.
Is suicide not counted in any way? A significant other or their loss will have a significant impact on mental health.
exiguus · 19h ago
I don't know were you have this numbers from, but in 2021 34% of women were killed by partner and 76% of women where killed by a known person (family, friends, colleges, partner) [1].
That’s out of women who were murdered or killed in manslaughter cases. OP was talking about base rates. 5000/170000000 is about 0.03%.
GoatInGrey · 18h ago
Your wording here is clumsy. You're saying that 34% of the adult female population was murdered by their partner. I'm assuming you meant female murder victims and not women in general?
exiguus · 18h ago
To clarify, its about murdered victims. I thought this was clear. I thought we are still talking about partnership and dating.
K0balt · 18h ago
I think poster is looking at mortality risk, not mortality cause.
qualeed · 18h ago
Your stats are for murder victims. I assume that the parent poster was talking about all causes of death.
I have no idea if their number is correct for that either.
exiguus · 18h ago
Could be. But I'm not. And the context is App for dating.
qualeed · 18h ago
>But I'm not.
But... you're trying to correct their statistics?
I agree with you that in the context, your stats maybe make more sense. But if you're going to correct someone, you generally should recognize what they were trying to communicate in the first place.
exiguus · 18h ago
I don't want to imply that someone tried to find the smallest possible number in order to deliberately misunderstand my comment, but we are still in the context of the dating app.
jameslk · 18h ago
I keep seeing the defense for Tea as an app for women’s safety, which is of course a valid concern. Wouldn’t it make more sense for a service to exist, like some kind of enforcement service provided by the government, where others can report safety concerns and that service goes and does something about it legally?
If such a service exists and isn’t being too effective, shouldn’t that be worked on?
My guess is that there’s more to the reasons for why Tea is popular but the safety argument is largely being used to defend it
ronsor · 18h ago
> Wouldn’t it make more sense for a service to exist, like some kind of enforcement service provided by the government, where others can report safety concerns and that service goes and does something about it legally?
I think this is called "the police"
sali0 · 11h ago
No it's called sarcasm
storus · 2h ago
You are probably unaware of unintended consequences enabled by this app - many women use it to find bad boys they feel attracted to due to some brokenness in female psyche. So you'll get public outrage on one hand and private DMs on the other from them, based on how bad you are described/vetted by other women on the app.
blks · 18h ago
Online men-dominated forums often dislike and feel personally attacked by people talking about sexual abuse/harassment done by other men. I guess they immediately imagine themselves being falsely accused of such acts, rather than being a woman that is attacked.
saparaloot · 19h ago
You still think so?
jabjq · 19h ago
I wonder how well-received this comment would be if it mentioned crime statistics regarding something else than gender.
webstrand · 21h ago
Not only that, I think they're forfeit their Section 230 protections since they're exercising editorial control by excluding males from the platform. So they'd be directly liable for any defamation they publish on their platform.
pridzone · 20h ago
It would be in Apple and Google’s best interest to pull these apps immediately. Multiple Supreme Court justices have indicated an interest in narrowing the breadth of section 230 immunity. This app, structured entirely around effecting the reputation of private individuals, provides a relatively clean case to do so. It’s not a stretch that the app could be considered a ‘developer in part’ of the content it hosts, and thus lose section 230 protection.
A narrowing of section 230 would not be good for Apple or Google, though they wouldn’t face any liability for the Tea apps conduct.
mikeyouse · 21h ago
That's not how 230 works - why do people keep parroting this misinformation?
It continues to confuse me that the publisher/distributor distinction that section 230 was meant to remove (created by prior Federal court decisions) gets so frequently interpreted as if section 230 had been intended to establish it.
To me this feels as if people widely thought that the Apollo Program was intended to prevent people from traveling to the moon, or Magna Carta was meant to prevent barons from limiting the king's power, or Impressionism was all about using technical artistic skills to depict scenes in a realistically detailed way.
derbOac · 5h ago
Thanks for posting the link. I had read that before and forgot.
I think sometimes confusion about Section 230 maybe points to some legal soft spots.
I think there's a trend — good or bad — for courts to see websites as accountable for users' activities on the site when those activities are systematic and collectively illegal or jeopardized, when the website is seen as encouraging the activity.
It's not hard for me to imagine a court deciding that the intrinsic nature of the website encourages systematic libel, and is therefore is somehow involved in the creation of post content.
Even more specifically, I'm not sure the "good faith" clause of Section 230 even applies to something like Tea in the case of libel, should libel be there.
Now, actually showing libel is another thing, but that's also easier for me to imagine today than even a year ago, especially in the presence of a data breach where posters are exposed.
I guess I don't see Tea as being held legally responsible for anything about the content of user posts, in the US at least, for the reasons outlined in that article. But I also wouldn't be surprised if it did happen.
webstrand · 21h ago
Because it's really good misinformation, thanks for the link. I had no idea that it was effectively unconditional protection.
magicalist · 20h ago
> I had no idea that it was effectively unconditional protection.
Defamation is still not protected, it's just the person who posted it who is liable. Meanwhile the site's "editorial control" is protected by the first amendment, not section 230.
JoshTriplett · 18h ago
Huge credit for actually updating in response to evidence.
Nasrudith · 13h ago
Because they seem to want it to work that way and seem to think that by spreading the misinformation that it will somehow change the way the law is interpreted.
ok123456 · 17h ago
We need to stop allowing companies that are not directly engaged in financial services to request government IDs.
Facebook shouldn't legally be allowed to demand an ID any more than this disaster of an "app."
Now tens of thousands of people will be subject to identity theft because someone thought this was a neat growth hacking pattern for their ethically dubious idea of a social networking site.
Revisional_Sin · 9h ago
Unfortunately for some of us, the UK has gone the opposite direction. We now have to verify our age (or use a VPN) before accessing certain websites.
This is fine if you have a secure tool to access. It's not okay if you just try to spin up your own solution.
1123581321 · 16h ago
A secure Know Your Customer API would be a useful service for Apple and Google to provide to developers. It could scan the ID and reveal individual pieces of information with permission to the application or multiple applications. Forgive me if it already exists and this app just wasn’t using it.
Interesting; thanks. That should connect to browsers' Digital Credentials API the other user mentioned.
codedokode · 15h ago
I am not going to show my ID to Google, especially given that it is a foreign company with dubious data collection history.
ronsor · 12h ago
You are going to show your ID to at least one foreign company with dubious data collection history, because the government will eventually force it on you.
ok123456 · 16h ago
Or we could deny providing "app" developers with any such information.
killerstorm · 5h ago
There are verifiable credentials protocols which would let a site to check something (and prove that they checked it) without de-anonymizing the user.
It can be done with fairly basic cryptography. But the infrastructure around it would grow only if there's a demand. Otherwise people go with lowest denominator.
octoberfranklin · 10h ago
The crimes of creating or posessing a fake ID are distinct from the crime of knowingly using one, an act which has the peculiar name "uttering".
Simple solution: decriminalize uttering to any person who is not an employee of the government or a regulated bank.
oc1 · 8h ago
Wait, the app does what?
> The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.
What exactly does this mean? Which information is exchanged without consent of these people? This seems to me more problematic than the actual topic of the data breach.
iforgotpassword · 8h ago
You can use that app in different ways:
1) you dated a guy on tinder, he became all pushy on your first date, touched you inappropriately even though you said no. Or some guy became violent during your relationship and you even found out he has a history of that.
2) you dated a nice guy but he dumped you for whatever reason, and now you want to get back at him so you make up stuff like mentioned above, and post it there.
soraminazuki · 13m ago
That's PR speak for saying that it's a Kiwi Farms clone. I'm sure the two userbases even share their sense of righteousness regarding their own actions.
This case couldn't be more clear cut. It's horrid, and the people running the sites should be held accountable. Two wrongs don't make a right, especially when it will inevitably cost innocent lives, sooner or later.
raincole · 6h ago
In other words it's a slander platform. Got it.
mandmandam · 3h ago
Maybe if men hadn't created a system where rape and sexual assault go virtually unpunished, there wouldn't be a glaring need for women to have groups like this.
Here's a few relevant statistics, which I hope you and all the people who failed to downvote you might consider:
* Out of every 1,000 sexual assaults, approximately 310 are reported to the police.
* Of those reported, only about 13 cases are referred to a prosecutor.
* Ultimately, only about 7 cases lead to a felony conviction.
* For every 100 rapes reported, only 18 result in an arrest.
* Fewer than 7% of reported rape cases lead to a conviction.
* In some studies, the conviction rate for rape has been reported as low as 3.2% in certain jurisdictions.
I was curious what the percentage of false allegations are, as this is often quoted as a problem by men online¹. The conclusion of my research is that the rate of false reports is essentially the same as for any other crime (so somewhere in the single digits).
¹: I am a man myself and I understand that men feel threatened this may happen to them. But I personally know multiple women who experienced sexual violence and zero men who were accused of rape
typewithrhythm · 1h ago
The statistics are hard to come by, but at a glance the rate of successful rape convictions is similar to the rate of proven false allegation. And both are in the single digits.
So how to neutrally approach this? If you ignore cases without a conviction it's close to 50/50. Seems implausibly high though.
And then how do you factor in everything that didn't go to court?
Amezarak · 2h ago
I think the problem is the framing. The problem is with people, not men or women, but women get most of the focus.
> There is increasing evidence to suggest that women commit as much or more IPV as men (Archer, 2000; Melton & Belknap, 2003). Among adolescents, research consistently shows that females perpetrate more acts of violence in intimate relationships than males.
> Anderson (1998, 1996), presented self-reported prevalence rates for women's sexual coercion of between 25% and 40% and for physically forced sexual contact between 1.6% and 7.1%. Of perhaps greater significance was the women's self-reports of engaging in a classic date-rape scenario - taking advantage of someone who was under the influence of alcohol or drugs. When asked about initiating sexual contact with a man when his judgment was impaired by drugs or alcohol, between 32% and 51% of the women said that they had. Further, between 5% and 15% of women reported giving a man alcohol or drugs in an attempt to have sexual contact with him.
Obviously, these self-reported female rapists are going almost completely unpunished! Everyone needs equal access to these groups. That also solves the problem of libelous claims that the victim doesn't have an opportunity to address.
smeeger · 59m ago
you forgot the most common use cases in practice: a man you work with slighted you in some small way. now hes going to have sexual assault red flags. the HR lady who already hates men will look you up on tea and decline to hire you because you dont have green flags.
eastbound · 6h ago
3) You’re in competition with someone at work and you want to make his life difficult. You want to blackmail someone into promoting you, etc.
dash2 · 7h ago
Gossip about the opposite sex is probably the world's oldest social activity. The problem is that the internet lets it happen at industrial scale, and obviously that can be misused or have dangerous unintended consequences.
chneu · 5h ago
it also doesn't disappear. Before the internet you could say something, laugh, and move on. It disappeared.
Now if someone says something online it can be read for years and often without context of when it was originally written.
pavel_lishin · 22h ago
Good lord, why would they store those drivers' license images for an instant longer than it took to verify their users?
jsrozner · 20h ago
This. Appropriate regulation should make this an offense punishable by a large fine. There is almost no consequence to companies for bad practices.
Ideally you'd see fines in the 10%s of revenue. In egregious cases (gross negligence) like this, you should be able to go outside the LLC and recoup from equity holders' personal assets.
Alas, if only we had consumer protections.
dannyphantom · 19h ago
Absent broader regulation, we all know that apps like Tea depend HEAVILY on user trust. However, I am a bit concerned users either won't fully grasp the severity of this breach or won't care enough and end up sticking with the app regardless.
A somewhat embarrassing but relevant example: my friends and I used Grindr for years (many still do), and we remained loyal despite the company's terrible track record with user data, privacy, and security as there simply wasn't (and still isn't) a viable alternative offering the same service at the expected level.
It appears Tea saw a pretty large pop in discussion across social channels over the last few days so I'm pretty hopeful this will lend itself to widespread discussion where the users can understand just how poorly this reflects on the company and determine if they want to stick around or jump ship.
throwawayq3423 · 7h ago
"They just trust me. Dumb f*cks.."
ytpete · 17h ago
Or maybe require them to prominently disclose the breech to all current and future users on the app main screen for some period of time afterward (a year or two?). Sort of like the health-code inspection ratings posted in restaurant windows.
That cuts to the issue some other comments have pointed out, that user trust is really their most important capital – and with short attention spans and short news cycles, it may rebound surprisingly fast.
hdgvhicv · 18h ago
Companies, especially American ones, see data as an asset, rather than a liability.
The GDPR in Europe attempts to reset this but it’s still an uphill battle
dabockster · 20h ago
> Appropriate regulation should make this an offense punishable by a large fine.
And some kind of legal penalty for the engineers as well. Just fining the company does nothing to change the behavior of the people who built it in the first place.
ryandrake · 18h ago
I would at least love to see a public postmortem. What was the developer's rationale for storing extremely personal user data unencrypted, in a publicly facing database? How many layers of management approved storing extremely personal user data unencrypted, in a publicly facing database? What amount of testing was done that failed to figure out that extremely personal user data was stored unencrypted, in a publicly facing database?
ytpete · 17h ago
Requiring a 3rd-party auditor perform a postmortem whose results are posted publicly might be an interesting regulatory approach to this. Companies get shamed for their mistakes, and also the rest of the industry learns more about which practices are safe and which are dangerous. A bit like NTSB investigation reports, for example.
ohdeargodno · 17h ago
>What was the developer's rationale for storing extremely personal user data unencrypted, in a publicly facing database?
https://www.teaforwomen.com/about
>With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology to create a game-changing platform that prioritizes women’s safety
If you're lucky, a clown vibe coded this trash. If you're unlucky, he paid someone to do so, and despite his proven background about leading top Bay Area companies, didn't even think to check a single time.
The CEO is directly responsible for this.
ryandrake · 17h ago
Wow, so the entire company is a Founder and a Social Media Director??
> With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology
Blah blah blah blah blah... Just goes to show that you can write all sorts of powerful sounding words about yourself on your About page, but it doesn't say anything about your actual competence. I mean, I don't have a "proven background leading product development teams" but I sure as shit wouldn't make obvious amateur-level mistakes like this if I ever did a startup.
chemeng · 19h ago
In the US, professional certifications (PE, Bar, USMLE, CPA) exist to partially solve this problem when the certification is required to perform work legally. These are typically required in industries where lives and livelihoods of individuals and the public are at risk based on the decisions of the professional.
Joining in with some other comments on this thread, if the stamp of a certified person was required to submit/sign apps with more than 10K or 100K users and came with personal risk and potential loss of licensure, I imagine things would change quickly.
I'm personally not for introducing more gatekeeping and control over software distribution (Apple/Google already have too much power). Also not sure how you'd make it work in an international context, but would be simple to implement for US based companies if Apple/Google wanted to tackle the problem.
I think the broader issue is that we as a society don't see data exposure or bad development practices as real harm. However, exposing the addresses and personal info of people talking about potentially violent, aggressive or unsafe people seems very dangerous.
duxup · 22h ago
They shouldn't, but it appears to be a gossip app where by design they're also storing photos taken of other people (permission or not) and gossip about them...
They don't seem to value privacy.
Proofread0592 · 16h ago
I am just making a wild guess with no evidence to back it up, but I have a question and a potential answer:
How was this app going to monetize?
I'm guessing by selling user data, namely drivers license info to phone number.
hbn · 19h ago
This is what vibe coding gets us!
GoatInGrey · 18h ago
The cynical part of me feels like certain employees had uncontrolled access to the user data.
There would be a morbid irony in the idea of a tool marketed as increasing safety for women actually being a honeypot operation to accumulate very sensitive personal information on those very women.
throwawayq3423 · 7h ago
Honestly it doesn't matter that they didn't have that additional nefarious intent their incompetence and carelessness drove to the same result.
ytpete · 17h ago
Not a fan of the "vibe coding" hype, but is there any evidence that this app was built that way?
Mountain_Skies · 21h ago
According to another media report, the approval queue for new account verification was seventeen hours long. It's possible what the 4channers got was that approval queue.
IlikeKitties · 20h ago
No they got more, 23gb of files.
AlanYx · 20h ago
That's only a partial archive. There's another one with 55gb.
tonymet · 21h ago
Maybe this is a good time to think about what policy could help discourage these horrific practices (it sounds like their storage was unprotected)
* App Store review requires a lightweight security audit / checklist on the backend protections.
* App Store CTF Kill Switch. Publisher has to share a private CTF token with Apple with a public name (e.g. /etc/apple-ctf-token ). The app store can automatically kill the app if the token is ever breached.
* Publisher is required to include their own sensitive records ( access to a high-value bank account) within their backend . Apple audits that these secrets are in the same storage as the consumer records.
bawolff · 19h ago
Make company liable for damages when breached.
If you want companies to care about security then you need to make it affect their bottom line.
This wasn't the work of some super hacker. They literally just posted the info in public.
standardUser · 17h ago
There has to be a better way than just adding another deterrent to starting a company. Could there be an industry standard for storage security? Certification (a known hurdle) is better than "don't fuck up or we'll fine you to death".
sigseg1v · 2h ago
Regulate software development. Other industries already do this.
You could:
- make Software Engineer a protected title that requires formal engineering education and mentorship as well as membership to your country's professional engineering body (Canada already does this)
- make collecting and storing PII illegal unless done by a certified Software Engineer
- add legal responsibility to certified Software Engineers. If a beach like this happens they lose their license or go to jail. And you easily know who is responsible for it because it's the PEng's name on the project
- magically, nobody wants to collect PII insecurely anymore or hire vibe coders or give idiots access to push insecure stuff
- bonus: being a certified Software Engineer now boosts your salary by 5x and the only people that will do it actually know WTF they are doing instead of cowboys, and that company will never hire a cowboy because of liability. The entire Internet is now more secure, more profitable for professionals, and dumb AI junk goes in the trash
aaronmdjones · 1h ago
For writing lists with one item per line, Use two line breaks on HN to start a new line
Like this
LPisGood · 17h ago
I think fines are very reasonable. If you can’t safely do the thing, you should be punished for doing it. If you can’t safely safely do the thing then there is no issue.
bawolff · 17h ago
Certification is essentially "don't fuck up or we'll fine you to death" with extra steps. Especially because it mostly comes down to the company self-verifying (auditors mostly just verify you are following whatever you say you are following, not that its a good idea).
Its not like anyone intentionally posts their entire DB to the internet.
standardUser · 15h ago
Those extra steps help insult from penalties and lawsuits in a lot of cases.
ryandrake · 18h ago
This is the only way to deter this. Negligence and incompetence needs to cost companies big money, business-ruining amounts of money, or this is just going to keep happening.
tonymet · 18h ago
I agree, but relying on lawsuits is far too slow and costly . We can reduce the latency of discovery and resolution by adding software protocols.
bawolff · 17h ago
Having the threat of lawsuits is not really about the actual lawsuit, its about scaring people into being more careful. If you actually get to the lawsuit stage, the strategy has failed.
> We can reduce the latency of discovery and resolution by adding software protocols.
Can we? What does this even mean?
[Edit: i guess you mean the things in your parent comment about requiring including some sort of canary token in the DB. I'm skeptical about that as it assumes certain db structure and is difficult to verify compliance.
More importantly i don't really see how it would have stopped this specific situation. It seems like the leak was published to 4chan pretty immediately. More generally how do you discover if the token is leaked, in general? Its not like the hackers are going to self-report.]
tonymet · 12h ago
The signatures would appear in the drop . A primitive version would be file meta data or jfif. Even the images themselves or steganography could be used
bawolff · 10h ago
I guess, but it seems a bit like a solution that only works for this specific dump - most db breaches don't have photos in them.
My bigger concern though is how you translate that into discovering such breaches. Are you just googling for your token once a day? This breach was fairly public but lots of breaches are either sold or shared privately. By the time its public enough to show up in a google search usually everyone already knows the who and what of the breach. I think it would be unusual for the contents of the breach to be publicly shared without identifying where the contents came from.
GoatInGrey · 18h ago
That's a reactive measure. Certainly, it's worth pursuing. Though like the notion that you can't protect people from being murdered if you only focus on arresting murderers, there is a need for a preventative solution as well.
itake · 17h ago
the problem is what are the damages? how much are those damages?
My SSN / private information has been leaked 10+ now. I had identify fraud once, resulting in ~8 hours of phone calls to various banks resulting in everything being removed.
What are my damages?
bawolff · 17h ago
I would suggest that damages should be punative, not to make the victims whole. So i dont think it matters.
admissionsguy · 7h ago
Punitive damages are no-go in Europe given they would mostly result in money transfers from the ruling families to common people.
bawolff · 2h ago
Have you seen the GDPR? Its basically the definition of punative damages.
spixy · 5h ago
GDPR makes company liable for damages when breached.
That is why Tea did not operate in Europe.
TZubiri · 16h ago
Maybe the idiot that published this didn't even form an llc, "waste of 200$"
beeflet · 20h ago
just use your brain and don't upload your face and driver's license to a gossip website. when I was growing up, it was common knowledge that you shouldn't post your identity online outside of a professional setting.
The onus is on users to protect themselves, not the OS. As long as the OS enables the users to do what they want, no security policy will totally protect the user from themselves.
arrowsmith · 20h ago
> just use your brain and don't upload your face and driver's license to a gossip website
Meanwhile, in the UK, new legislation requires me to upload my face and driver's license just to browse Reddit.
ronsor · 19h ago
The fact that UK politicians cannot use their brains is a separate issue. May I interest you in a VPN?
aydyn · 19h ago
You only require ID verification for NSFW subreddits, right?
Mindwipe · 19h ago
Nsfw includes subreddits that discuss beer.
GoatInGrey · 18h ago
You know, what's funny about NSFW is that a lot of things tagged NSFW are actually regularly discussed at work!
NekkoDroid · 16h ago
While true, using that logic I can say porn is also discussed at work if you work in the porn industry :)
On a more serious note, implementing such a law without also providing a 0-knowledge authentication system ready to use by the government is just so unbelievably stupid (for multiple unrelated reasons).
arrowsmith · 16h ago
All of Reddit is NSFW. Why are you on Reddit, you should be working!
selfhoster11 · 16h ago
And requiring KYC to access a subreddit marked NSFW is somehow legitimate why, exactly?
arrowsmith · 12h ago
Subreddits now 18-only in the UK now include:
r/ukguns
r/cider
r/sexualassault
r/stopsmoking
Think of the children!
qualeed · 19h ago
>just use your brain and don't upload your face and driver's license to a gossip website.
It isn't just gossip websites requiring this, and it isn't just gossip websites suffering breaches.
dvngnt_ · 20h ago
This is becoming more unfeasible as it becomes required to access online services like reddit, nexusmods, verification on dating apps. Sending facial, and documentation data is becoming mandated by governments across the world.
No comments yet
tonymet · 20h ago
The app store is auditing & restricting functionality within the iPhone, but the backend protections are a wild west.
"use your brain" is no substitute for security. This is a hacker forum. We think about how to protect apps. Even smart people have slipped up
Beijinger · 18h ago
Yeah, just upload the pictures of unsuspecting guys.
Sorry, well deserved ladies. It just made my day. ROTFL.
And please provide an app with all the names and pictures of the ladies who used it. So that I can easily check who not to date.
9dev · 18h ago
Nice, some unsolicited victim blaming!
adamrezich · 18h ago
Good thing our children will learn all about this at their mandatory Internet Literacy Fundamentals course they have to take in high school.
Oh wait—no such thing exists!
It's up to us to teach this to our children. There's no hope of getting the current generations of Internet users to grasp the simple idea that app/website backends are black boxes to you, the user, such that there is absolutely nothing preventing them from selling the personal information you gave them to anyone they see fit, or even just failing to secure it properly.
Without being a developer yourself or having this information drilled into you at a young age, you're just going to grow up naively thinking that there's nothing wrong with giving personal information such as photos of your driver's license to random third parties that you have no reason to trust whatsoever, just because they have a form in their app or on their website that requests it from you.
tonymet · 17h ago
education is helpful, but it's also inadequate. we need good drivers, and good driver safety systems. they go hand in hand.
even the most savvy consumers slip up, or are in a hurry. it's impossible to make a perfect security decision every time
benlivengood · 19h ago
In this case it appears to be a public Firebase bucket; shutting down the app wouldn't help. Quite possibly access to Firebase was mediated through a backend service and Apple couldn't validate the security of the unknown bucket anyway.
tonymet · 19h ago
Also about validating the backends, apple has the resources to provide a level of auditing over the common backends. S3, Firebase -- perhaps the top 5. It's easy to provide apple with limited access to query backend metadata and confirm common misconfigurations.
tonymet · 19h ago
I partially agree. At least the threat of app shutdown would be enough consequence for the publisher to take things seriously
benlivengood · 19h ago
I think iOS and Android already holds the threat of app store removal over developers' heads.
Presumably the risk/reward still favors risky practices.
tonymet · 18h ago
but it's not contingent on backend violations, only frontend ones. I'm proposing decoupled ways for app store validation to audit backend security.
Rendello · 19h ago
> Publisher is required to include their own sensitive records within their backend.
Now that's a creative solution! Every admin must have a table called `MY_PERSONAL_INFO` in their DB.
tonymet · 16h ago
wouldn't it be funny if the app store had to review it and make sure the personal info was sensitive and possibly humiliating enough . "sir your app has been denied because MY_PERSONAL_INFO table requires at least 3 d-pics"
tacker2000 · 16h ago
More power to app store reviewers? Please no. They already deny apps for random reasons and figuring out why is often a hair pulling experience.
tonymet · 16h ago
i agree about the power concerns, but where would you assign the authority if not the app store?
danparsonson · 13h ago
This is the kind of thing government regulation is useful for, when it works.
tonymet · 12h ago
In practice they delegate certification to a legacy and expensive certification authority
tbrownaw · 20h ago
Yes, pushing companies away from mobile apps and towards PWAs or even ordinary websites does sound like an excellent idea.
tonymet · 20h ago
it could be an enhanced certification like "Enhanced SEcurity" or "End to End security" to allow gradual adoption.
tbrownaw · 20h ago
So like those EV certs that turn the address bar green.
tonymet · 20h ago
better, in that the app store has more weight and more leverage to establish more comprehensive auditing.
The EV certs failed because general SSL identity is pretty weak. Consumers don't know how to use it to establish trust. There's no enforcement on how the names are used. for example, my county treasurer has me transfer thousands of dollars on a random domain name.
dabockster · 19h ago
The world is moving away from App Stores and walled gardens. Figure out other options.
bluescrn · 15h ago
The world was moving away from App Stores and walled gardens. And then I woke up, and returned to grim reality.
tonymet · 19h ago
that sounds preposterous . can you qualify that?
bigfishrunning · 19h ago
Linux is up to 5% of the desktop. Gog and Itch.io are DRM-free, and are slowly gaining ground against Steam. Fediverse networks are slowly gaining ground against traditional social media. Signal is more popular then ever.
There will always be lowest-common-denominator users, but there is clearly some demand for an alternative to the biggest 5 websites...
selfhoster11 · 16h ago
Meanwhile, an Android app for some random banking or government thing will require an attested boot chain measured all the way down to the stage 0 ROM burned into the SOC. That's not to say the open ecosystem isn't better, but to say it's winning enough to guarantee sustained general purpose viability is simply untrue.
ohdeargodno · 17h ago
>There will always be lowest-common-denominator users,
Interesting play, calling 95% of users "lowest-common-denominator". Those silly, blabbering morons that don't understand that they should be running Bazzite on their Framework laptops instead of using evil evil sofware.
>there is clearly some demand for an alternative to the biggest 5 websites...
This demand doesn't pay, and also happens to be some of the most demanding, entitled users you'll have ever seen.
TZubiri · 16h ago
>Apt install app
Mmmhmm
tonymet · 19h ago
i see thanks for clarifying
tonymet · 20h ago
* Mandate 3rd party auditing once an app reaches > 10k users
* App publishing process includes signatures that the publisher must embed in their database. When those signatures end up on the dark web, App Store is notified and the App is revoked
fn-mote · 20h ago
> * Mandate 3rd party auditing once an app exceeds 10k users
You have a lot of interesting suggestions.
I would love to see some kind of forced transparency. Too bad back-end code doesn’t run under any App/Play Store control, so it’s harder to force an (accurate) audit.
tonymet · 20h ago
also i remember maybe Facebook trying to do this when they acquired Parse. For a while they were promoting developers host their backends on Parse / FB .
The idea has merit. You have to relinquish some control to establish security. Look at App Store, Microsoft Store , MacOS App store -- they all sandbox and reduce API scope in order to improve security for consumers.
I'm more on the side of autonomy and trust, but then we have reckless developers doing stuff like this, putting the whole industry on watch.
tonymet · 20h ago
thanks. Yeah I think there are a lot of ways to decouple App store from publisher and auditor . That way the publisher can retain autonomy / control , while still developing trust with the consumer.
We could do better in our trade at encouraging best practices in this space. Every time there's a breach , the community shames the publisher . But the real shame is on us for not establishing better auditing protocols. Security best practices are just the start. You have to have transparent, ongoing auditing and pen-testing to sustain it.
gruez · 20h ago
>* App Store CTF Kill Switch. Publisher has to share a private CTF token with Apple with a public name (e.g. /etc/apple-ctf-token ). The app store can automatically kill the app if the token is ever breached.
How do you enforce the token actually exists? Do app developers have to hire some auditing firm to attest all their infra actually have the token available? Seems expensive.
tonymet · 20h ago
it could be made available just to apple servers via ACL or protected token. but no one else .
gruez · 20h ago
That still doesn't make sense. How does the ACL work? What prevents the usual shenanigans like cloaking to prevent legitimate detection from working? Moreover what secrets are you even trying to detect? The app API token?
No comments yet
TZubiri · 16h ago
I like the ctf one, but it would probably be hidden way deeper than the rest of the info.
1970-01-01 · 18h ago
"Breached"
1st sentence:
"exposed database"
We need a more nuanced headline here. They did nothing responsible. 404 should title this story with something that will blame them first and the 'hackers' 2nd.
aaronmdjones · 1h ago
This app's data store was "breached" in the same way that one breaches a castle by walking across the lowered drawbridge, through the open gate, past the empty guard stations.
ch_fr · 16h ago
Yeah, the term "breached" was a very poor choice, because it sounds like "this was breached recently" instead of telling "the database could be seen by anyone ever since the app's conception, and it only came to light today" which has much worse implications.
zahlman · 18h ago
My general observation thus far has been that submissions from 404media are rarely anything that I'd consider quality content for HN.
prophesi · 18h ago
I wouldn't go that far. What they uncover with their FOIA requests that the general public would otherwise never know about tends to be quality content. And, like the Wired, their FOIA-based articles aren't paywalled.
nis0s · 22h ago
How is this user data even reliable or useful when someone can make fake personas and populate their activity with LLMs?
Drivers licenses can be faked. Moreover, someone can just pretend to be someone else on this app with real drivers licenses.
The whole premise, implementation and process of Tea as a social media app is flawed, and a legal liability for the devs.
tamimio · 22h ago
I hope it served as a good lesson to the average person to be more cautious while submitting sensitive information like a government ID. Just because it's an app with a nice UI doesn't mean it's secure, let alone trustworthy regarding who owns it. Last week I was contacting a government agency here in Canada and the support team requested a government ID to be shared over email, which is anything but a secure communication. I tried to share it as a link to my vault, but they refused, so now either I will have to go in person or they will find another way in the meantime.
The internet went from 'YouTube asking users to never use your real name' to 'you have to submit your ID to some random app' in 10 years. Crazy!
xtracto · 19h ago
CEOs and board members should be personally criminally liable for shared personal information coming out of their platforms.
It's the only way they will push companies to STOP storing them long term.
I've been in several companies (mostly FinTech) that store personal sensitive documents "just in case". They should be used for whatever is needed and deleted. But lazy compliance and operations VPs would push to keep them... or worse, the marketing people
ronsor · 19h ago
To be fair to the FinTech companies and their leadership, banking and finance laws are so draconian to the point where you'd rather store (and risk leaking) sensitive data than face even bigger fines from the government overlords. If you want that to stop, get rid of the PATRIOT Act and reform the KYC insanity.
dabockster · 19h ago
> The internet went from 'YouTube asking users to never use your real name' to 'you have to submit your ID to some random app' in 10 years. Crazy!
Because we couldn't get anyone to take the internet seriously if it was just a bunch of anonymous pseudonyms trolling each other. And maybe that was a mistake.
hdgvhicv · 18h ago
When I started on the internet it was common to use real name, and indeed include things like addresses and phone numbers in usenet .sigs
lupusreal · 15h ago
It was definitely a mistake. The internet was not meant to be taken seriously. Measures like real name policies are designed to make people take it seriously but that is to the detriment of the users who do.
Just look at Facebook. Users with real names sharing all kinds of inane schizo nonsense, extremism, building echo chambers without realizing it, becoming completely divorced from reality as perceived by the majority of people around them in meatspace, because they section themselves off in cyberspace.
chatmasta · 21h ago
On the rare occasion when I have to do this, I blur the maximum amount of the image and watermark it with hundreds of lines of small red font saying “FOR EMPLOYMENT VERIFICATION BY $X_ENTITY.”
If they have a problem with it then I will gradually remove pieces until they’re okay. But I haven’t had to do this the few times I’ve used this tactic – it causes issues with automated scans but eventually some human manually reviews it and says it’s okay.
What I don’t like is the “live verification” apps that leave me no choice but to take a photo of it.
63stack · 2h ago
This is a really useful practice, going to implement it as well.
gruez · 21h ago
>What I don’t like is the “live verification” apps that leave me no choice but to take a photo of it.
That's becoming the norm now, presumably because of concern that people are taking leaked scans from one site, and using it to commit identify fraud (eg. getting KYC scans from crypto exchanges and using it to apply for accounts at other crypto changes, for money laundering purposes).
10000truths · 20h ago
You can use OBS to overlay your watermark on your webcam feed, then expose the composited output as a virtual camera that you select in the browser.
No comments yet
codedokode · 10h ago
You have a choice of not using such apps.
chatmasta · 9h ago
Apps like the visa application to Australia? Yes I suppose I could not use them.
octoberfranklin · 10h ago
At the cost of being excluded from a larger and larger part of everyday social life.
ethagnawl · 21h ago
> I hope it served as a good lesson to the average person to be more cautious while submitting sensitive information like a government ID.
This absolutely should not be normalized. If I'm ever prompted to submit photos of a government ID to some service, I'm turning heel. I'll try to use their phone service (which I just did successfully this week), correspond via mail or maybe, as you've said, handle it in person but I'm probably content to go without.
SoftTalker · 21h ago
The sad part is that your government ID is about as likely to be leaked by the government agency itself than it is by any third party that has an scan of it.
My driver's license is scanned every time I buy beer. I'm under no illusions that it's not quite readily available in any number of leaks or disclosures.
If that sounds defeatist, maybe it is. Nothing online is private. Once it's in a database, it's only a matter of time before it's exposed. History has proven this again and again.
gitremote · 19h ago
You need to do this for background checks for employment, even though the employees for the background check service might be outsourced to a different country, and your government data had no protections in their jurisdiction.
wosined · 21h ago
I always do. I would have never made social media accounts if it required phone or ID. Thankfully I'm old so my accounts were made before normies flooded the net and started trusting everything.
dabockster · 19h ago
> Thankfully I'm old so my accounts were made before normies flooded the net and started trusting everything.
It wasn't "normies" so much as it was the leadership and early investors of Facebook shoving "just trust us" and FOMO literally everywhere online. The hype (and hope) in 2010 was REAL and almost all privacy related conversations were shut down on sight. Heck, I think I still have my copy of Jeff Jarvis's Public Parts (ISBN13 9781451636352) somewhere in my closet. Amazing read if you really want to understand the mindset in place at the time.
hdgvhicv · 18h ago
Every hotel and his dog takes a copy of my passport, it’s basically public domain.
koakuma-chan · 21h ago
You can send it as an encrypted PDF, fwiw
add-sub-mul-div · 21h ago
If my license gets leaked and then a stalker shows up at my house, I will simply turn them away on the grounds that it was illogical to assume the license wasnt faked.
carabiner · 21h ago
> Drivers licenses can be faked. Moreover, someone can just pretend to be someone else on this app with real drivers licenses.
These are actually still very hard to do. I don't know anyone who would let me use their license for this purpose.
anonzzzies · 7h ago
Outsourcing job was it? Modern programmers are literally terrible at all basic stuff (who stores ID images in the db and then in the clear, do you have many other mental issues or what?) (I see startups like Resend making the same mistakes and still people use them, so there isn't much punishment even from people with half a brain) and AI is going to make it all so much worse. And a public bucket. I think it should be criminally liable to be that sloppy.
juandsc · 6h ago
I don't think it's a modern programmers problem, in fact, I think we can argue we are much better than 20 years ago at least in terms of security.
There is a much higher concern for data validation and no one used HTTPS 20 years ago. Literally there were social networks with people uploading photos and personal stuff which didn't even have HTTPS.
anonzzzies · 5h ago
But that was because no one told them. Now they are told and taught. A lot of systems Warn even for opening something publicly... And yet.
I check all CVE's of the software my clients use because we need to figure out why things are broken and often this is a start -> unpatched CVE's. Most (by far) CVE's are not 'honest mistakes' or missed corner cases because rocket-science; they are just sloppy programming. Something that should never pass review. We DO know better but people ship things and hope for the best (including the case in this post etc).
juandsc · 3h ago
> But that was because no one told them. Now they are told and taught.
That's precisely my point.
> Most (by far) CVE's are not 'honest mistakes' or missed corner cases because rocket-science; they are just sloppy programming.
This is actually true, but it's true because we have way better tooling and safer languages, which means we don't see nearly as many buffer overflows or memory management issues.
It's not that you didn't have negligent programmers back then.
> Something that should never pass review. We DO know better but people ship things and hope for the best (including the case in this post etc).
That's not new though. We've seen similar things happen in the past multiple times.
20 years ago code review was literally a bunch of meetings in a room or talk with another developer in person. Having something like github where you make a pull request, passes the automated test suite and requires a code review, etc. simply wasn't done. If in 2005 that already existed it was extremely bleeding edge.
I do have concerns about the code quality issues introduced by the abuse of LLMs, but until right before that was a thing, definitely the code quality in general has improved a lot.
kashnote · 18h ago
I'm a firm believer that if you want to start a tech company, at least one of the founders has to have a technical background. Even if you outsource all the work, you need to be able to ask the right questions related to security.
It's not just that this database was accessible via the internet. It was all public data. Storing people's IDs in a public database is just... wow.
alibarber · 16h ago
But now we have amazing vibe coding tools that mean that you don’t need to be technical or whatever - you can just deliver results. After all, the best LinkedIn influencers and founders don’t care about how something is delivered, just what.
Yeah, we’ve finally, nearly, just got to the point where realizing that treating IT and security and such as simply a cost centre to be minimised maybe quite wasn’t leading to optimal security outcomes - to throwing it all away again.
jackdawipper · 16h ago
a few more of these incidents and they'll care a lot more
redeeman · 16h ago
thats a joke right?
TechDebtDevin · 16h ago
Isnt there like millions of misconfigured firebase dbs in the wild with no auth, some including fortune 500 companies?
Tech background isn’t sufficient. They need to have security background. Some of the worst people I’ve met with respect to security have been technical enough to have the wrong level of confidence.
TZubiri · 16h ago
Doctors need to study 5 to 8 years and pass rigorous exams
Attorneys the same
Structural architects and engineers the same
We have a couple of decades more until we lock tech up, up until now it was all fun and games, but now and in the future tech will be everywhere and will be load bearing
justahuman74 · 10h ago
By then we'll just launder the blame onto the AIs
Pigalowda · 12h ago
Tech is special! Think about the margins, the gains, the $$$!
I bet on greed. It always wins.
loeg · 18h ago
"Safety" is doing a lot in this headline. It's a gossip app.
mandmandam · 3h ago
Here are some statistics for you to consider:
* Out of every 1,000 sexual assaults, approximately 310 are reported to the police.
* Of those reported, only about 13 cases are referred to a prosecutor.
* Ultimately, only about 7 cases lead to a felony conviction.
* For every 100 rapes reported, only 18 result in an arrest.
* Fewer than 7% of reported rape cases lead to a conviction.
* In some studies, the conviction rate for rape has been reported as low as 3.2% in certain jurisdictions.
If you could imagine what girls and women go through, some on a daily basis, for years, since childhood, I think you might have a better understanding of why a "gossip app" might actually be a pretty sensible option for avoiding sexual assault and worse.
mystraline · 1h ago
And as a man, do you know what happens when you report sexual assault?
You get laughed at. Hard.
So yeah, I'd like to see these broken down between cis-, hetero-, homo-, and trans-.
And why are cis-lesbian-women also reporting higher numbers of sexual assault than man/woman relationship? No men in that relationship.
The rainn articles are propaganda with a specific slant.
robotnikman · 19h ago
With all the state/countries starting to do ID verification, this is a good lesson in what can go horribly wrong with these types of policies.
throwacct · 16h ago
This x100.
8f2ab37a-ed6c · 21h ago
Sad that a common response to "we might not want this app to exist" is "well, if you weren't cheating, you wouldn't have a problem with it".
Why do people want to live in a panopticon of their own creation, with random anonymous strangers morally policing, judging each other with zero consequence to them?
Don't think we'll ever learn our lesson when it comes to privacy, it will be Eternal September forever.
duxup · 20h ago
I think for many people see <cause> and any criticism of something that claims to be relate to that cause is seen as criticism of the cause and that's a full stop when it comes to thinking much further.
The irony in this case being that this app operates like a lot of creep subreddits and forums out there with people posting photos of other people without their permission and gossiping / telling stories about them...
8f2ab37a-ed6c · 20h ago
I agree that you could make a Tea app for every faction's favorite cause, and use "safety" as the justification: report your local communist, report your local infidel, report your local secret white supremacist, report your local secret Western imperialism agent, report your local suspected jihadi, report a homosexual, report a suspected illegal immigrant, report a local adulterer, report an apostate, report a kulak.. etc. chefkiss
Witch Hunt as a Service, with a delightful UX, a little gamification, and soon integration with your favorite apps. Coming to an App Store near you.
It's a useful app, as it helps men avoid the type of women who'd use such an app.
05 · 3h ago
The type not into nonconsensual sex?
mystraline · 1h ago
How fast would an app for men, to identify false accusers, liars, afterwards regret, baby-trapping attempt, sabotaging contraceptives, and other false claims, get shut down for 'evilness towards poor innocent women'?
Just as Parieto indicates that the bulk of male sexual assaults are done by a few, also indicates that the bulk of female assaults and claims of sexual assault are also done by a few.
Apps like Tea only paint all men as abusive thugs. If this were done, say to black people, this app would have been shut down and a lawsuit in federal court filed. But men are OK to harass, libel, and demean.
Good on anonymous for exposing this obvious double standard. And I hope they get sued by everyone.
BizarroLand · 19h ago
How would you even identify who is on the app?
zetanor · 19h ago
The app conveniently offers its users' driver's licenses to the public.
oc1 · 7h ago
It's so sad that legally you can't even say this was an intrusion. All data was already public. Probably vibe coded by the ceo who has no technical competence in whatever he vibe coded.
jeroenhd · 18h ago
The leak contains drivers' licenses, but also location information. Someone on 4chan made a map of all the coordinates they could find and posted a public link.
So much for the "anonymous" app.
BizarroLand · 15h ago
I mean, if you were put on the app by an ex, how would you ever find out?
Fogest · 13h ago
I feel like that is part of the problem with it. Not only can somebody post about you make things up about you. You also may never know. And it could end up silently impacting you. Say you apply for a job and a female HR person checking your job application decides to use this app to do a "background check" on some of the males applying. If she sees someone on their saying you sexually assaulted someone, she probably isn't going to choose to interview or hire you. And she probably won't even tell you why. And the claim against you could be totally bogus.
This is the scary reality of an app like this, especially if it continued to go more mainstream.
throwawayq3423 · 7h ago
Blaming women for wanting to seek out safety in this way is strange.
However there is something to be said about the crowd you find yourself with. If you assume this app to be necessary, I would assume your social standards are not high enough.
defrost · 7h ago
Tell us more about the lofty social circles that have no psychopaths.
What's the bar they cannot clear?
bawolff · 18h ago
Because our entire civilization is built on recipricoal alturism, which requires reputation so that in the event someone defects it carries negative consequences to discourage defection.
8f2ab37a-ed6c · 15h ago
We're in agreement. Is an anonymous takedown app the solution for reputation management that enables civilization? If someone is trying to destroy your reputation, on which your entire livelihood depends, should you at least know who the accuser is, how reputable they are, what evidence they have? Do you want to give the Internet a magical button to destroy you on a whim?
bawolff · 10h ago
I actually agree with you that this sort of thing can have bad outcomes and thus comes with significant risk for abuse. Part of the reason reputational systems work in real life is that the people bad mouthing other people also face reputational consequences if they do so unfairly (over a long enough time period where it becomes obvious), which is something missing from this type of app.
But regardless i do understand the appeal. Dating apps suffer from basically being a low-information market place. There are of course the malicious people, which everyone has an interest in removing from the app. However even ignoroing that its a bit of a lemons market (if you excuse how dehumanizing the metaphor is). Its very hard to tell if someone is a good date just from their profile, and people who are good dates end up in relationships and exit the market quickly while bad dates stay in the market for a much longer time. Allowing some sort of review system does solve that problem - its worked in other domains, like uber drivers or what resturant to go to. So i certainly understand the appeal of why people would want this.
grokgrok · 15h ago
And these apps represent an attempt to privatize the state
octoberfranklin · 9h ago
To be fair none of this would be possible without the state-created identity infrastructure.
standardUser · 18h ago
I mostly agree, but it's different for women due to how frequently they are subject to violence and how comparatively defenseless they are compared to the average man. Many women (and men) would gladly give up some privacy in exchange for (perceived) safety. And any man who doesn't understand that is either lying or has never known a woman.
8f2ab37a-ed6c · 15h ago
It's fair that men and women have different challenges here. But humans are squishy and chaotic and self-interested, they're not angels of pure wisdom, fairness and justice. Giving someone a repercussion-free button to destroy someone else the instant they feel slighted, vindictive, threatened, jealous, disrespected, is a recipe for disaster. There's a reason these apps have not once worked sustainably, they always turn into a vile cesspool that brings the worst out of mobs.
I don't have a fix for this, it is entirely fair to want justice for the defenseless. At the same time I have a strong hunch that there is no problem-solution fit here, at least not with this sort of app.
redeeman · 16h ago
yeah because ALL women are the same, right? you seem kinda sexist here
standardUser · 15h ago
Low effort comments are against the site guidelines etc.
noisy_boy · 14h ago
What recourse would a man have against a woman who slanders him using this app just because X? Any person can have mental issues irrespective of gender.
bilekas · 16h ago
So it wasn't "breached" ... It was just so badly made that the bucket was public. Vibe coding ?
How is an app that allows users to post unverified and doxxing information about random men allowed on the IOS app store?
Apple had no issue mass censoring Parlor and others, how is an app like this able to reach #1 under all?
baobabKoodaa · 19h ago
That's because the doxxing was only allowed against men, not actual humans.
bigfishrunning · 19h ago
Sounds like you're someone who isn't dating men to begin with, and therefore don't need such an app for your "safety"
firstplacelast · 18h ago
I date men and don't think going against TOS or laws is okay even in the name of 'safety'. This app doesn't bother me and frankly I think more apps like this should be allowed, but it is hypocritical to think this should be allowed to exist and many others not.
cmxch · 21h ago
Safety for favored people, doxxing for the disfavored.
Truth.
StanislavPetrov · 21h ago
If big tech didn't have double standards they'd have no standards at all.
bitpush · 21h ago
There's only one guiding principle for Apple - and that's money. Dont let their privacy marketing ("Privacy is a human right") fool you otherwise.
baobabKoodaa · 19h ago
Why don't you try uploading an app where men doxx & "review" women that they date on dating apps? See if Apple suddenly finds morals.
mikestew · 21h ago
One could say that about any company (because "fiduciary duty", amirite?).
"Don't let Toyota's 'reliable car at a reasonable price' marketing fool you, they're all about money." Yeah, but does that preclude them from selling me an actually reliable car at a reasonable price?
bitpush · 13h ago
But when a company makes moral arguments ("We're better than others because of X") the bar goes up.
If Toyota says that we're the car company that cares about you, we want to keep you safe from the bad actors, and trust us on making right choices for you - and when you discover Toyota has been secretly building out an ad network, in bed with Chinese government, you have to call them out. And that's what Apple is doing.
Privacy is a human right, except in China where they are happy to go along with what the government wants. Google atleast had the balls to pack up and leave the country.
drak0n1c · 17h ago
Apple fired its Chief Diversity Officer when she said that white men with blue eyes can also count towards a diverse workforce. A purely non-monetary ideological capitulation.
I think it was a perfectly reasonable statement. But because it does not align with a recent radical redefinition of diversity, she was fired. Apple certainly wasn’t at risk of losing money over keeping her in that role.
throw838384 · 21h ago
Is there a way, to verify if potential partner uses this app? Or if they are in "are we dating the same guy" type of group?
I take doxing, stalking, revenge porn and cyber bullying very seriously! And I would pay good money for a background check, to stay away from such people.
generalizations · 18h ago
There is now.
SalmoShalazar · 3h ago
Would you want your own app usage available to other people? I’m going to guess not. This is a gross request, not surprised you’re using a throwaway account, as you seem to know this is a shameful thing to ask for.
codedokode · 10h ago
Ask her?
goku12 · 5h ago
Do you expect abusive people to answer honestly? The perceived anonymity on the app is a double edged sword.
more_corn · 21h ago
Easy post negative information about yourself on there.
jeroenhd · 18h ago
You need to verify you're a woman with some form of ID before you can get into the app. Faking an ID and a picture can't be that difficult in the age of AI (especially not when the company that's supposed to verify you is this callous with their users' PII), but it's not as quick and easy as you suggest.
SrslyJosh · 20h ago
> And I would pay good money for a background check, to stay away from such people.
Buddy, believe me, women who are using Tea would pay to know that they need to avoid you too.
Seems like the simple solution here is for Tea to allow men to register and advertise themselves as not interested in Tea users, maybe by linking profiles from dating apps.
duxup · 23h ago
A flash in the pan gossip app that when it functions normally is not worried about anyone's privacy / accuracy ... also doesn't care about good policies or their user's privacy.
That seems about right.
darth_avocado · 21h ago
You could say that the *Tea has been spilt*
JohnMakin · 21h ago
Painting this as a "gossip" app seems extraordinarily reductive. Women have a good incentive to share info about and to one another for safety beyond "gossip."
darkwizard42 · 19h ago
Is it reductive? It also has good incentive for someone jilted or misinterpreting something to suddenly tarnish someone's reputation with little recourse for the other party. It is a one-sided review app for people in a way that people affected may never even know!
duxup · 21h ago
Go checkout the website, the first image is just two people gossiping.
This app operates just like an app some creep online would use, people post pictures (permission or not) and gossip about them.
jahewson · 19h ago
There’s also a ton of bad incentives for those women who lie, manipulate and abuse beyond “gossip”.
There are plenty of examples of people making things up about other people who they thought wronged them. Mob justice is really disgusting, and that's all this site is. People justify horribly vindictive behavior when they think they're righting a perceived wrong.
ryandv · 1h ago
You're right, but my question was asking what incentives exist to discourage revenge, blackmail, and the other behaviours you describe.
I suspect that there was no answer to my original question because we all know that we'll sooner let surgeons hack off children's genitals than hold progressive white women accountable for their actions...
BizarroLand · 19h ago
If guys had an app that women couldn't access where we shit talked all of our exes with photo evidence women would riot at the company HQ.
But then again, can't convince people as a whole that men are, on average, good and decent people with normal flaws just like women, and therefore deserve to be protected, loved, and appreciated equally.
throwpoaster · 16h ago
Oh no, they doxxed the users of the doxxing app. Shocking (tiny violin emoji)!
> At 6:44 AM PST on 7/25, we identified unauthorized access to our systems and immediately launched a full investigation to understand the scope and impact of the incident. Here’s what we know at this tim
The first sentence is already a lie as there was never authorization in place followed by more lies.
chneu · 5h ago
That page is nothing but lies. Wow. They admit to lying to their users(about data retention) and then lie more. That's incredible.
megadopechos · 11h ago
"Your data privacy is of the utmost importance to us."
No it ain't.
irusensei · 3h ago
It's almost poetic that this happens on the same day UK demands website to collect personal identification. I'm looking forward to the shitshow in the upcoming months.
jackdawipper · 16h ago
In 2008 when the GFC every company we worked IT for on contract fired their IT staff first. Two weeks later, we had bonanza period right through into the next year. They realised the hard way that those lowly cheap IT staff were quietly keeping them afloat. We charged a lot to fix their problems they created because their CEO thought IT was a waste of money.
This will prove security in IT coding is necessary, so enjoy watching the drama unfold.
IT security bonanza time. It wont be long.
poemxo · 7h ago
On X, one of the leaked pictures seemed to be a DoD ID card, and I wondered why Tea needed proof of someone's identity. Then I remembered Uber and Lime both want your drivers license. Facebook and Instagram supposedly request it too if your account gets locked. This is not a new normal I like.
cmxch · 21h ago
A case for ironclad data privacy laws that allow people to pierce the veil and request deletion.
energy123 · 2h ago
Repeal section 230 and end this Black Mirror dystopian madness.
edm0nd · 16h ago
Someone dropped a map from all of the photos metadata
You can get Apple Legal involved if your face is on the app and they should get the related posts removed.
cherryteastain · 20h ago
It's on a torrent. Good luck getting that removed.
schroeding · 20h ago
I think they mean the actual posts on tea itself, not the leaked ID photos.
goku12 · 5h ago
Even if only a few women are abusive and gossiping, they will doxx a lot of innocent men. At that stage, that entire app should be treated as illegal and shut down, instead of hoping that Apple legal will find the time to settle each complaint. The entire app is a toxically bigoted concept that gets a pass because the term 'women's safety' is attached to it.
chneu · 5h ago
I'm failing to see how this app is legal. States like Arizona have recently passed anti doxxing laws. Posting any information on this app with the intent of social pressure, harassment, etc is illegal in those states.
At the very least, the app itself might be legal using the "public forum" argument but the content posted on there definitely leaves the users in a legal gray area.
I can see the argument on both sides but this is asking for a case to be brought just so the law can be fleshed out.
red_acted · 40m ago
Bro, I’m just vibing. Wym I have to care about data security… shakingmyheadsmh
motohagiography · 19h ago
for someone who thought Tea was a good idea, what would be the objection be if this leaked contributor data were used to populate a similar app to warn men off?
Frost1x · 19h ago
A rather brilliant idea I must say.
motohagiography · 16h ago
obviously it would be malicious and unethical, but since that didn't seem to stop Tea users, I'd be interested in what their arguments against it would be.
octoberfranklin · 9h ago
There's no objection, but it doesn't work because men compete while women collude.
This has evolutionary origins. A man can, theoretically, father around a thousand children or more in the time it takes a woman to bear one. Sperm are cheap so those who need sperm (i.e. women) don't need to fight with each other. There's plenty to go around. Eggs are scarce so males of myriad species fight each other to the death over them.
It's just biology.
ungreased0675 · 13h ago
I’d like to start seeing legal jeopardy for companies that are careless with customer information. Make developers scared to retain anything they don’t absolutely need.
realsolipsist · 9h ago
Just wanted to add…I can’t sneed
nonhaver · 10h ago
if im understanding correctly this was a public bucket? aside from the obvious leaking of data couldnt this also be subject to a DoW (denial of wallet) attack where a user could auto download all the images constantly on a VPS and cause a massive bill?
chneu · 5h ago
according to the company this was an old bucket they used prior to 2024 when they moved to a more robust system.
So...they were storing people's information long term in a publically accessible bucket when users did not know. In fact, I believe users were told their IDs/selfies were immediately deleted(not stored), then Tea turned around and says they were legally required to store those photos. Tea had to address this in their press release, apparently.
thekevan · 15h ago
Just yesterday I saw tweets from someone popular in tech Twitter talking about how great it was that he helped the person who made this.
honeybadger1 · 20h ago
it should have never been allowed to be published anyway. not trying to justify what is happening, but these kind of apps are historically abused and create more problems than they intentionally try to solve.
SomaticPirate · 19h ago
"An app was created to help women stay safe on dates and avoid creeps, proceeds to be hacked by creeps"
Not a great look here.
However, Tea could have done a modicum of cybersecurity work (or hired an outside firm) to prevent this. If they are claiming to want to keep women safe (and not just running a gossip board) then this should be a red alert for them.
No public acknowledgement is concerning...
Levitz · 17h ago
An app that was created to publicly share images and public information of people got the images and public information of the people sharing it exposed.
I don't know how can anyone feel wrong about this without feeling even worse for what was already taking place.
anonfordays · 13h ago
>However, Tea could have done a modicum of cybersecurity work (or hired an outside firm) to prevent this.
I have no doubt in my mind that this is what they did. An "outside firm" vibe coded this and delivered the results.
amelius · 18h ago
Isn't Apple supposed to protect these app users? I suspect a lawsuit is in the making.
spacebanana7 · 16h ago
There’s nothing Apple can really do about backend security of apps.
Conceivably these storage endpoints might’ve never been directly exposed to mobile clients, instead going through other proxies or CDNs.
chneu · 5h ago
I think what they meant is that Apple is allowing a legally dubious app to operate.
Not that apple should enforce minimum security, but that the app shouldn't be allowed on the App Store in the first place. For obvious reasons.
Supposedly, if your photo is posted on Tea you can contact Apple. Then Apple will force Tea to take your information down.
odiroot · 5h ago
That "Tea" app seems like a real GDPR nightmare anyway.
jjangkke · 21h ago
- The fact that this app exists solidifies the data that a small group of men/women do most of the dating on tinder etc while the vast majority land dates far less if none at all.
- This creates distorted market supply and demand where those small group of men/women become sought after and its only human nature in that they value their supply less than the rest.
- Toxic behavior is expected from that small group of highly attractive people that do all the dating.
- It was only a matter of time before such app would run into legal issues or attract angry individuals. Now the damage to the leaked identities will be prolonged. With the AI tech today, the extent to which a damage can be done is unknown (ex. deepfake, impersonations, further doxxing).
- Tea user's driver licenses as well as selfies, usernames, emails, posts about their dates will drastically increase the surface area for lawsuits, fraud and exploitation by malicious agents.
- The users of this site and those that have directly posted images, details have opened themselves up to significant legal and criminal liability. Given these apps were probably popular in large city centers like California, NY have heavy punishment for digital harassment and privacy violations on top of the damages that can be claimed against them by the men who's information and details were posted.
- Tea is largely insulated from what the users post which means that their biggest exposure might be just neglect and failure to secure data which comes with a slap on the wrist.
Which will make it harder for Tea's userbase to claim large damages against it.
I read more details about this case and its beyond egregious. Unencrypted firebase and full public buckets. There is no hacking involved, the tokens were being used to pull data from roughly all 30,000 users of Tea and were only blocked short while ago.
Allegedly, 60GB of photos, user personal information, driver license, gps data being shared on torrent. A map of all 30,000 users tied to GPS data is being posted as well.
Given the extreme neglect to secure their data, I now believe Tea will be open to even bigger legal liability possibly criminal even.
IlikeKitties · 20h ago
> Allegedly, 60GB of photos, user personal information, driver license, gps data being shared on torrent. A map of all 30,000 users tied to GPS data is being posted as well.
Yeah, I wouldn't worry about the allegedly part, 4chan is dissecting that torrent as we speak, it's quite the party.
No comments yet
wosined · 21h ago
Let's be real you wrote men/women only to be PC. You really meant small group of men.
phkahler · 20h ago
>> Let's be real you wrote men/women only to be PC. You really meant small group of men.
Let me share a message I got from a woman I met a couple years ago on a dating site: "Just a side note about the dating thing on here. I get very annoyed with how horribly men take care of themselves or even try to communicate. Most men today on these sites are repulsive. It was refreshing to see you smile, and look nice. Thank you for that."
So it's not a bunch of red-pill alpha guys. I'm an average guy with basic manners and a lack of creepiness. Heck I was near my all time high weight at the time. Every single woman on those things has at least one story about a guy she met that will make you cringe from his behavior. My fav was the guy who sent a woman flowers before even meeting her - at her workplace! Dude the cyberstalking you need to do to pull that off is CREEPY AF - not romantic.
If you want to be in that top 10 percent of men the bar is incredibly low.
packetlost · 21h ago
No, it really does apply to both. Women who are not dating or are in a stable relationship won't use that app.
jjangkke · 21h ago
People with stable values and relationships most likely won't be on these apps. The wide acceptance of hookup culture via apps is not universal.
In some cultures, mentioning dating apps will immediately lead to negative assumptions and connections are done through vetted networks and specific establishments where "hunting" activity is allowed, some with even more boundary pushing that would be impossible in Western culture.
gruez · 20h ago
Not sure about what "some cultures" you're talking about, but AFAIK "dating apps" is the #1 answer (or at least in the top 3) to "how did you meet your partner" in many countries. They're not just for hookups. Many even market themselves as being for committed relationships, or have features to facilitate that (eg. filters).
arrowsmith · 20h ago
Yes but for the women who are on the app, the distribution of dates is much less skewed. (I assume.)
Why the downvote? It is just pictures and names. Both disclosed against their will but, and this is the ROTFL part, this is exactly what the ladies did. Uploading pictures and names of unsuspecting male victims and violating their privacy.
Let ladies have some of their own medicine.
technion · 13h ago
Given it's now "fixed", here's the scraping code so you can verify how this went down:
What's the actual violation though? If you click through the "User Generated Content" link, it shows that it's allowed, just that they have to moderate it.
I believe this argument, still not clear why it became viral recently
jasonvorhe · 16h ago
Tiktok. Some men who got flagged in the app shared their perspectives and some of it went viral.
pavel_lishin · 22h ago
> more likely a vibe coded slop app
I mean, it's fun to throw baseless accusations around, but do you have any actual reason to suspect this?
therein · 21h ago
If you look at the API, it is a slop app. The IDs were being uploaded to a public Firebase bucket. Chats are also public now. The full API keys are leaked because they were in the shipped app.
Vvector · 20h ago
None of that ever happened before AI. Right...
bigfishrunning · 18h ago
It had to learn from somewhere!
raverbashing · 21h ago
Do you think if that was disproved that would be better somehow?
bobsmooth · 22h ago
With all this talk about age verification, I have to wonder if the complete lack of security was intentional.
pavel_lishin · 22h ago
How do you mean?
bobsmooth · 21h ago
The UK and some US states are instituting age verification for adult content. Doxxing thousands of women is a great way to get people talking about privacy and security.
pavel_lishin · 21h ago
That feels like a hell of a risk to take just to get a conversation started. Not just the obvious implications of endangering all the users, but the cloud that's going to hang over everyone associated with Tea, now.
This is such excruciating incompetence by the app developers I'm wondering if it was intentional. Done to punish the women who dared to speak up about vile men.
I just hope they can pursue legal action for this, whether it was a deliberate trap or not.
okokwhatever · 3h ago
What a moment to be a woman dude...
hnpolicestate · 14h ago
The trend has been for all things related to sex, dating and relationships to be aggressively male hostile. But I think it's certainly peaked. Off topic, any notice how anti -male bumble is? Trash app.
WrongOnInternet · 15h ago
Not to get all conspiratorial, but if I was an incel, or other type of woman-hating-man, with an axe to grind, creating an app to "protect" women and their dirty secrets, then having their data "breached" would be a pretty diabolical revenge plan. Only women can join the app, but the only person running the app is a man? Nothing suspicious about that...
mandmandam · 3h ago
For all the gloating in here about doxxers getting doxxed, there sure are a lot of HN accounts exposing themselves as utter creeps in here.
SalmoShalazar · 2h ago
It is the nature of the user base here. For a group so loud about privacy, users here seem to be very gleeful about these women having their personal information released.
exiguus · 20h ago
Kind of meta toxic behaviour to download the data from a App that has the goal to prevent woman from men toxic behaviour.
az226 · 19h ago
Doxxers getting doxxed is peak irony.
jahewson · 19h ago
Let’s not kid ourselves, the goal is to shame men in an attempt to control them.
archagon · 18h ago
Maybe if all these creepy men just dated each other and left women alone, the problem would solve itself.
lupusreal · 17h ago
Great suggestion, very practical and well intentioned. On that note, I had another idea; toxic women should stop associating with men. They should take themselves off the dating apps and stop ruining the lives of any men that might be unfortunate enough to pair up with them. My suggestion is just as practical as your suggestion I think. The toxic women can self-identify and voluntarily exclude themselves just as well as the creepy men.
chneu · 4h ago
>They should take themselves off the dating apps
Then they can't complain about how horrible people are. Unfortunately, being a victim is a large part of many people's personalities. This is especially true for the "chronically single" people on dating apps. It's never their fault people don't want to date them! It's everyone else who is horrible.
Years ago when I was on the apps and went on dates it was obvious who these people were. They rarely actually go on dates because every person they match with is a predator to them. Then, if an actual date happened, it would quickly go nowhere because they're treating you as if you're a predator. The whole vibe with these people is awkward and judgmental. Then folks wonder why their dating app experience is bad.
loeg · 18h ago
I don't think that's the actual goal, or outcome.
jjangkke · 21h ago
Some observations:
- The fact that this app exists solidifies the data that a small group of men/women do most of the dating on tinder etc while the vast majority land dates far less if none at all.
- This creates distorted market supply and demand where those small group of men/women become sought after and its only human nature in that they value their supply less than the rest.
- Toxic behavior is expected from that small group of highly attractive people that do all the dating.
- It was only a matter of time before such app would run into legal issues or attract angry individuals. Now the damage to the leaked identities will be prolonged. With the AI tech today, the extent to which a damage can be doned with the information from the leaks is unknown.
- As for the company behind Tea, they are done. They face a monumental class action lawsuit as well as ongoing individual civil/criminal cases that will arise from the leaked identities, in particular the photo of driver licenses as well as selfies, usernames, emails drastically increase the surface area for damages.
- The users of this site and those that have directly posted images, details have opened themselves up to significant liability from not only the men they have targeted but from law enforcement.
- We'll see some new laws being formed from this case. Once again, we see the hidden dangers of blindly trusting large popular platforms with sensitive data but the twist with Tea here is the defamation activity that opens up its users to both civil and criminal liability.
pavel_lishin · 21h ago
> The fact that this app exists solidifies that a small group of men/women do most of the dating on the quick fleeting connections on tinder etc while the vast majority on a few if not none at all.
I don't follow.
> This creates distorted market supply and demand where those small group of men/women become sought after
Isn't that true in the real world as well? I'm not exactly a hunk; people weren't tripping over themselves to ask me out, whereas some of my friends and acquaintances did have to figuratively beat people off with a stick.
firefax · 17h ago
>Isn't that true in the real world as well?
I suspect the folks complaining about "markets" in online dating are not the kind of people who can connect offline.
To be fair, I think online dating has gotten worse -- sites like OkCupid used to match you based on shared affinity... the issue there is you could be a very high match on shared values but not someone's "type" visually -- imagine being shown the girl of your dreams only to find out the feeling is not mutual :-)
Conversely, I feel like people sometimes forget that they opted into these interactions, it's not like someone strolled up in a bar and began talking at them.
Anyways... if you're frustrated with apps, I'd suggest doing just that. Talk to people.
I met my last girlfriend at a bus stop. Before that, on a porch -- I was walking by and struck up a convo.
If you can't connect with people organically, no amount of tech can save you.
chneu · 4h ago
anyone talking about "markets" in dating is a redpiller. That's redpill talk. They probably also "neg" women and talk about eugenics-adjacent stuff.
arrowsmith · 19h ago
It’s true in the real world, but dating apps make it much more exaggerated.
msgodel · 15h ago
I think making prostitution illegal was probably a mistake. This used to be confined to brothels and everyone shamed it.
Freewalled
https://jarv.is/notes/cloudflare-dns-archive-is-blocked
I linked the plain HTTP version... which seems to rely on a series of redirects; potentially TOR:
Tough to say :) Vaguely reminiscent of SNI troubles on the web server... which can depend on the client. I thought that was becoming exceedingly irrelevant, though.>DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!
>Tea App uploads all user verification submissions to this public firebase storage bucket with the prefix "attachments/": [link, now offline]
>Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It's a public bucket. I have written a Python script which scrapes the bucket and downloads all the images, page by page, so you can see if you're in it: [pastebin link]
>The censoring in picrel was added by me. The images in the bucket are raw and uncensored. Nice "anonymous" app. This is what happens when you entrust your personal information to a bunch of vibe-coding DEI hires.
>I won't be replying to this or making any more threads about it. I did my part, God bless you all. Regards, anon
Being so careless with people's personal data should be a major crime, tbh. If I manipulated thousands of people to let me scan their passports and various other bits of personal info, then just left the copies around the city for people to find, I'd be prosecuted, and rightfully so.
No comments yet
Good analogy. Also, this is the main point of the EU GDPR.
Any bad behavior should be legal if the victim should have realized the warning signs.
How is Tea even legal? Isn't this just a legal libel timebomb waiting to happen?
"This guy is a creeper and treats romantic partners terribly" is pure opinion, and cannot be defamatory. The (rare) kinds of opinion statements that can be defamatory generally take the form of "I believe (subjective thing) about this person because I observed (objective thing)", where "(objective thing)" is itself false. "The vibe I get about this person is that they hunt humans for sport" does not take that form and is almost certainly not defamatory.
Under US law, providers are generally not liable for defamatory content generated by users unless you can show they materially encouraged that content in its specifics, which is a high bar app providers are unlikely to clear.
Standard disclaimer that law varies by jurisdiction. However, that limited list typically includes claims that the person committed a crime. Many juristictions also include accusing someone of having a contagious disease, engaging in sexual misconduct, or engaging is misconduct that is inconsistent with proper conduct in their profession.
In other words, the types of things I would expect people to be talking about on tea overlap heavily with defamation per-se.
If the users were careful to make all of their statements opinions, that defense would work. However, I doubt that is the case. Instead, I expect many users to include example of what their ex did that led to their opinion; which gets directly into the realm of factual statements.
The provider protections are real, and likely protect the app from direct lawsuits (or, at least from losing them), but do not protect the app's users. A few news stories about an abusive ex going after their former partner based on what they posted in the app could be enough to scare users away. You don't even need to win the lawsuit if your goal is to harass the other person.
That is true. But i think untrained and emotionaly involved individuals will have trouble navigating the boundaries of defamation. Instead of writing opinions like “treats romantic partners terribly” they will write statements purporting facts like “this creep lured me to his house, raped me, and gave me the clap”. This is not an opinion but three individually provable statements of facts. Plus the third would be considered “defamation per se” in most jurisdictions if it were false. (The false allegation that someone has an STD is considered so loathsome that in most places the person wouldn’t need to prove damages.)
Unles specifically coached people would write this second way. Both because it is rethoricaly more powerfull, but also because they would report on their own personal experience. To be able to say “treats romantic partners terribly” they would need to canvas multiple former partners and then put their emotionaly charged stories into calm terms. That requires a lot of work. While the kind of message i’m suggesting only requires the commenter to report things they personaly know about. And in an emotionaly charged situation, like a breakup, people would be more likely to exagarate in their descriptions, making defamatory claims more likely.
> Under US law, providers are generally not liable for defamatory content generated by users…
This is true, and i believe this is the real key. Even if the commenters would be liable, the site themselves would be unlikely to become liable with them.
1. To prove that the factual claims made by the defendant were false, and that the defendant should have known they were false
2. That you suffered actual damages from those claims
Very hard to make happen on a dating app.
For example in the US, to sue for defamation you need to prove something is false, whereas in the UK the defendant has to prove that what they said or wrote (and are being sued for) is true.
(I've no idea whether this app had any non-US use, but thought worth adding this comment regardless since it's a general point about defamation law and being discussed on a site with a big international audience.)
What happened on the tea app were probably not knowable, observable or refutable for those actually being doxxed or slandered.
That isn’t me saying 4chan is absolutely morally in the clear, but it’s still quite a significant distinction.
It seems like your argument is based on (1) the discussion being slander (assumption); and (2) the idea that you could refute it if it were public (good luck, low credibility, also most men would immediately respond with vulgar name calling and - at least if anonymous - threats).
It was only anonymous for the women speaking there, but not for the men they were speaking about, hence the justified outrage, since anonymous strangers are gossiping/slandering you in a public online space behind a 2$ entry fee.
Would you also support if men had their own such public "safe spaces" to gossip anonymously about real women with their names? I can assure you it would be shut down immediately.
So then why do we allow double standards where only one sex should loose their right to online privacy?
Because like the earlier comment points out, letting anonymous people trash talk real people and name them is a core feature of 4chan.
The claim that it provides safety really is just that, an empty claim.
A better way would have been to charge a small subscription fee - like $2/month or something. The fee filters out 99% of the trolls out there (who wants to pay to troll) and also gives the app/website admins access to billing info - name, mailing address, phone number, etc - without the need for a full ID scan. So the tiny amount of trolls that do pay to troll would have to enter accurate deanonymizing payment information to even get on the system in the first place.
And it can be made so only admins know peoples' true identities. For the user facing parts, pseudonyms and usernames are still very possible - again so long as everyone understands up front that such a platform would ultimately not be anonymous on the back end.
But oh no, that won't hypergrow the company and dominate the internet! Think of all the people in India and China you're missing out on! /sarcasm
The only reason I haven't is because it feels like LinkedIn may have already jumped the shark and I wouldn't really get the value for my money.
That's Pure. And they have more than 5$ I believe.
Have you seen who has the blue checkmarks on Twitter/X now? I'll give you a hint, it's not the people who argue in good faith.
So the same as it was before you could buy them?
You've never visited X (formerly known as Twitter)?
The issue is they decided to roll their own extremely questionable service and insecurely store sensitive images in a public bucket
Multiple SAAS vendors provide ID verification for ~$2/each. They should have eaten that fee when it was small and then found a way pass it onto the users later
It is not, indeed.
The first part is its goal: identity is secondary, the main purpose is money. It means a customer can put a fake name and address as long as the money part is considered OK. Most PSPs won't check the cardholder name (it can be used for fuzzy scoring, but exact match is a fool's errand). Address is usually only required for physical goods and won't be checked otherwise. And 3DSecure will shift the blame enough that the PSP won't need to care that much about the details.
The second part is the whole mess that comes with payments. You'll become a card testing pot in no time, and you'll be dealing with all the fuss just to check identities, you'll soon be rising the token payment to a significant amount to cover the costs, and before you realize it half your business has shifted into payment handling.
This is incorrect. The parent acts like it isn't trivial to obtain payment methods that aren't linked to the payer. It seems like a reasonable possibility.
For whom? For people willing to be an asshole on the internet? For people willing to stalk other people online? This sounds exactly like the group of people that would look for ways of paying for something in ways not linked to them, even if that means "borrowing" someone else's identity
No comments yet
By this logic: I suppose glassdoor, yelp, or Google reviews aren't legal either?
What about identity verification as part of any employment offer?
Even the open platforms creep me out. I don’t like seeing unverified accounts of crime in Nextdoor, I think if you see some crime you go to the police. I had a series of in person interactions with a woman which seemed creepy in retrospect, her Nextdoor was full of creepy stuff including screenshots of creepy online interactions. At least this gives everyone clear evidence they should keep away.
Or in this case, sharing personal information about yourself...
Where you come from, people arent allowed to share their own experiences interacting with third parties without the third parties consent?
Sounds pretty oppressive, but there are absolutely many jurisdictions where that is not the case.
Its the only country in the world where Tea operates or is open to users, what other country’s laws do you think apply to it?
Cool, I'm sure Tea is only available to report things about United States citiz... nevermind.
It runs afoul of about a dozen european rights to privacy, imagery and consent laws. And that's just by posting pictures ! Libel and slander are a bunch of others, right to a response is also another... the list is long. It is, once again, yet another dudebro trying to skirt legality.
The EU is welcome to try to enforce its local laws on the US operations of a US business open only to US users, but I don’t think its going to have much success.
https://www.edpb.europa.eu/system/files/2024-10/edpb_2024041...
That boat already sailed and it already happened. "US only operations" does not matter (which is already bullshit, as Tea does not verify that users are US ones, they merely disabled downloading in the play/app store): posting pictures of European citizens runs afoul of European laws. Sure, they can't come and arrest you on US soil. Just don't travel too much.
Tea can collect and use photos of EU citizens, if it collected them in the USA, with (all other things being equal) no fear of GDPR violations.
So, yes Facebook can't collect photos of EU citizens, then process and do "stuff" with them in the USA, without violating GDPR, because that'd be the easiest out ever for multinational tech companies.
It is the location of the subject of the personal data collection that matters, not their citizenship.
The document you linked is interesting but I'm skeptical that you actually read it. It effectively says that in practice there's no hope of enforcing actions against entities that are purely in the US unless their behavior has run afoul of state or federal policy.
It does note that if concrete damages are recognized by the court that there is a decent chance US courts will cooperate to enforce the judgment. But the vast majority of GDPR enforcement is punitive as opposed to compensatory so it's not particularly relevant.
I'm also not clear why you think traveling would matter. DPA penalties are administrative in nature, not criminal. They are also likely to be levied against corporations as opposed to individuals. My guess is that the extremely unlikely worst case is your entry or visa application getting denied.
Needless to say, I am very happy about making the US eat shit.
Two Germans shooting each other in Australia break Australian law, but not German law.
…is clearly not the US, which has probably the most expansive understanding of “freedom of speech” in the world.
The USA doesn't even rank in the top 15 on the human freedom index. Most freedom indices don't even put the USA in the top 20. A few don't even put the USA in the top 30.
Also they have very little to do with “measuring” freedom of speech anyway.
A remarkable fact that's stayed with me: Ken White (@popehat) once said that in his defamation law practice, his largest category of consultations was with clients who'd said negative things about a past romantic partner, who then threatened to sue. I believe his point was those negative things were true most of the time, but difficult to prove, or defend.
I think sometimes folks don't properly threat model what can be done if someone chooses to think about what the consequences for breaking a rule are and letting that guide their actions, rather than striving to avoid breaking them out of some kind of moral principle.
No comments yet
Yes, and? The service is protected in the US by Section 230, and Tea doesn't operate anywhere else currently. Individual users who use it defame are, in principal, subject to defamation liability, but in the US (and, again, that’s the only jurisdiction currently relevant), the burden to proving that the description was both false and at least negligently made (as well as the other elements of the tort) falls on the plaintiff (it is often said that “truth is an absolute defense”, but that’s misleading—falsity and fault are both elements of the prima facie case the plaintiff must establish.)
Sure, in a jurisdiction with strict liability for libel and where truth is actually a defense, and/or where the platform itself, being a deep pockets target, was exposed, Tea would be a more precarious business. But that’s not where it operates.
I suspect that's going to be more of a problem for Tea than hypothetical individual defamation cases.
Although having said that, how can you sue someone for defamation if you never find out you're being defamed?
Any woman can say "Don't date [name], he's a bad person" and the victim will never know.
Unless he asks a female friend for a social credit check, all [name] will see is a shrinking pool of opportunities.
"He's a bad person and you shouldn't date him" is an opinion you can legally express anywhere as much as you want.
I mean, I think it depends what you claim in this post.
I have seen false rape claims, false claims of child abuse, neglect, etc.
With zero repercussions, of course.
A lot of men have had experiences like this one. Either directly or they know someone it happened to. Yeah #NotAllWomen but way too many will exploit the feminist #BelieveAllWomen culture to gain even trivial benefits. An app devoted to letting women anonymous gossip and engage in reputation warfare without fear of consequence, or even fear that the man might reply in self defense, is going to get flooded with women like the taxi passenger.
Go read some statistics on the number of women harassed, abused, raped, and killed every day—every single day—because they are women.
Go ask your mother, your sister, your wife, your female best friend, when they had their last abusive encounter.
Go ask your friends of both genders what the worst things are that could happen to them when walking home at night, and compare the responses.
Go read some historic accounts of how women were treated for… pretty much all of history.
Go look up news articles of what can happen to women when riding a taxi. Spoiler: it’s not just a threat.
Yes, there are some abusive women out there. Yes, it’s fucked up when that happens to you. But trying to insinuate the levels of violence against men would be even remotely comparable is just plain awful.
By people going on the same sort of rants like you just did.
Some People are terrible, especially when they think they can act without consequences.
Does that excuse men doing bad things too? No.
But it sure does (or should!) make anyone with a brain question hyperbolic claims of abuse or violence without actual evidence.
After the big war, some Germans were quick to point out that their people had suffered when they were displaced from the land they occupied in Poland, for example, and that "both sides had suffered". I assume you're also incapable of understanding why the victims of the Nazi regime were completely aghast by that?
> But it sure does (or should!) make anyone with a brain question hyperbolic claims of abuse or violence without actual evidence.
What do you suggest to do instead? Sexual violence is often a crime with only the perpetrator(s) and the victim as witnesses. In most cases, rape doesn't leave persistent traces. Rape victims tend to be in shock, however, and often need time to process what happened. Your suggestion seems to be that we should question these claims?
Judging these cases correctly is incredibly complicated, and claims of wide swaths of men falling prey to abusive women don't really help anyone affected.
Yes, we should question those claims, and any others. Or everyone who wants to be shitty will do it via that route. It’s basic shitty human behavior.
That it screws actual victims is why people gaming the system should be punished.
But not challenging these claims just makes more victims too. And eventually people will just tune out accusations, because the shittiness has gotten too pervasive. And then the predators/shitty humans will get be doing more actual rape eh? Which is terrible.
This is why it’s also prudent to be very careful who anyone is alone with, favor video recording of public spaces, etc. as well. Because the best way to avoid a situation is to make it as difficult as possible for the situation to occur, and minimize the chances of any ambiguity. Which is also shitty for everyone.
Personally, I also don’t trust the stats because I’ve seen many (5+) women retcon clearly consensual behavior (that they were even bragging about before!) into ‘he raped me’ when someone tried to shame them for it later, or there was some leverage they could get out of it. I had one who literally admitted to me when I investigated that she was doing it to punish the guy for refusing to date her later. Another was fine until she went home and her mom gave her crap about her dating behavior, and then all the sudden it was rape. Until we started to interview her for her story, and then she admitted it was consensual.
I very much believe actual rapes and SA’s occur. I personally have literally never seen an accusation for rape or SA that stood up to even the lightest scrutiny, within the environments I’ve been responsible for. And not because I was trying to avoid them!
The joys of being a manager of mixed sex groups eh?
If we could figure out the actual truth of these situations, then we could punish actual offenders and not constantly be in this BS situation.
Some social problems just don't have technological solutions.
Those ten reports could be made by one person. That one person might not even know the person they're accusing. That one person might be a man. That one person might be a bot.
You'd have to ignore the last three decades of online identity, trolling and social media pitfalls to not recognize that.
And please don't compare reviewing a can opener on Amazon to accusing someone anonymously of a heinous crime on an app built by one person.
But I'm not sure I'm going to convince you with words so I'll suggest this:
Go and build this app.
Build it, see what happens. Nobody else has been able to crack this but maybe you can.
https://en.wikipedia.org/wiki/Halifax_Slasher
That's not what it is intended for, but many people after relationships end can be extremely emotional and sometimes very spiteful. It's not uncommon for people to embellish or lie about the truth to make themselves look better and the other person look shitty. Especially if you're the one being dumped, you may be even more likely to engage in petty behaviour.
I personally have experienced an ex making up a sexual assault story. This kind of app didn't exist then, but she even went as far as reporting me to the police. Luckily the police investigated and could easily discern it was a lie. Going to the police is obviously a much higher burden than using an app, and yet many females still go make false SA claims there. Do you really think it wouldn't be a common problem for people to do the same in an app at a much higher rate?
People often believe things like SA claims without any evidence and will often even attack people trying to defend the person or insist on some kind of proof. It means that someone making up bull crap on these apps is going to be treated like it is true, yet the rates of lies would likely be pretty high.
People can just be so crazy when it comes to relationships/love. Especially when it comes to people in their teens or early 20's, the brain isn't fully developed and dealing with these emotions is even more challenging and leads to even more rash decision making.
The more common it is, the more damaging false claims of it are. It's a self-defeating linear relationship.
A well-designed system will maximize utility for the former, and minimize utility for the latter. An app where women can leave what are practically anonymous reviews for men is not such a system.
It might be relavent to who wins the lawsuit, but sometimes the mere existence of a lawsuit is pretty painful.
I mean if witches didn't do anything surely they wouldn't be hunted down.
This isn't all of the people, but in my experience in life it's more than enough to make this app impossible to filter.
coolcoolcool. I'm sure that never ever gets abused horrifically.
I still maintain my pet theory that this is a downstream effect of the normalization of paranoia around pedophiles that began hitting the mainstream in the '80s. The modern world is exceptionally safe, yet to the average person, it feels exceptionally dangerous.
...While I've got the hood up, I'll continue soapboxing.
I've started seeing rare instances such as a young woman walking around a corner and there is a man rounding the same corner, surprising her by mistake, and the woman starts crying or breathing in a panicked way, unable to regulate herself for several minutes. It's not always walking around the corner at the same time, but there's a common pattern of being surprised by a man just going about his day and experiencing a severe fear response to that interaction.
When I look at a lot of cultural related issues today, beyond just gender, I see many signs of pervasive psychological issues. I don't know what the solution is, but I'm very confident that the root cause is more complicated than something you can describe in a single sentence.
But I was friends with my wife's friends before we got married, and in a sample size of ~20 women my age, every single one of them has experienced inappropriate and unwanted touching in social settings. And a large number of them were victims of outright rape.
In comparison, I have many male friends and of them, I only know one who has been wrongly accused of sexual assault (the lady openly talked about doing it to help with a promotion...)
So even if both sides may have a few bad apples, one side is a much more prevalent problem when it comes to the number of victims.
The same hypothetical 5% can inflict harm to multiple women, that's why multiple women and girls complained about Epstein and Trump.
Men's driver licenses were not distributed online. Only women's driver licenses were distributed online.
I assume the app then runs facial recognition.
This may be legal in the US, but not under GDPR. Pictures of faces are biometric data (explicitly listed as such), which falls under additional restrictions beyond personally identifiable information.
A drivers license with the picture blacked out would be less sensitive than the picture itself!
This whole story is an amazing example of why the GDPR is correct about this, IMHO.
Imagining a future where I have to pay Tea to promote and astroturf my profile or they lower my rating, and pay bot farms to post glowing reviews
Yes, as far as I understand, you upload pictures of men, either taken in the wild or from dating sites (Tinder) against their will. I am pretty sure that this would be illegal in some jurisdictions. Especially EU.
Without bias and gossip, who would even want to use the app?
https://en.wikipedia.org/wiki/Lulu_(app)
It gets shut down, everyone forgets, then someone eventually has a brilliant idea...
It come from a place of sincerity but defenders imagine everyone would use it for the same reasons they would: Warning people of genuine threats in the dating world. They would never use it for gossip, or revenge, or creative writing, etc. so they don't imagine others would.
But at scale, if generously only 0.1% of women in America are bad actors that would weaponize this app, that's over 150k people (not to mention men slipping past security). And the thing about bad actors is that one bad actor can have an outsized effect.
The problem is the demand is there for such groups and I see posts that range from, “this guy tried to get me to get in his car”, or “man exposed himself to me”, to “man has twice approached children at my child’s school” or “I was drugged and raped after meeting with X on Y dating app”.
Lots of sexual attackers are known to multiple women.
Fact is that in lots of countries rape kits don’t get processed, it’s hard to secure a conviction, many serial sex offenders walk free and many women don’t want to go through a reliving of their trauma in court.
As a result these kinds of groups are very useful, not just for women who are actively dating, but for women who are simply existing in day-to-day public life. We have a president and a supreme court judge who both have been accused of serious sex offenses and nothing happened.
Is there a chance that some man who has done nothing wrong, gets accused by a woman in these groups? Yes of course there is a chance that could happen, but many would prefer to not take the risk of dating someone that has been accused of being a sex offender and the vast majority of posts with confirmation by multiple women confirm that bias.
These groups help keep women safer than without them. There’s a good reason why many women just don’t date at all any more. Covid lockdowns reminded them that they don’t really need it and it’s more hassle than it’s worth.
Sadly the vast majority of men are fine (not all men), but not enough call out the bad and dangerous behavior of a minority of their friends and peers. Until that happens women will be drawn to these apps and groups to try to be safer and not be a part of a sex crime statistic.
The concern of false accusation appears to be... brushed aside. Are you a man? How would you feel if you were falsely accused? Knowing that this could snowball into being doxxed, having your employer informed etc. Innocent men have been jailed for this.
https://news.ycombinator.com/item?id=41707495
The answer to your last two questions is found within section 230 of the Communications Decency Act.
It's only not a thing because, in the U.S., it's redundant. In other jurisdictions, it might be a thing, because there are places where a claim can be both defamatory and true.
No comments yet
https://x.com/JacobJohnson494/status/1948222924235624870
humans in general act like psychos, the danger comes more from the size differential than propensity to act like a jerk.
Do we have more physical violence from men towards women than the opposite? I think I saw that the reality is yes. Does it mean that men are biologically coded to be violent, or is it a question of education and culture?
If you conclude the second one, it is not "sexist" (on the contrary, it may even be that the culture that creates the problem is itself rooted in sexism and that acknowledging some reality about its existence may help changing this culture), and does not imply prejudice against men, just acknowledging that we need to be careful in case of bad apples.
It still means that talking about this requires to be very careful.
To react on your example, I think it is a good think to notice if some population have a bigger problem at this subject than others, and we can then identify more easily the places where this problem forms and target these places. But people who concludes "look at violence divided by race, so I can generalise and be prejudicial to everyone in some race and not other" are idiots.
However, homosexual relationships has equal rate of partner violence as heterosexual ones. A bisexual woman that has a relationship with an other woman will double her rate of physical violence compare to relationship with a man (statically). A man who has a relationship with an other man will half his rate of violence. This makes no sense at all (unless we believe that sexual orientation is an factor for violent behavior), unless we add a additional factor of sexual dimorphism. Men are on average larger and more muscular, and there seems to be a correlation between being the larger/stronger and using physical strength/fists during a fight. The smaller person is in return more likely to use tools or other means of violence. Statistically, fist also has a higher probability to do damage than improvised weapons, since people are more proficient in using their fists.
Does it mean men are biologically coded to be violent? No. Is it a question about education and culture. Maybe in some countries/cultures, and it wouldn't hurt to use the education system to teach people conflict resolution. Getting people who are physically larger to not exploit that fact during a heated fight is likely a hard problem to solve on a population level.
I think "any form of violence" is not a constructive direction. First, this ends up being very subjective: between 2 forms of psychological violence, which one is the most violent? Secondly, if indeed it is cultural, it implies that different sub-culture may have different ways of acting, so we can always play the subgroups to make it says whatever we want. But most importantly, it is not very relevant for our context: in the case of the first interactions during heterosexual dating, pretending that men risk as much as women seems a very unconvincing claim, for several reasons (even if under-represented it should be under-represented to an unrealistic level to reach an equal level, and it also does not fit with plenty of cultural tropes (I can find a video explaining explicitly that manly men need to dominate their female partner. I'm sure it exists, but the simple fact that I cannot easily find a video explaining explicitly that womenly women need to dominate their male partner shows it's not that of a trope. On the other hand, I can also easily find videos about "trad wife" that will explain that a womenly woman must be with a dominating man))
For the rest, I think we say the same thing: talking about the visible issues is not a problem in itself, but people instrumentalising these issues to be racist or sexist are the problem.
If it's almost all about the size of the specific two people in a relationship, it's a terrible terrible idea to aggregate that by gender, leading to completely misplaced wariness and judgement.
It looks very clear to me that violent behavior in relationship (and more specifically, in the first few days of dating) is a question of education, not the result of one person being bigger. For example, every parents are stronger than their young children, but only some kind of parent are violent towards their children. If it's a question of education, reducing the problem of the size of the people is a terrible terrible idea: the problem will never go away because you don't understand the source and therefore don't act on the source to fix it.
It feels like some people here are framing the problem in "men vs women" framework, as if it is a competition and they don't want to accept that maybe men behavior is different from women behavior because the way they are raised in our society. I don't really see the point: I'm a man, and yet I don't take it personally. The same way I don't take it personally when someone says "don't accept candy from strangers": I'm a stranger for a lot of kids, and yet I understand why they should be prudent and I understand that, in situation where I have to interact with an unknown kid, I should do things differently (for example not giving them candy), not because I'm a danger for them, but because it is true that there is danger and that they cannot know if I'm a danger or not.
So many men take it uselessly and nonconstructively personally as soon as it is dating.
That's the main argument of the grandparent post. If you're missing that then you're not really responding to what they said.
They went into significant detail so I feel like trying to reword it myself would be worse than suggesting you read the post again.
> If it's a question of education, reducing the problem of the size of the people is a terrible terrible idea: the problem will never go away because you don't understand the source and therefore don't act on the source to fix it.
Nah. Root cause analysis is entirely different from risk analysis. This is about risk analysis. If a woman dates a man that's smaller than her, who should be more worried about violence? That's not the time to worry about why and how to fix society.
> maybe men behavior is different from women behavior
Maybe it is! But then you need a really good explanation for the data in the above post. Or you need to say the data is wrong. But you can't just dismiss it as being defensive.
It feels a bit like saying "there is a bug in software X, but there is also a bug in software Y, so let's not fix the bug in software X".
Of course, men also suffer from problems. It even feels that it is usually also due to machismo or something similar. Sometimes, it feels like the majority of men's problem is in fact self-inflicted by the manosphere. They both complain of suicide rate, army draft, violence against men, but they also promote a culture of not-showing-emotion-otherwise-you-are-not-manly, a-man-is-worthless-if-they-dont-succeed, army-is-manly-and-women-are-weak, a-man-should-show-dominence-and-other-men-are-a-threath, ...
People likes to see things in black or white, but the reality is more complicated, and there is no advantages that does not bring also some disadvantages.
> Black people are the most likely to experience domestic violence—either male-to-female or female-to-male—followed by Hispanic people and White people.2 Centers for Disease Control and Prevention. The national intimate partner and sexual violence survey: 2010-2012 state report.
> Asian people are the least likely to experience intimate partner violence.[1]
[1] https://www.verywellmind.com/domestic-violence-varies-by-eth...
2020 USA Per Capita Count of Mortality Event: Assault(Homicide), Female: 0.00139%
https://datacommons.org/tools/visualization#visType%3Dtimeli...
> Partner violence appears to account for ~34% of violence against women[2] (but vs. 6% for men)
And this is sort of the point of the comment higher up: when you cut the stat this way, it seems like men are wildly dangerous creeps. But it is a statistic comparing one group to another group. We need to instead look at the absolute rate of partner violence to decide if men are on the whole violent murders or so, and there, the overall risk is low.
[1]: https://dataunodc.un.org/dp-intentional-homicide-victims
[2]: https://bjs.ojp.gov/female-murder-victims-and-victim-offende...
[3]: (I've assumed a round population of 340M for the US, with 50/50 gender, just an approximation.)
Not exactly. The statistics didn't specify the gender identity of the perpetuator, just the relationship to the victim and the gender identity of the victim.
Doesn't look correct.
https://www.worldometers.info/demographics/us-demographics/
18k men are murdered. But women are murdered by their partners at a higher rate.
Is suicide not counted in any way? A significant other or their loss will have a significant impact on mental health.
Edit: 100% are murder victims
https://bjs.ojp.gov/female-murder-victims-and-victim-offende...
I have no idea if their number is correct for that either.
But... you're trying to correct their statistics?
I agree with you that in the context, your stats maybe make more sense. But if you're going to correct someone, you generally should recognize what they were trying to communicate in the first place.
If such a service exists and isn’t being too effective, shouldn’t that be worked on?
My guess is that there’s more to the reasons for why Tea is popular but the safety argument is largely being used to defend it
I think this is called "the police"
A narrowing of section 230 would not be good for Apple or Google, though they wouldn’t face any liability for the Tea apps conduct.
https://www.techdirt.com/2020/06/23/hello-youve-been-referre...
To me this feels as if people widely thought that the Apollo Program was intended to prevent people from traveling to the moon, or Magna Carta was meant to prevent barons from limiting the king's power, or Impressionism was all about using technical artistic skills to depict scenes in a realistically detailed way.
I think sometimes confusion about Section 230 maybe points to some legal soft spots.
I think there's a trend — good or bad — for courts to see websites as accountable for users' activities on the site when those activities are systematic and collectively illegal or jeopardized, when the website is seen as encouraging the activity.
It's not hard for me to imagine a court deciding that the intrinsic nature of the website encourages systematic libel, and is therefore is somehow involved in the creation of post content.
Even more specifically, I'm not sure the "good faith" clause of Section 230 even applies to something like Tea in the case of libel, should libel be there.
Now, actually showing libel is another thing, but that's also easier for me to imagine today than even a year ago, especially in the presence of a data breach where posters are exposed.
I guess I don't see Tea as being held legally responsible for anything about the content of user posts, in the US at least, for the reasons outlined in that article. But I also wouldn't be surprised if it did happen.
Defamation is still not protected, it's just the person who posted it who is liable. Meanwhile the site's "editorial control" is protected by the first amendment, not section 230.
Facebook shouldn't legally be allowed to demand an ID any more than this disaster of an "app."
Now tens of thousands of people will be subject to identity theft because someone thought this was a neat growth hacking pattern for their ethically dubious idea of a social networking site.
https://theconversation.com/porn-websites-now-require-age-ve...
https://developer.apple.com/videos/play/wwdc2025/232/
Link to the related web standard https://www.w3.org/TR/vc-data-model-2.0/
It can be done with fairly basic cryptography. But the infrastructure around it would grow only if there's a demand. Otherwise people go with lowest denominator.
Simple solution: decriminalize uttering to any person who is not an employee of the government or a regulated bank.
> The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.
What exactly does this mean? Which information is exchanged without consent of these people? This seems to me more problematic than the actual topic of the data breach.
1) you dated a guy on tinder, he became all pushy on your first date, touched you inappropriately even though you said no. Or some guy became violent during your relationship and you even found out he has a history of that.
2) you dated a nice guy but he dumped you for whatever reason, and now you want to get back at him so you make up stuff like mentioned above, and post it there.
This case couldn't be more clear cut. It's horrid, and the people running the sites should be held accountable. Two wrongs don't make a right, especially when it will inevitably cost innocent lives, sooner or later.
Here's a few relevant statistics, which I hope you and all the people who failed to downvote you might consider:
* Out of every 1,000 sexual assaults, approximately 310 are reported to the police.
* Of those reported, only about 13 cases are referred to a prosecutor.
* Ultimately, only about 7 cases lead to a felony conviction.
* For every 100 rapes reported, only 18 result in an arrest.
* Fewer than 7% of reported rape cases lead to a conviction.
* In some studies, the conviction rate for rape has been reported as low as 3.2% in certain jurisdictions.
Sources:
https://rainn.org/articles/what-expect-criminal-justice-syst...
https://www.uml.edu/news/stories/2019/sexual_assault_researc...
¹: I am a man myself and I understand that men feel threatened this may happen to them. But I personally know multiple women who experienced sexual violence and zero men who were accused of rape
So how to neutrally approach this? If you ignore cases without a conviction it's close to 50/50. Seems implausibly high though.
And then how do you factor in everything that didn't go to court?
https://pmc.ncbi.nlm.nih.gov/articles/PMC2663360/
> There is increasing evidence to suggest that women commit as much or more IPV as men (Archer, 2000; Melton & Belknap, 2003). Among adolescents, research consistently shows that females perpetrate more acts of violence in intimate relationships than males.
or:
http://www.ejhs.org/volume5/deviancetonormal.htm
> Anderson (1998, 1996), presented self-reported prevalence rates for women's sexual coercion of between 25% and 40% and for physically forced sexual contact between 1.6% and 7.1%. Of perhaps greater significance was the women's self-reports of engaging in a classic date-rape scenario - taking advantage of someone who was under the influence of alcohol or drugs. When asked about initiating sexual contact with a man when his judgment was impaired by drugs or alcohol, between 32% and 51% of the women said that they had. Further, between 5% and 15% of women reported giving a man alcohol or drugs in an attempt to have sexual contact with him.
Obviously, these self-reported female rapists are going almost completely unpunished! Everyone needs equal access to these groups. That also solves the problem of libelous claims that the victim doesn't have an opportunity to address.
Now if someone says something online it can be read for years and often without context of when it was originally written.
Ideally you'd see fines in the 10%s of revenue. In egregious cases (gross negligence) like this, you should be able to go outside the LLC and recoup from equity holders' personal assets.
Alas, if only we had consumer protections.
A somewhat embarrassing but relevant example: my friends and I used Grindr for years (many still do), and we remained loyal despite the company's terrible track record with user data, privacy, and security as there simply wasn't (and still isn't) a viable alternative offering the same service at the expected level.
It appears Tea saw a pretty large pop in discussion across social channels over the last few days so I'm pretty hopeful this will lend itself to widespread discussion where the users can understand just how poorly this reflects on the company and determine if they want to stick around or jump ship.
That cuts to the issue some other comments have pointed out, that user trust is really their most important capital – and with short attention spans and short news cycles, it may rebound surprisingly fast.
The GDPR in Europe attempts to reset this but it’s still an uphill battle
And some kind of legal penalty for the engineers as well. Just fining the company does nothing to change the behavior of the people who built it in the first place.
https://www.teaforwomen.com/about >With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology to create a game-changing platform that prioritizes women’s safety
If you're lucky, a clown vibe coded this trash. If you're unlucky, he paid someone to do so, and despite his proven background about leading top Bay Area companies, didn't even think to check a single time.
The CEO is directly responsible for this.
> With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology
Blah blah blah blah blah... Just goes to show that you can write all sorts of powerful sounding words about yourself on your About page, but it doesn't say anything about your actual competence. I mean, I don't have a "proven background leading product development teams" but I sure as shit wouldn't make obvious amateur-level mistakes like this if I ever did a startup.
Joining in with some other comments on this thread, if the stamp of a certified person was required to submit/sign apps with more than 10K or 100K users and came with personal risk and potential loss of licensure, I imagine things would change quickly.
I'm personally not for introducing more gatekeeping and control over software distribution (Apple/Google already have too much power). Also not sure how you'd make it work in an international context, but would be simple to implement for US based companies if Apple/Google wanted to tackle the problem.
I think the broader issue is that we as a society don't see data exposure or bad development practices as real harm. However, exposing the addresses and personal info of people talking about potentially violent, aggressive or unsafe people seems very dangerous.
They don't seem to value privacy.
How was this app going to monetize?
I'm guessing by selling user data, namely drivers license info to phone number.
There would be a morbid irony in the idea of a tool marketed as increasing safety for women actually being a honeypot operation to accumulate very sensitive personal information on those very women.
* App Store review requires a lightweight security audit / checklist on the backend protections.
* App Store CTF Kill Switch. Publisher has to share a private CTF token with Apple with a public name (e.g. /etc/apple-ctf-token ). The app store can automatically kill the app if the token is ever breached.
* Publisher is required to include their own sensitive records ( access to a high-value bank account) within their backend . Apple audits that these secrets are in the same storage as the consumer records.
If you want companies to care about security then you need to make it affect their bottom line.
This wasn't the work of some super hacker. They literally just posted the info in public.
You could: - make Software Engineer a protected title that requires formal engineering education and mentorship as well as membership to your country's professional engineering body (Canada already does this) - make collecting and storing PII illegal unless done by a certified Software Engineer - add legal responsibility to certified Software Engineers. If a beach like this happens they lose their license or go to jail. And you easily know who is responsible for it because it's the PEng's name on the project - magically, nobody wants to collect PII insecurely anymore or hire vibe coders or give idiots access to push insecure stuff - bonus: being a certified Software Engineer now boosts your salary by 5x and the only people that will do it actually know WTF they are doing instead of cowboys, and that company will never hire a cowboy because of liability. The entire Internet is now more secure, more profitable for professionals, and dumb AI junk goes in the trash
Like this
Its not like anyone intentionally posts their entire DB to the internet.
> We can reduce the latency of discovery and resolution by adding software protocols.
Can we? What does this even mean?
[Edit: i guess you mean the things in your parent comment about requiring including some sort of canary token in the DB. I'm skeptical about that as it assumes certain db structure and is difficult to verify compliance.
More importantly i don't really see how it would have stopped this specific situation. It seems like the leak was published to 4chan pretty immediately. More generally how do you discover if the token is leaked, in general? Its not like the hackers are going to self-report.]
My bigger concern though is how you translate that into discovering such breaches. Are you just googling for your token once a day? This breach was fairly public but lots of breaches are either sold or shared privately. By the time its public enough to show up in a google search usually everyone already knows the who and what of the breach. I think it would be unusual for the contents of the breach to be publicly shared without identifying where the contents came from.
My SSN / private information has been leaked 10+ now. I had identify fraud once, resulting in ~8 hours of phone calls to various banks resulting in everything being removed.
What are my damages?
That is why Tea did not operate in Europe.
The onus is on users to protect themselves, not the OS. As long as the OS enables the users to do what they want, no security policy will totally protect the user from themselves.
Meanwhile, in the UK, new legislation requires me to upload my face and driver's license just to browse Reddit.
On a more serious note, implementing such a law without also providing a 0-knowledge authentication system ready to use by the government is just so unbelievably stupid (for multiple unrelated reasons).
r/ukguns r/cider r/sexualassault r/stopsmoking
Think of the children!
It isn't just gossip websites requiring this, and it isn't just gossip websites suffering breaches.
No comments yet
"use your brain" is no substitute for security. This is a hacker forum. We think about how to protect apps. Even smart people have slipped up
Sorry, well deserved ladies. It just made my day. ROTFL.
And please provide an app with all the names and pictures of the ladies who used it. So that I can easily check who not to date.
Oh wait—no such thing exists!
It's up to us to teach this to our children. There's no hope of getting the current generations of Internet users to grasp the simple idea that app/website backends are black boxes to you, the user, such that there is absolutely nothing preventing them from selling the personal information you gave them to anyone they see fit, or even just failing to secure it properly.
Without being a developer yourself or having this information drilled into you at a young age, you're just going to grow up naively thinking that there's nothing wrong with giving personal information such as photos of your driver's license to random third parties that you have no reason to trust whatsoever, just because they have a form in their app or on their website that requests it from you.
even the most savvy consumers slip up, or are in a hurry. it's impossible to make a perfect security decision every time
Presumably the risk/reward still favors risky practices.
Now that's a creative solution! Every admin must have a table called `MY_PERSONAL_INFO` in their DB.
The EV certs failed because general SSL identity is pretty weak. Consumers don't know how to use it to establish trust. There's no enforcement on how the names are used. for example, my county treasurer has me transfer thousands of dollars on a random domain name.
There will always be lowest-common-denominator users, but there is clearly some demand for an alternative to the biggest 5 websites...
Interesting play, calling 95% of users "lowest-common-denominator". Those silly, blabbering morons that don't understand that they should be running Bazzite on their Framework laptops instead of using evil evil sofware.
>there is clearly some demand for an alternative to the biggest 5 websites...
This demand doesn't pay, and also happens to be some of the most demanding, entitled users you'll have ever seen.
Mmmhmm
* App publishing process includes signatures that the publisher must embed in their database. When those signatures end up on the dark web, App Store is notified and the App is revoked
You have a lot of interesting suggestions.
I would love to see some kind of forced transparency. Too bad back-end code doesn’t run under any App/Play Store control, so it’s harder to force an (accurate) audit.
The idea has merit. You have to relinquish some control to establish security. Look at App Store, Microsoft Store , MacOS App store -- they all sandbox and reduce API scope in order to improve security for consumers.
I'm more on the side of autonomy and trust, but then we have reckless developers doing stuff like this, putting the whole industry on watch.
We could do better in our trade at encouraging best practices in this space. Every time there's a breach , the community shames the publisher . But the real shame is on us for not establishing better auditing protocols. Security best practices are just the start. You have to have transparent, ongoing auditing and pen-testing to sustain it.
How do you enforce the token actually exists? Do app developers have to hire some auditing firm to attest all their infra actually have the token available? Seems expensive.
No comments yet
1st sentence: "exposed database"
We need a more nuanced headline here. They did nothing responsible. 404 should title this story with something that will blame them first and the 'hackers' 2nd.
Drivers licenses can be faked. Moreover, someone can just pretend to be someone else on this app with real drivers licenses.
The whole premise, implementation and process of Tea as a social media app is flawed, and a legal liability for the devs.
The internet went from 'YouTube asking users to never use your real name' to 'you have to submit your ID to some random app' in 10 years. Crazy!
It's the only way they will push companies to STOP storing them long term.
I've been in several companies (mostly FinTech) that store personal sensitive documents "just in case". They should be used for whatever is needed and deleted. But lazy compliance and operations VPs would push to keep them... or worse, the marketing people
Because we couldn't get anyone to take the internet seriously if it was just a bunch of anonymous pseudonyms trolling each other. And maybe that was a mistake.
Just look at Facebook. Users with real names sharing all kinds of inane schizo nonsense, extremism, building echo chambers without realizing it, becoming completely divorced from reality as perceived by the majority of people around them in meatspace, because they section themselves off in cyberspace.
If they have a problem with it then I will gradually remove pieces until they’re okay. But I haven’t had to do this the few times I’ve used this tactic – it causes issues with automated scans but eventually some human manually reviews it and says it’s okay.
What I don’t like is the “live verification” apps that leave me no choice but to take a photo of it.
That's becoming the norm now, presumably because of concern that people are taking leaked scans from one site, and using it to commit identify fraud (eg. getting KYC scans from crypto exchanges and using it to apply for accounts at other crypto changes, for money laundering purposes).
No comments yet
This absolutely should not be normalized. If I'm ever prompted to submit photos of a government ID to some service, I'm turning heel. I'll try to use their phone service (which I just did successfully this week), correspond via mail or maybe, as you've said, handle it in person but I'm probably content to go without.
My driver's license is scanned every time I buy beer. I'm under no illusions that it's not quite readily available in any number of leaks or disclosures.
If that sounds defeatist, maybe it is. Nothing online is private. Once it's in a database, it's only a matter of time before it's exposed. History has proven this again and again.
It wasn't "normies" so much as it was the leadership and early investors of Facebook shoving "just trust us" and FOMO literally everywhere online. The hype (and hope) in 2010 was REAL and almost all privacy related conversations were shut down on sight. Heck, I think I still have my copy of Jeff Jarvis's Public Parts (ISBN13 9781451636352) somewhere in my closet. Amazing read if you really want to understand the mindset in place at the time.
These are actually still very hard to do. I don't know anyone who would let me use their license for this purpose.
There is a much higher concern for data validation and no one used HTTPS 20 years ago. Literally there were social networks with people uploading photos and personal stuff which didn't even have HTTPS.
I check all CVE's of the software my clients use because we need to figure out why things are broken and often this is a start -> unpatched CVE's. Most (by far) CVE's are not 'honest mistakes' or missed corner cases because rocket-science; they are just sloppy programming. Something that should never pass review. We DO know better but people ship things and hope for the best (including the case in this post etc).
That's precisely my point.
> Most (by far) CVE's are not 'honest mistakes' or missed corner cases because rocket-science; they are just sloppy programming.
This is actually true, but it's true because we have way better tooling and safer languages, which means we don't see nearly as many buffer overflows or memory management issues.
It's not that you didn't have negligent programmers back then.
> Something that should never pass review. We DO know better but people ship things and hope for the best (including the case in this post etc).
That's not new though. We've seen similar things happen in the past multiple times.
20 years ago code review was literally a bunch of meetings in a room or talk with another developer in person. Having something like github where you make a pull request, passes the automated test suite and requires a code review, etc. simply wasn't done. If in 2005 that already existed it was extremely bleeding edge.
I do have concerns about the code quality issues introduced by the abuse of LLMs, but until right before that was a thing, definitely the code quality in general has improved a lot.
It's not just that this database was accessible via the internet. It was all public data. Storing people's IDs in a public database is just... wow.
Yeah, we’ve finally, nearly, just got to the point where realizing that treating IT and security and such as simply a cost centre to be minimised maybe quite wasn’t leading to optimal security outcomes - to throwing it all away again.
https://www.bleepingcomputer.com/news/security/misconfigured...
We have a couple of decades more until we lock tech up, up until now it was all fun and games, but now and in the future tech will be everywhere and will be load bearing
I bet on greed. It always wins.
* Out of every 1,000 sexual assaults, approximately 310 are reported to the police.
* Of those reported, only about 13 cases are referred to a prosecutor.
* Ultimately, only about 7 cases lead to a felony conviction.
* For every 100 rapes reported, only 18 result in an arrest.
* Fewer than 7% of reported rape cases lead to a conviction.
* In some studies, the conviction rate for rape has been reported as low as 3.2% in certain jurisdictions.
Sources:
https://rainn.org/articles/what-expect-criminal-justice-syst...
https://www.uml.edu/news/stories/2019/sexual_assault_researc...
If you could imagine what girls and women go through, some on a daily basis, for years, since childhood, I think you might have a better understanding of why a "gossip app" might actually be a pretty sensible option for avoiding sexual assault and worse.
You get laughed at. Hard.
So yeah, I'd like to see these broken down between cis-, hetero-, homo-, and trans-.
And why are cis-lesbian-women also reporting higher numbers of sexual assault than man/woman relationship? No men in that relationship.
https://pmc.ncbi.nlm.nih.gov/articles/PMC5511765/
The rainn articles are propaganda with a specific slant.
Why do people want to live in a panopticon of their own creation, with random anonymous strangers morally policing, judging each other with zero consequence to them?
Don't think we'll ever learn our lesson when it comes to privacy, it will be Eternal September forever.
The irony in this case being that this app operates like a lot of creep subreddits and forums out there with people posting photos of other people without their permission and gossiping / telling stories about them...
Witch Hunt as a Service, with a delightful UX, a little gamification, and soon integration with your favorite apps. Coming to an App Store near you.
Just as Parieto indicates that the bulk of male sexual assaults are done by a few, also indicates that the bulk of female assaults and claims of sexual assault are also done by a few.
Apps like Tea only paint all men as abusive thugs. If this were done, say to black people, this app would have been shut down and a lawsuit in federal court filed. But men are OK to harass, libel, and demean.
Good on anonymous for exposing this obvious double standard. And I hope they get sued by everyone.
So much for the "anonymous" app.
This is the scary reality of an app like this, especially if it continued to go more mainstream.
However there is something to be said about the crowd you find yourself with. If you assume this app to be necessary, I would assume your social standards are not high enough.
What's the bar they cannot clear?
But regardless i do understand the appeal. Dating apps suffer from basically being a low-information market place. There are of course the malicious people, which everyone has an interest in removing from the app. However even ignoroing that its a bit of a lemons market (if you excuse how dehumanizing the metaphor is). Its very hard to tell if someone is a good date just from their profile, and people who are good dates end up in relationships and exit the market quickly while bad dates stay in the market for a much longer time. Allowing some sort of review system does solve that problem - its worked in other domains, like uber drivers or what resturant to go to. So i certainly understand the appeal of why people would want this.
I don't have a fix for this, it is entirely fair to want justice for the defenseless. At the same time I have a strong hunch that there is no problem-solution fit here, at least not with this sort of app.
Women are anonymously spilling tea about men in their cities on viral app - https://news.ycombinator.com/item?id=44682914 - July 2025 (17 comments)
Apple had no issue mass censoring Parlor and others, how is an app like this able to reach #1 under all?
Truth.
"Don't let Toyota's 'reliable car at a reasonable price' marketing fool you, they're all about money." Yeah, but does that preclude them from selling me an actually reliable car at a reasonable price?
If Toyota says that we're the car company that cares about you, we want to keep you safe from the bad actors, and trust us on making right choices for you - and when you discover Toyota has been secretly building out an ad network, in bed with Chinese government, you have to call them out. And that's what Apple is doing.
Privacy is a human right, except in China where they are happy to go along with what the government wants. Google atleast had the balls to pack up and leave the country.
https://www.bet.com/article/pe65fc/apple-s-black-diversity-c...
I take doxing, stalking, revenge porn and cyber bullying very seriously! And I would pay good money for a background check, to stay away from such people.
Buddy, believe me, women who are using Tea would pay to know that they need to avoid you too.
Seems like the simple solution here is for Tea to allow men to register and advertise themselves as not interested in Tea users, maybe by linking profiles from dating apps.
That seems about right.
This app operates just like an app some creep online would use, people post pictures (permission or not) and gossip about them.
There are plenty of examples of people making things up about other people who they thought wronged them. Mob justice is really disgusting, and that's all this site is. People justify horribly vindictive behavior when they think they're righting a perceived wrong.
I suspect that there was no answer to my original question because we all know that we'll sooner let surgeons hack off children's genitals than hold progressive white women accountable for their actions...
But then again, can't convince people as a whole that men are, on average, good and decent people with normal flaws just like women, and therefore deserve to be protected, loved, and appreciated equally.
https://www.teaforwomen.com/data-breach
The first sentence is already a lie as there was never authorization in place followed by more lies.
No it ain't.
This will prove security in IT coding is necessary, so enjoy watching the drama unfold.
IT security bonanza time. It wont be long.
RIP
https://x.com/vxunderground/status/1948850061493850598
At the very least, the app itself might be legal using the "public forum" argument but the content posted on there definitely leaves the users in a legal gray area.
I can see the argument on both sides but this is asking for a case to be brought just so the law can be fleshed out.
This has evolutionary origins. A man can, theoretically, father around a thousand children or more in the time it takes a woman to bear one. Sperm are cheap so those who need sperm (i.e. women) don't need to fight with each other. There's plenty to go around. Eggs are scarce so males of myriad species fight each other to the death over them.
It's just biology.
So...they were storing people's information long term in a publically accessible bucket when users did not know. In fact, I believe users were told their IDs/selfies were immediately deleted(not stored), then Tea turned around and says they were legally required to store those photos. Tea had to address this in their press release, apparently.
Not a great look here.
However, Tea could have done a modicum of cybersecurity work (or hired an outside firm) to prevent this. If they are claiming to want to keep women safe (and not just running a gossip board) then this should be a red alert for them. No public acknowledgement is concerning...
I don't know how can anyone feel wrong about this without feeling even worse for what was already taking place.
I have no doubt in my mind that this is what they did. An "outside firm" vibe coded this and delivered the results.
Conceivably these storage endpoints might’ve never been directly exposed to mobile clients, instead going through other proxies or CDNs.
Not that apple should enforce minimum security, but that the app shouldn't be allowed on the App Store in the first place. For obvious reasons.
Supposedly, if your photo is posted on Tea you can contact Apple. Then Apple will force Tea to take your information down.
- This creates distorted market supply and demand where those small group of men/women become sought after and its only human nature in that they value their supply less than the rest.
- Toxic behavior is expected from that small group of highly attractive people that do all the dating.
- It was only a matter of time before such app would run into legal issues or attract angry individuals. Now the damage to the leaked identities will be prolonged. With the AI tech today, the extent to which a damage can be done is unknown (ex. deepfake, impersonations, further doxxing).
- Tea user's driver licenses as well as selfies, usernames, emails, posts about their dates will drastically increase the surface area for lawsuits, fraud and exploitation by malicious agents.
- The users of this site and those that have directly posted images, details have opened themselves up to significant legal and criminal liability. Given these apps were probably popular in large city centers like California, NY have heavy punishment for digital harassment and privacy violations on top of the damages that can be claimed against them by the men who's information and details were posted.
- Tea is largely insulated from what the users post which means that their biggest exposure might be just neglect and failure to secure data which comes with a slap on the wrist. Which will make it harder for Tea's userbase to claim large damages against it.
I read more details about this case and its beyond egregious. Unencrypted firebase and full public buckets. There is no hacking involved, the tokens were being used to pull data from roughly all 30,000 users of Tea and were only blocked short while ago.
Allegedly, 60GB of photos, user personal information, driver license, gps data being shared on torrent. A map of all 30,000 users tied to GPS data is being posted as well.
Given the extreme neglect to secure their data, I now believe Tea will be open to even bigger legal liability possibly criminal even.
Yeah, I wouldn't worry about the allegedly part, 4chan is dissecting that torrent as we speak, it's quite the party.
No comments yet
Let me share a message I got from a woman I met a couple years ago on a dating site: "Just a side note about the dating thing on here. I get very annoyed with how horribly men take care of themselves or even try to communicate. Most men today on these sites are repulsive. It was refreshing to see you smile, and look nice. Thank you for that."
So it's not a bunch of red-pill alpha guys. I'm an average guy with basic manners and a lack of creepiness. Heck I was near my all time high weight at the time. Every single woman on those things has at least one story about a guy she met that will make you cringe from his behavior. My fav was the guy who sent a woman flowers before even meeting her - at her workplace! Dude the cyberstalking you need to do to pull that off is CREEPY AF - not romantic.
If you want to be in that top 10 percent of men the bar is incredibly low.
In some cultures, mentioning dating apps will immediately lead to negative assumptions and connections are done through vetted networks and specific establishments where "hunting" activity is allowed, some with even more boundary pushing that would be impossible in Western culture.
magnet:?xt=urn:btih:3e5a8c55eb4720b4fbd1d0fb5c45adb0fad53569&dn=tea
Ugh. I’m clearly getting old. I don’t even remember the last time I went to 4chan.
Let ladies have some of their own medicine.
https://pastebin.com/CPBiqd1E
No comments yet
Edit: Nevermind, looks like Tea has been around for quite some time already. But it kinda flew under the radar with a fairly small user base.
https://support.google.com/googleplay/android-developer/answ...
But yeah please tell me how "we care about your privacy"
I mean, it's fun to throw baseless accusations around, but do you have any actual reason to suspect this?
Two people, in public.
I just hope they can pursue legal action for this, whether it was a deliberate trap or not.
Then they can't complain about how horrible people are. Unfortunately, being a victim is a large part of many people's personalities. This is especially true for the "chronically single" people on dating apps. It's never their fault people don't want to date them! It's everyone else who is horrible.
Years ago when I was on the apps and went on dates it was obvious who these people were. They rarely actually go on dates because every person they match with is a predator to them. Then, if an actual date happened, it would quickly go nowhere because they're treating you as if you're a predator. The whole vibe with these people is awkward and judgmental. Then folks wonder why their dating app experience is bad.
- The fact that this app exists solidifies the data that a small group of men/women do most of the dating on tinder etc while the vast majority land dates far less if none at all.
- This creates distorted market supply and demand where those small group of men/women become sought after and its only human nature in that they value their supply less than the rest.
- Toxic behavior is expected from that small group of highly attractive people that do all the dating.
- It was only a matter of time before such app would run into legal issues or attract angry individuals. Now the damage to the leaked identities will be prolonged. With the AI tech today, the extent to which a damage can be doned with the information from the leaks is unknown.
- As for the company behind Tea, they are done. They face a monumental class action lawsuit as well as ongoing individual civil/criminal cases that will arise from the leaked identities, in particular the photo of driver licenses as well as selfies, usernames, emails drastically increase the surface area for damages.
- The users of this site and those that have directly posted images, details have opened themselves up to significant liability from not only the men they have targeted but from law enforcement.
- We'll see some new laws being formed from this case. Once again, we see the hidden dangers of blindly trusting large popular platforms with sensitive data but the twist with Tea here is the defamation activity that opens up its users to both civil and criminal liability.
I don't follow.
> This creates distorted market supply and demand where those small group of men/women become sought after
Isn't that true in the real world as well? I'm not exactly a hunk; people weren't tripping over themselves to ask me out, whereas some of my friends and acquaintances did have to figuratively beat people off with a stick.
I suspect the folks complaining about "markets" in online dating are not the kind of people who can connect offline.
To be fair, I think online dating has gotten worse -- sites like OkCupid used to match you based on shared affinity... the issue there is you could be a very high match on shared values but not someone's "type" visually -- imagine being shown the girl of your dreams only to find out the feeling is not mutual :-)
Conversely, I feel like people sometimes forget that they opted into these interactions, it's not like someone strolled up in a bar and began talking at them.
Anyways... if you're frustrated with apps, I'd suggest doing just that. Talk to people.
I met my last girlfriend at a bus stop. Before that, on a porch -- I was walking by and struck up a convo.
If you can't connect with people organically, no amount of tech can save you.