Tough to say :) Vaguely reminiscent of SNI troubles on the web server... which can depend on the client. I thought that was becoming exceedingly irrelevant, though.
>DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!
>Tea App uploads all user verification submissions to this public firebase storage bucket with the prefix "attachments/": [link, now offline]
>Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It's a public bucket. I have written a Python script which scrapes the bucket and downloads all the images, page by page, so you can see if you're in it: [pastebin link]
>The censoring in picrel was added by me. The images in the bucket are raw and uncensored. Nice "anonymous" app. This is what happens when you entrust your personal information to a bunch of vibe-coding DEI hires.
>I won't be replying to this or making any more threads about it. I did my part, God bless you all. Regards, anon
Being so careless with people's personal data should be a major crime, tbh. If I manipulated thousands of people to let me scan their passports and various other bits of personal info, then just left the copies around the city for people to find, I'd be prosecuted, and rightfully so.
ipnon · 6h ago
The irony of a doxxing app being wrecked by the anonymous is too much for me!
gitremote · 4h ago
It's not a doxxing app:
"Tea was founded by Sean Cook, a tech innovator inspired by his mother’s unsettling encounters with online dating, including catfishing and meeting men with hidden criminal pasts. His goal? Create a women-only space where users can post honest reviews, red flags, and personal stories about men they’ve dated. Unlike traditional dating apps, Tea isn’t about swiping for matches—it’s about safety. The app offers tools like background checks, catfish verification through “Catfish Finder AI,” and a secure community forum called “The Tea Party Group Chat.” Plus, 10% of its profits go to the National Domestic Violence Hotline, amplifying its commitment to women’s safety.
The app’s anonymous platform is its heart, letting women share warnings without fear. One user’s story stands out: Sarah, a 28-year-old from Chicago, posted about her ex, who seemed charming but turned violent. After escaping the relationship, she learned he was active on dating apps. Her Tea post detailed his behavior, and later, another user reached out on social media, thanking her for the warning that kept her from a dangerous date."
Women who were sexually assaulted tried to warn other women about their assaulter on the app. Anon doxxed these sexual assault victims, re-victimizing them. Anon thinks that it's men who were victimized and want to take revenge on these women who experienced sexual assault.
It's expected that anon is misogynist, and now the talking point is that these women are perpetrators of misandry who got what they deserve.
serial_dev · 2h ago
You can’t just quote from a PR puff piece and expect anyone to be convinced it is not a doxxing app.
The proof is in the pudding.
It was built for doxxing and quite potentially spreading lies about men and on top of that, they doxxed all of their users, too. They pretty much doxxed everyone who used the app or was mentioned on the platform.
I don’t see how it is not a doxxing app, but go ahead and find me another PR article that says it is the best thing since sliced bread and the founders should be saints.
Nevermark · 2h ago
I should create an app called “Dox.com”.
The selling point is you sign up and can share, support, amplify fellow doxers. A community for the non-Chan-ish, but Chan-ish, crowd to commune.
But when your in, it looks like your the first sign up.
To you. To the rest of the world all your sign up info is on DoxedMyself.com.
But I don’t have the time. So feel free to Y-combinate to your hearts worth! On me!
tgv · 2h ago
Apparently, the red flags also include "has ghosted me" and "is married." Now, those are valid reasons to not date someone, but it's not safety. Safety is just the excuse, just like it is in so many other cases.
It's fucked up that you can't have an honest app to keep people safe, but the makers could have known the problems in advance, and probably did.
> One user’s story stands out
In which precisely nothing happened. We don't even know the nature of the alleged violence.
> It's expected that anon is misogynist
Did you just give a negative impression of someone you don't know?
gitremote · 1h ago
> Did you just give a negative impression of someone you don't know?
Anon doxxed women who might have restraining orders against violent stalkers, and they assumed that female coders created the female-based app by referring to "vibe-coding DEI hires".
Why are you defending a doxxer hacker?
suddenlybananas · 23m ago
Walking through an open door is not hacking.
2c2c2c · 2h ago
this app is replicating a set of women only facebook groups. there's one for every major US city. it's sort of an if you know you know situation.
the vast majority of posts are speculation on someone being douchey or a cheater. women in their twenties seem to really enjoy browsing through the gossip.
DocTomoe · 3h ago
It's an app that exposes the identity of people against their will. That's the exact definition of doxxing.
Whether the original intent was honourable or not - or if they decide to spend part of their income to a honourable cause - does not factor in to the nature of the system.
Worse, in some jurisdictions (I’m not certain about the US specifics), this kind of unsanctioned exposure could actively hinder legal prosecution of actual predators. If a person is publicly accused on a non-official platform before trial, any resulting lawsuit might be thrown out on grounds of prejudicial exposure or even perjury. The accused could claim that the testimony is tainted or retaliatory — particularly if the platform enables near-anonymous posting without formal vetting^1.
[1] Yes, the app collects driver’s licenses. But let’s be honest: in the U.S., a fake driver’s license is practically a rite of passage. Entire generations of underage teens have used them to get into clubs and bars. If that’s your trust anchor, you don’t have much of one.
whatevaa · 3h ago
So the system is fucked, as I see it.
DocTomoe · 1h ago
It feels broken because it is broken. But if you weaken procedural safeguards to ‘fix’ it, you don’t get justice - you get lynch mobs. Sometimes quite literally. There have been people beaten to death by neighbors because they were declared a sexual offender online - which later turned out to be wrong.
A criminal justice system has to protect even the accused against injustice. If it doesn't, it's not justice, but just a kangaroo court.
parineum · 2h ago
> One user’s story stands out: Sarah, a 28-year-old from Chicago, posted about her ex, who seemed charming but turned violent. After escaping the relationship, she learned he was active on dating apps. Her Tea post detailed his behavior
How hard would it be to believe that none of that was true and the woman was being vindictive?
People can be shitty, including women.
bigfudge · 2h ago
They can, but rates of domestic violence are so high that it seems reasonable to want to do something about it.
I dated online a few years ago and met my partner. In that time I met 4 women for dates who talked about really scary behaviour from previous men they’d met. These weren’t even relationships… just dates they’d met for coffee or whatever. These women had no reason to lie or exaggerate to me - and I’d probably prompted the conversation by asking about “how has it been on hinge” or whatever.
I think we need to remember throughout all of this just how badly behaved many men are, and how normal misogyny has become.
DocTomoe · 1h ago
This is a very sensible topic ... and sensible topics need careful solutions, not 'let's reinvent a medevial town square's pillory'.
Western society has become actively anti-dating lately (think: ever since the 1980s). People, especially women, are actively encouraged to scrutinise even minor behaviour for red flags, after all, every man is a potential serial killer. This is so prevalent that we have made movies about that sort of paranoia ... and there are people in treatment over it. Clinically, this is often referred to as hypervigilance/paranoia syndrome, a pattern related to PTSD — both as a consequence of trauma and, paradoxically, as a source of relational dysfunction.
This is not meant to downplay the reality of actual assaults. But it points to a deeper systemic issue: The drive to protect against potential violence has, in some circles, taken on a life of its own - and in doing so, it has poisoned trust.
So - I do not claim your 4 women were not at some point scared by a guy during a date. But what used to be considered 'assertive, reliable, masculine' behaviour in the 1950s has become 'prelude to slaughter' these days, especially when other factors are present (e.g. 'he doesn't turn out to be Prince Charming that I expected' or 'he decided to split the bill').
So ... if there is an actual case of domestic violence, the solution is not to create an instrument that can be badly abused and does not follow rule of law - it is to go to ... law enforcement, and let the courts deal with it. IF the guy is a problem, let them put him away, rather than slandering him online.
bigfudge · 1h ago
For a sense of scale here. One guy had brought a bag of sex toys to a first date.
Another called (a different woman) a “dirty bitch” when she declined a second date.
Amongst my female friends, I’ve become aware only in my late 40s just how many have suffered sexual assault outside of relationships or controlling and abusive behaviour within them.
I guess what I’m saying is that I think women being vigilant is rational behaviour. In my twenties and thirties I just lacked the imagination to see that colleagues and even male friends would behave in this way, but that can and have.
I don’t think this site is necessarily the right way to fix the problem, but I can totally understand the motivation.
DocTomoe · 45m ago
Thank you for providing scale. From how you describe it, these two examples - while unpleasant - likely fall below the threshold for criminal prosecution. And it’s precisely in that gray area where public shaming platforms risk becoming instruments of mob justice.
The “sex toy guy” (and yes, I now imagine the most awkward and presumptuous version of that scenario - perhaps with a flourish of presentation) is clearly socially tone-deaf. But if no coercion or violence took place: Should his name and face be broadcast online so he can be branded “The Dildo King” for life?
The “dirty bitch” guy? Rude and vulgar, certainly. But how many women have made disparaging comments about men — their height, their hair, their genitals - sometimes in front of them, sometimes with friends? We should strive for dignity and respect on both sides. If we accept social shaming as a norm, it shouldn’t surprise us when the pendulum swings both ways - and no one wins in that world. Was the woman in this case threatened or harmed beyond a verbal outburst?
Being in my mid-40s, I’ve also witnessed what a false or misguided accusation can do to a man - careers destroyed, relationships severed, even suicides.
What we’re dealing with is a cultural and moral challenge - not a technological one. And cultural problems can only be solved through dialogue, mutual respect, and shared norms - not through factionalism or digital vigilantism.
parineum · 1h ago
I'm not disputing any of that but the idea that you can trust what you read on an app like that is the issue.
Trust is a hard thing to come by online, even when people aren't anonymous and speaking publicly (Facebook or any other online place where one might use their real name). Giving people the cover of privacy from the person they are reporting about isn't going to increase the veracity of what's posted.
We already know how people behave online. It's either naive, ignorant or negligent to think otherwise.
conradfr · 1h ago
What is the expected behavior, that a violent person won't ever use dating apps after a relationship is over?
Bluestein · 1h ago
Particularly
batmaniam · 15h ago
Isn't this basically Peeple except gender locked to women? Peeple failed because they couldn't eliminate bias and gossip against anyone. If someone was jealous of another, for example, that person could just write false slander and claim it was real with no evidence. That would have affected the victim for jobs, dates, etc. So it was laughed at by VCs and everyone online and it shut down.
How is Tea even legal? Isn't this just a legal libel timebomb waiting to happen?
tptacek · 11h ago
Defamation (libel and slander) consists of false statements (or direct implications) of fact. Actionable defamation consists either of those false claims that cause quantifiable damages, or that claim things that are per se considered damaging --- a specific and limited list.
"This guy is a creeper and treats romantic partners terribly" is pure opinion, and cannot be defamatory. The (rare) kinds of opinion statements that can be defamatory generally take the form of "I believe (subjective thing) about this person because I observed (objective thing)", where "(objective thing)" is itself false. "The vibe I get about this person is that they hunt humans for sport" does not take that form and is almost certainly not defamatory.
Under US law, providers are generally not liable for defamatory content generated by users unless you can show they materially encouraged that content in its specifics, which is a high bar app providers are unlikely to clear.
gizmo686 · 7h ago
> or that claim things that are per se considered damaging --- a specific and limited list
Standard disclaimer that law varies by jurisdiction. However, that limited list typically includes claims that the person committed a crime. Many juristictions also include accusing someone of having a contagious disease, engaging in sexual misconduct, or engaging is misconduct that is inconsistent with proper conduct in their profession.
In other words, the types of things I would expect people to be talking about on tea overlap heavily with defamation per-se.
If the users were careful to make all of their statements opinions, that defense would work. However, I doubt that is the case. Instead, I expect many users to include example of what their ex did that led to their opinion; which gets directly into the realm of factual statements.
The provider protections are real, and likely protect the app from direct lawsuits (or, at least from losing them), but do not protect the app's users. A few news stories about an abusive ex going after their former partner based on what they posted in the app could be enough to scare users away. You don't even need to win the lawsuit if your goal is to harass the other person.
tptacek · 7h ago
It does, but those bars to defamation claims are based on the US Constitution more than they are on state law. I think another way to put that is that I gave the maximally generous interpretation to the plaintiff there.
krisoft · 7h ago
> "This guy is a creeper and treats romantic partners terribly" is pure opinion, and cannot be defamatory.
That is true. But i think untrained and emotionaly involved individuals will have trouble navigating the boundaries of defamation. Instead of writing opinions like “treats romantic partners terribly” they will write statements purporting facts like “this creep lured me to his house, raped me, and gave me the clap”. This is not an opinion but three individually provable statements of facts. Plus the third would be considered “defamation per se” in most jurisdictions if it were false. (The false allegation that someone has an STD is considered so loathsome that in most places the person wouldn’t need to prove damages.)
Unles specifically coached people would write this second way. Both because it is rethoricaly more powerfull, but also because they would report on their own personal experience. To be able to say “treats romantic partners terribly” they would need to canvas multiple former partners and then put their emotionaly charged stories into calm terms. That requires a lot of work. While the kind of message i’m suggesting only requires the commenter to report things they personaly know about. And in an emotionaly charged situation, like a breakup, people would be more likely to exagarate in their descriptions, making defamatory claims more likely.
> Under US law, providers are generally not liable for defamatory content generated by users…
This is true, and i believe this is the real key. Even if the commenters would be liable, the site themselves would be unlikely to become liable with them.
tptacek · 7h ago
Just keep in mind there are two very high bars you need to clear to come out ahead on a defamation action:
1. To prove that the factual claims made by the defendant were false, and that the defendant should have known they were false
2. That you suffered actual damages from those claims
Very hard to make happen on a dating app.
mullingitover · 2h ago
It’s hilarious that we earnestly debate whether women should be allowed to have a space to speak anonymously about whatever the hell they want, but it’s completely unquestioned that 4chan is a perfectly legal operation.
josteink · 1h ago
I guess a significant difference is than 4chan is fully public. Whatever anyone says there can be observed by anyone and refuted by anyone. You can’t secretly slander anyone there.
What happened on the tea app were probably not knowable, observable or refutable for those actually being doxxed or slandered.
That isn’t me saying 4chan is absolutely morally in the clear, but it’s still quite a significant distinction.
fn-mote · 37m ago
The difference _for you_ is in the public or private nature.
It seems like your argument is based on (1) the discussion being slander (assumption); and (2) the idea that you could refute it if it were public (good luck, low credibility, also most men would immediately respond with vulgar name calling and - at least if anonymous - threats).
akerl_ · 10h ago
A general plug that if you read this comment and thought “damn, 1st amendment law sounds complex and interesting”, you may want to check out https://www.serioustrouble.show/ , a podcast about legal news with a recurring focus on 1st amendment law and cases
dyauspitr · 8h ago
But you can ruin a person’s life on a whim. That cannot be allowed.
akerl_ · 8h ago
Can you cite that? Because in the US I’m not aware of a law against sharing negative opinions about someone.
danparsonson · 7h ago
Right - that's basically the business model of Twitter these days
duxup · 14h ago
This also seems like an app ripe for actual creep / abusers to follow / manipulate.
The claim that it provides safety really is just that, an empty claim.
dabockster · 13h ago
The fact that it verifies by ID scan is also not safe at all for a million different reasons.
A better way would have been to charge a small subscription fee - like $2/month or something. The fee filters out 99% of the trolls out there (who wants to pay to troll) and also gives the app/website admins access to billing info - name, mailing address, phone number, etc - without the need for a full ID scan. So the tiny amount of trolls that do pay to troll would have to enter accurate deanonymizing payment information to even get on the system in the first place.
And it can be made so only admins know peoples' true identities. For the user facing parts, pseudonyms and usernames are still very possible - again so long as everyone understands up front that such a platform would ultimately not be anonymous on the back end.
But oh no, that won't hypergrow the company and dominate the internet! Think of all the people in India and China you're missing out on! /sarcasm
jandrese · 4h ago
> A better way would have been to charge a small subscription fee - like $2/month or something. The fee filters out 99% of the trolls out there
Have you seen who has the blue checkmarks on Twitter/X now? I'll give you a hint, it's not the people who argue in good faith.
konart · 13h ago
>A better way would have been to charge a small subscription fee - like $2/month or something.
That's Pure. And they have more than 5$ I believe.
FiniteIntegral · 10h ago
I think you underestimate the willingness of people to pay to troll, it may filter out people but an app that was (in theory) meant to be secure shouldn't think of a problem as filtering rather than securing. Admins knowing peoples' identities simply moves the weakest link in the chain to the admins. I think an app like this was doomed from the start and 4chan simply pulled the plug on an already leaking bathtub.
msgodel · 10h ago
I've thought about buying throwaway phone numbers just to troll linkedin. I'd be surprised if people weren't finding ways to get accounts on apps like this for trolling.
The only reason I haven't is because it feels like LinkedIn may have already jumped the shark and I wouldn't really get the value for my money.
ada1981 · 4h ago
Are there any premium troll
Sites?
fooker · 2h ago
Twitter with check mark
rKarpinski · 9h ago
Whats wrong with verifying the ID?
The issue is they decided to roll their own extremely questionable service and insecurely store sensitive images in a public bucket
Multiple SAAS vendors provide ID verification for ~$2/each. They should have eaten
that fee when it was small and then found a way pass it onto the users later
dylan604 · 12h ago
you act like it's impossible to get payment credentials that have nothing to do with the user
atomicnumber3 · 11h ago
no, but it is _tremendously_ more difficult than email or even ID scans (unless you're doing actual verification, which is both more expensive and complicated than just charging a nominal fee or even just attaching a Card object to a stripe customer). Just getting to stand on top of an extremely robust existing system (payments) gets you so much adjacent help in keeping bad actors out, or at least getting it down to a human-team manageable level. It can be the difference between a viable business and not.
makeitdouble · 8h ago
› extremely robust existing system (payments)
It is not, indeed.
The first part is its goal: identity is secondary, the main purpose is money. It means a customer can put a fake name and address as long as the money part is considered OK. Most PSPs won't check the cardholder name (it can be used for fuzzy scoring, but exact match is a fool's errand). Address is usually only required for physical goods and won't be checked otherwise. And 3DSecure will shift the blame enough that the PSP won't need to care that much about the details.
The second part is the whole mess that comes with payments. You'll become a card testing pot in no time, and you'll be dealing with all the fuss just to check identities, you'll soon be rising the token payment to a significant amount to cover the costs, and before you realize it half your business has shifted into payment handling.
WarOnPrivacy · 11h ago
> you act like it's impossible to get payment credentials that have nothing to do with the user
This is incorrect. The parent acts like it isn't trivial to obtain payment methods that aren't linked to the payer. It seems like a reasonable possibility.
dylan604 · 10h ago
> It seems like a reasonable possibility.
For whom? For people willing to be an asshole on the internet? For people willing to stalk other people online? This sounds exactly like the group of people that would look for ways of paying for something in ways not linked to them, even if that means "borrowing" someone else's identity
raydev · 4h ago
> who wants to pay to troll
You've never visited X (formerly known as Twitter)?
fragmede · 13h ago
Men will go to great lengths to try and have sex. $2/month just gets you less broke creepers.
whatsupdog · 12h ago
Imagine flipping the genders and writing this comment in another context: "Women will go to great lengths to try and manipulate men. $2/month just gets you less crazy bitches", and imagine the outcry and downvotes. However it's totally normal and acceptable to bunch all men into a singular group and demean 50% of the population.
strken · 11h ago
Your example isn't properly gender flipped. That would be "Women will go to great lengths to take revenge on their exes. $2/month just gets you less broke crazies."
While the above statement would benefit from adding the word "Some" to the start, I'm not sure it would generate much outcry.
nailer · 11h ago
> $2/month just gets you less broke crazies.
Women aren't evaluated on their income like men are, they are evaluated on their looks. An equivalent app would be something that lets men share if women are less attractive than their pictures.
bigfudge · 1h ago
You’re worrying about the wrong thing here. The fact that so many men do these kind of creepy behaviours, and that men who do them are largely indistinguishable from men you meet every day, means that from women’s perspective “men do creepy things, I need to be careful” is an entirely reasonable prior.
blks · 12h ago
Because we live in patriarchal culture and men do sexually attack women on much greater scale than the other way around. You don’t have to be even necessarily evil for that, honestly just some normalised behaviour in some men can be enough to become a creepy person for women.
PaulHoule · 12h ago
Men seem to attack women more often that the other way around but both directions are signifcant
—- About 41% of women and 26% of men experienced contact sexual violence, physical violence, or stalking by an intimate partner during their lifetime and reported a related impact.
—- Over 61 million women and 53 million men have experienced psychological aggression by an intimate partner in their lifetime.
bigfudge · 1h ago
From memory I think those numbers for men include those in same sex relationships.
Also worth noting that men are much more likely to be physically or psychologically attacked by other men than they are by women.
I’m not minimising the idea that women can
Be violent, but we need to be careful to have in proportion. If you look at the most serious categories of harm, or only murder, the differences really are very stark.
pyth0 · 10h ago
> sexual violence, physical violence, or stalking
> psychological aggression
Not at all downplaying the seriousness of emotional and psychological abuse, but these are very different things. Which is the main reason that the concept of this app doesn't bother me much. The immediate physical safety risks of dating as a woman are significantly greater than for men.
PaulHoule · 10h ago
Sure, but it's about a factor of two -- the difference between the sun at noon and 5pm, not the difference between night and day.
Broken bones heal, but psychological wounds can last a lifetime -- and cut that lifetime short either through self-harm or the impact on chronic diseases. Sexual assault is so problematic because it has a very long term psychological impact on people.
opello · 9h ago
It also seems obvious that a physical wound very likely occurs in a context that may also create a psychological one.
handedness · 11h ago
Would you pursue that line of justification if the issue were ethnicity, nationality, sexual orientation, and/or gender expression? I'm not saying you should or shouldn't, and there are sound arguments for and against equating those things, but it seems like it merits consideration before one comments, not after.
whatsupdog · 4h ago
So you'll agree with the following?:
Because we live in black crime culture and blacks do violently attack whites on much greater scale than the other way around. You don’t have to be even necessarily evil for that, honestly just some normalised behaviour in some black people can be enough to become a criminal for white people.
Levitz · 11h ago
But you are just explaining why you are bigoted, bigotry which, in turn, you imply explains why you don't think it's wrong to be sexist. Sexist enough to disregard the importance of publicly sharing people's information.
Do you not see how this is deeply wrong?
perks_12 · 12h ago
I don't think you will find too many men being angry at your example comment just like no women will be pissed about what OP said about men. Don't be fragile.
PaulHoule · 12h ago
Many people will do anything they can to hurt their ex after a breakup.
No comments yet
danesparza · 14h ago
>> How is Tea even legal? Isn't this just a legal libel timebomb waiting to happen?
By this logic: I suppose glassdoor, yelp, or Google reviews aren't legal either?
What about identity verification as part of any employment offer?
AndroTux · 14h ago
The difference is, on these platforms you're rating legal entities. On Tea, you're rating, or rather sharing personal information about, an individual. Where I come from, sharing personal data of someone without their consent is not allowed.
PaulHoule · 12h ago
Also on those platforms you can see if people are trash talking you even if you don’t have a procedure to face your accuser.
Even the open platforms creep me out. I don’t like seeing unverified accounts of crime in Nextdoor, I think if you see some crime you go to the police. I had a series of in person interactions with a woman which seemed creepy in retrospect, her Nextdoor was full of creepy stuff including screenshots of creepy online interactions. At least this gives everyone clear evidence they should keep away.
bluescrn · 9h ago
> On Tea, you're rating, or rather sharing personal information about, an individual.
Or in this case, sharing personal information about yourself...
Bilal_io · 32m ago
No, they'd be sharing the man's photo, name and phone number if I am not mistaken, and obviously without his consent.
umanwizard · 9h ago
> Where I come from
…is clearly not the US, which has probably the most expansive understanding of “freedom of speech” in the world.
dragonwriter · 12h ago
> Where I come from, sharing personal data of someone without their consent is not allowed.
Where you come from, people arent allowed to share their own experiences interacting with third parties without the third parties consent?
Sounds pretty oppressive, but there are absolutely many jurisdictions where that is not the case.
ioasuncvinvaer · 12h ago
They post images of the men in question without consent.
dragonwriter · 12h ago
Unless they are intimate images (in which case revenge porn laws are likely to apply), copyrightable images for which someone other than the poster is the creator posted without the copyright holder’s permission (in which case copyright applies), or being used for commercial promotion or to suggest endorsement (in which case, depending on which states law applies, state law right of personality/publicity, especially if the subject is a celebrity, might apply), that's generally legal in the US.
oc1 · 2h ago
Honey, that's generally not legal in many jurisdictions in the world, including most of europe.
ioasuncvinvaer · 11h ago
Thank god the US is the only country in the world.
dragonwriter · 10h ago
> Thank god the US is the only country in the world.
Its the only country in the world where Tea operates or is open to users, what other country’s laws do you think apply to it?
oc1 · 2h ago
You seem very confused how law applies. Please inform yourself before posting.
ohdeargodno · 11h ago
> that's generally legal in the US.
Cool, I'm sure Tea is only available to report things about United States citiz... nevermind.
It runs afoul of about a dozen european rights to privacy, imagery and consent laws. And that's just by posting pictures ! Libel and slander are a bunch of others, right to a response is also another... the list is long. It is, once again, yet another dudebro trying to skirt legality.
dragonwriter · 10h ago
> It runs afoul of about a dozen european rights to privacy, imagery and consent laws
The EU is welcome to try to enforce its local laws on the US operations of a US business open only to US users, but I don’t think its going to have much success.
ohdeargodno · 5h ago
It's cute that the Americans think they're some special, unrestricted by law type of citizens: they're not.
That boat already sailed and it already happened. "US only operations" does not matter (which is already bullshit, as Tea does not verify that users are US ones, they merely disabled downloading in the play/app store): posting pictures of European citizens runs afoul of European laws. Sure, they can't come and arrest you on US soil. Just don't travel too much.
Quarrel · 15m ago
While the GDPR has extraterritoriality, you are over-reaching here.
Tea can collect and use photos of EU citizens, if it collected them in the USA, with (all other things being equal) no fear of GDPR violations.
So, yes Facebook can't collect photos of EU citizens, then process and do "stuff" with them in the USA, without violating GDPR, because that'd be the easiest out ever for multinational tech companies.
It is the location of the subject of the personal data collection that matters, not their citizenship.
fc417fc802 · 15m ago
Unrestricted by foreign law, yes. Would you be in favor of having US law enforced against you? It bewilders me why anyone would want more of this nonsense in the world instead of less.
The document you linked is interesting but I'm skeptical that you actually read it. It effectively says that in practice there's no hope of enforcing actions against entities that are purely in the US unless their behavior has run afoul of state or federal policy.
It does note that if concrete damages are recognized by the court that there is a decent chance US courts will cooperate to enforce the judgment. But the vast majority of GDPR enforcement is punitive as opposed to compensatory so it's not particularly relevant.
I'm also not clear why you think traveling would matter. DPA penalties are administrative in nature, not criminal. They are also likely to be levied against corporations as opposed to individuals. My guess is that the extremely unlikely worst case is your entry or visa application getting denied.
zoklet-enjoyer · 7h ago
Why would they care if they're breaking European laws? They're not a European company.
ohdeargodno · 5h ago
European laws apply to any European citizen, _anywhere in the world_.
Quarrel · 11m ago
This is not true. Like, (almost) at all. (There are a few tiny exceptions, for instance, if an EU national commits child sexual abuse overseas, they can be prosecuted for it in the EU)
Two Germans shooting each other in Australia break Australian law, but not German law.
fc417fc802 · 12m ago
Ah yes, the notorious extraterritorial "right to be forgotten". Whereby the EU military dispatches its special forces to smash up computers in foreign data centers.
dyauspitr · 8h ago
Why have revenge porn laws and not revenge libel laws.
dragonwriter · 4h ago
What are "revenge libel laws", and, in particular, how would they differ from regular libel laws?
voxic11 · 13h ago
I think its a mostly US based app, in the US sharing your opinion about other people is protected speech.
perihelions · 12h ago
But sharing *facts* about other people is potentially defamatory speech (in the American context). There's a not-at-all small nuance here: when you make concrete allegations about your personal experiences, you're not sharing an opinion—not sharing your subjective reaction to publicly-known information—rather you're introducing novel facts, provable objective facts, into the discussion—your version of those facts. And that comes with genuine legal risks.
A remarkable fact that's stayed with me: Ken White (@popehat) once said that in his defamation law practice, his largest category of consultations was with clients who'd said negative things about a past romantic partner, who then threatened to sue. I believe his point was those negative things were true most of the time, but difficult to prove, or defend.
firefax · 11h ago
I thought, as a practical matter, it's on the person alleging slander or libel to prove falsehood?
I think sometimes folks don't properly threat model what can be done if someone chooses to think about what the consequences for breaking a rule are and letting that guide their actions, rather than striving to avoid breaking them out of some kind of moral principle.
anonym29 · 10h ago
Hypothetically, if I said "firefax murdered an underage prostitute and then sexually violated the underage prostitute's corpse in 2018 and was never caught, I witnessed it happen and tried to report it but the police refused to even open an investigation, firefax is a dangerous predator and should not be trusted", and you lost your job because of that, should you be the one with the burden to prove that never happened?
umanwizard · 9h ago
We are talking about what is the law in a specific country, not what “should” be the law. Also, the bizarrely graphic description is out of place here.
anonym29 · 7h ago
It's a visceral thought experiment, intended to instill a sense of bewilderment at what being falsely accused actually feels like to someone who seems to offer a normative assertion that privileges bad-faith accusers, without actually causing any of the harm of a real false accusation. That is topically relevant and experientially informative while being restrained enough to not be actually harmful.
No comments yet
dragonwriter · 12h ago
> But sharing facts about other people is potentially defamatory speech
Yes, and? The service is protected in the US by Section 230, and Tea doesn't operate anywhere else currently. Individual users who use it defame are, in principal, subject to defamation liability, but in the US (and, again, that’s the only jurisdiction currently relevant), the burden to proving that the description was both false and at least negligently made (as well as the other elements of the tort) falls on the plaintiff (it is often said that “truth is an absolute defense”, but that’s misleading—falsity and fault are both elements of the prima facie case the plaintiff must establish.)
Sure, in a jurisdiction with strict liability for libel and where truth is actually a defense, and/or where the platform itself, being a deep pockets target, was exposed, Tea would be a more precarious business. But that’s not where it operates.
TheOtherHobbes · 8h ago
The most obvious legal claim at the moment is that Tea was negligent about its security.
I suspect that's going to be more of a problem for Tea than hypothetical individual defamation cases.
Although having said that, how can you sue someone for defamation if you never find out you're being defamed?
Any woman can say "Don't date [name], he's a bad person" and the victim will never know.
Unless he asks a female friend for a social credit check, all [name] will see is a shrinking pool of opportunities.
naet · 4h ago
If it's an opinion or a statement of a fact it isn't defamation.
"He's a bad person and you shouldn't date him" is an opinion you can legally express anywhere as much as you want.
perihelions · 12h ago
That's all true. I wasn't clear on the context of this thread, whether we were talking about the users or the platform.
bigfatkitten · 7h ago
Even if it’s true and provable, very few people have the money to defend a defamation matter.
blks · 12h ago
Is making a post on eg Instagram after breaking up with your ex and telling that she/he e.g. abused you, illegal too?
reliabilityguy · 12h ago
Heard of Amber Heard?;)
I mean, I think it depends what you claim in this post.
const_cast · 13h ago
Sharing your opinion is protected speech, by lying is not always protected speech, particularly if done with the intent to financially hurt someone.
firefax · 11h ago
Devil's advocate, but how is saying someone is an unreliable romantic partner going to financially hurt someone? Maybe the reason I haven't had success in the policy arena is because I've been too kind, given recent events :-)
lazide · 6h ago
What words do you think a vindictive ex uses? I don’t think ‘unreliable romantic partner’ are any of them.
I have seen false rape claims, false claims of child abuse, neglect, etc.
With zero repercussions, of course.
parineum · 2h ago
If you're boss is on the app.
gitremote · 13h ago
Do you think a women's dating safety app is mainly about women lying and intending to hurt men, because it's rare for men to stalk or sexually assault women?
prisenco · 12h ago
I do. Not as an indictment of women but an indictment of social apps. Apps like this are way too hard to moderate, manage and verify. They quickly get swarmed by bad actors and misused. Again, not because women don't have genuine safety concerns in the dating world but because apps are not a viable way to manage those concerns.
Some social problems just don't have technological solutions.
gitremote · 12h ago
Like online reviews, if 10 women reported that the same man was violent, would you see it as 10 data points or 0 data points that say nothing?
prisenco · 12h ago
You know the answer to that is zero. There is no viable system a company, let alone a small unfunded startup, could use to verify the identity of the reporters let alone guarantee the trustworthiness of the account.
Those ten reports could be made by one person. That one person might not even know the person they're accusing. That one person might be a man. That one person might be a bot.
You'd have to ignore the last three decades of online identity, trolling and social media pitfalls to not recognize that.
And please don't compare reviewing a can opener on Amazon to accusing someone anonymously of a heinous crime on an app built by one person.
But I'm not sure I'm going to convince you with words so I'll suggest this:
Go and build this app.
Build it, see what happens. Nobody else has been able to crack this but maybe you can.
qcnguy · 11h ago
A few days ago a video leaked of a woman riding in a Mexican taxi, who was demanding the driver went faster. He refused because it'd be dangerous, and she immediately started threatening to report him as a harasser to the police. She even said he had to speed up or else the police would be waiting for him when they got there. She didn't realize her whole conversation was recorded on camera.
A lot of men have had experiences like this one. Either directly or they know someone it happened to. Yeah #NotAllWomen but way too many will exploit the feminist #BelieveAllWomen culture to gain even trivial benefits. An app devoted to letting women anonymous gossip and engage in reputation warfare without fear of consequence, or even fear that the man might reply in self defense, is going to get flooded with women like the taxi passenger.
9dev · 11h ago
"A lot of men" is doing a lot of heavy lifting here.
Go read some statistics on the number of women harassed, abused, raped, and killed every day—every single day—because they are women.
Go ask your mother, your sister, your wife, your female best friend, when they had their last abusive encounter.
Go ask your friends of both genders what the worst things are that could happen to them when walking home at night, and compare the responses.
Go read some historic accounts of how women were treated for… pretty much all of history.
Go look up news articles of what can happen to women when riding a taxi. Spoiler: it’s not just a threat.
Yes, there are some abusive women out there. Yes, it’s fucked up when that happens to you. But trying to insinuate the levels of violence against men would be even remotely comparable is just plain awful.
lazide · 6h ago
By the time a man has hit his 40’s, it is exceptionally uncommon he hasn’t seen someone hit with a false rape claim - or had one himself - by a vindictive ex. Or has been threatened with (or directly attacked) with physical violence.
By people going on the same sort of rants like you just did.
Some People are terrible, especially when they think they can act without consequences.
Does that excuse men doing bad things too? No.
But it sure does (or should!) make anyone with a brain question hyperbolic claims of abuse or violence without actual evidence.
Fogest · 7h ago
> Do you think a women's dating safety app is mainly about women lying
That's not what it is intended for, but many people after relationships end can be extremely emotional and sometimes very spiteful. It's not uncommon for people to embellish or lie about the truth to make themselves look better and the other person look shitty. Especially if you're the one being dumped, you may be even more likely to engage in petty behaviour.
I personally have experienced an ex making up a sexual assault story. This kind of app didn't exist then, but she even went as far as reporting me to the police. Luckily the police investigated and could easily discern it was a lie. Going to the police is obviously a much higher burden than using an app, and yet many females still go make false SA claims there. Do you really think it wouldn't be a common problem for people to do the same in an app at a much higher rate?
People often believe things like SA claims without any evidence and will often even attack people trying to defend the person or insist on some kind of proof. It means that someone making up bull crap on these apps is going to be treated like it is true, yet the rates of lies would likely be pretty high.
People can just be so crazy when it comes to relationships/love. Especially when it comes to people in their teens or early 20's, the brain isn't fully developed and dealing with these emotions is even more challenging and leads to even more rash decision making.
Mawr · 2h ago
> because it's rare for men to stalk or sexually assault women?
The more common it is, the more damaging false claims of it are. It's a self-defeating linear relationship.
bawolff · 12h ago
That's not really relavent to whether someone is going to get sued for defamation.
It might be relavent to who wins the lawsuit, but sometimes the mere existence of a lawsuit is pretty painful.
gitremote · 12h ago
Sure, and what was proposed was suing the women for warning others about an allegedly dangerous man, not suing the man.
Levitz · 11h ago
>for warning others about an allegedly dangerous man
I mean if witches didn't do anything surely they wouldn't be hunted down.
GoatInGrey · 12h ago
We grant a tremendous amount of leeway and power to accusations made by women against men in society today. There are always honest people using things for their intended purpose. Though they are also dishonest people using things for their own ulterior motives.
A well-designed system will maximize utility for the former, and minimize utility for the latter. An app where women can leave what are practically anonymous reviews for men is not such a system.
xhkkffbf · 12h ago
I'm sorry and I'll be voted down for this, but I do think that it will attract plenty of fibbing and deliberate or not-so-deliberate stretching of the truth. Anyone who is rejected tends to be a bit angry about it. In this case, women who are ghosted can say whatever they want.
This isn't all of the people, but in my experience in life it's more than enough to make this app impossible to filter.
mjbroe02 · 12h ago
That doesn't apply when you publish information for broad consumption. Then it becomes libel. People need to realize that posting on a site where you can reasonably expect that your words may be consumed by the masses makes you a publisher. That comes with responsibilities and is not protected the same way as an individual's personal speech.
DocTomoe · 11h ago
So all I need to do to mark another guy (who might be, for example, competing for a job I want, or a certain woman's attention) as a rapist on a platform that's used by people in the location this guy lives in in the US is a (fake) female driver's license, a photo of the guy in question, and a name?
coolcoolcool. I'm sure that neverever gets abused horrifically.
hyperliner · 13h ago
Not if it’s libel or slander, both which are generically defamation.
gitremote · 13h ago
It's not defamation if it's true. Why do you think women warning other women about rapey and stalker men are mostly lies? Even if it's only 5% of men, wouldn't the discussion focus on that dangerous 5% over persecuting the innocent 95%, as a matter of self-preservation?
GoatInGrey · 12h ago
An irony in this conversation is how normalized it is for women to be concerned about men as a demographic when it's only a small minority that inflict harm. While it's controversial for men to be concerned about women as a demographic when it's only a small minority that inflict harm.
I still maintain my pet theory that this is a downstream effect of the normalization of paranoia around pedophiles that began hitting the mainstream in the '80s. The modern world is exceptionally safe, yet to the average person, it feels exceptionally dangerous.
...While I've got the hood up, I'll continue soapboxing.
I've started seeing rare instances such as a young woman walking around a corner and there is a man rounding the same corner, surprising her by mistake, and the woman starts crying or breathing in a panicked way, unable to regulate herself for several minutes. It's not always walking around the corner at the same time, but there's a common pattern of being surprised by a man just going about his day and experiencing a severe fear response to that interaction.
When I look at a lot of cultural related issues today, beyond just gender, I see many signs of pervasive psychological issues. I don't know what the solution is, but I'm very confident that the root cause is more complicated than something you can describe in a single sentence.
bcrosby95 · 12h ago
Maybe it's different now, I have no clue, but I'm in my 40's now and don't make a habit of hanging out with 20 year olds.
But I was friends with my wife's friends before we got married, and in a sample size of ~20 women my age, every single one of them has experienced inappropriate and unwanted touching in social settings. And a large number of them were victims of outright rape.
In comparison, I have many male friends and of them, I only know one who has been wrongly accused of sexual assault (the lady openly talked about doing it to help with a promotion...)
So even if both sides may have a few bad apples, one side is a much more prevalent problem when it comes to the number of victims.
gitremote · 12h ago
> An irony in this conversation is how normalized it is for women to be concerned about men as a demographic when it's only a small minority that inflict harm.
The same hypothetical 5% can inflict harm to multiple women, that's why multiple women and girls complained about Epstein and Trump.
gitremote · 13h ago
What was leaked was women's personal data, like driver's licenses. What they shared with each other was their experiences with men who sexually assaulted them or stalked them and their names, not the men's personal data.
Men's driver licenses were not distributed online. Only women's driver licenses were distributed online.
quietbritishjim · 12h ago
I'm not familiar with this app, but surely those accusations of sexual assault are only useful to other users of the men are sufficiently well identified?
gitremote · 12h ago
Name and photo.
9dev · 11h ago
So… Personal data?
tgsovlerkhgsel · 54m ago
The article says that what gets shared with the app is a picture of the man, and it's not just "those who sexually assaulted them or stalked them" but anyone they want feedback about.
I assume the app then runs facial recognition.
This may be legal in the US, but not under GDPR. Pictures of faces are biometric data (explicitly listed as such), which falls under additional restrictions beyond personally identifiable information.
A drivers license with the picture blacked out would be less sensitive than the picture itself!
fkyoureadthedoc · 13h ago
> By this logic: I suppose glassdoor, yelp, or Google reviews aren't legal either?
Imagining a future where I have to pay Tea to promote and astroturf my profile or they lower my rating, and pay bot farms to post glowing reviews
fragmede · 13h ago
In this future that you want me to imagine, do you imagine, that I'm imagining that I am poor or I am rich? Because oh man, I didn't have much luck at the lottery or at blackjack or craps or startups or crypto, but I'm sure, this time, AI is gonna help me strike it rich!
Yes, as far as I understand, you upload pictures of men, either taken in the wild or from dating sites (Tinder) against their will. I am pretty sure that this would be illegal in some jurisdictions. Especially EU.
ajuc · 12h ago
Companies aren't people (despite lots of people pretending they are).
arrowsmith · 13h ago
> Peeple failed because they couldn't eliminate bias and gossip against anyone
Without bias and gossip, who would even want to use the app?
dyauspitr · 7h ago
Almost everyone? And not in a cheap throwaway comment way, I mean genuinely. The value is that it’s informative not a gossip rag.
theflyinghorse · 2h ago
I don't think you understand humans. Spicy social gossip is far more attractive to people rather than anything informative.
givemeethekeys · 11h ago
There are large Facebook groups dedicated to "Are we dating the same guy?" / "Are we dating the same woman?" that predate this app.
Fogest · 7h ago
A lot of these groups have also had people get successfully sued for defamation.
ssalka · 8h ago
I would imagine Tea enjoys protections from Section 230, same as all other social media sites.
carabiner · 14h ago
It's exactly like Lulu which shutdown due to privacy issues.
Every couple years someone tries this and it immediately turns into a cesspool because no matter the good intentions of the makers, it attracts the worst kind of person as active users.
It gets shut down, everyone forgets, then someone eventually has a brilliant idea...
It come from a place of sincerity but defenders imagine everyone would use it for the same reasons they would: Warning people of genuine threats in the dating world. They would never use it for gossip, or revenge, or creative writing, etc. so they don't imagine others would.
But at scale, if generously only 0.1% of women in America are bad actors that would weaponize this app, that's over 150k people (not to mention men slipping past security). And the thing about bad actors is that one bad actor can have an outsized effect.
junto · 11h ago
These kinds of apps are already in existence across many cities in the world in the form of informal, invite-only WhatsApp and Telegram groups.
The problem is the demand is there for such groups and I see posts that range from, “this guy tried to get me to get in his car”, or “man exposed himself to me”, to “man has twice approached children at my child’s school” or “I was drugged and raped after meeting with X on Y dating app”.
Lots of sexual attackers are known to multiple women.
Fact is that in lots of countries rape kits don’t get processed, it’s hard to secure a conviction, many serial sex offenders walk free and many women don’t want to go through a reliving of their trauma in court.
As a result these kinds of groups are very useful, not just for women who are actively dating, but for women who are simply existing in day-to-day public life. We have a president and a supreme court judge who both have been accused of serious sex offenses and nothing happened.
Is there a chance that some man who has done nothing wrong, gets accused by a woman in these groups? Yes of course there is a chance that could happen, but many would prefer to not take the risk of dating someone that has been accused of being a sex offender and the vast majority of posts with confirmation by multiple women confirm that bias.
These groups help keep women safer than without them. There’s a good reason why many women just don’t date at all any more. Covid lockdowns reminded them that they don’t really need it and it’s more hassle than it’s worth.
Sadly the vast majority of men are fine (not all men), but not enough call out the bad and dangerous behavior of a minority of their friends and peers. Until that happens women will be drawn to these apps and groups to try to be safer and not be a part of a sex crime statistic.
prisenco · 11h ago
"invite-only" is key because it requires a trust relationship, if not directly then through minimal degrees of separation. While not perfect they can basically work while apps for the general population cannot because there is no trust between the users.
junto · 11h ago
Indeed. This trust is a critical point. The invitation mechanism is a web of trust. Not infallible but better than these apps that try to centralize that through identification.
carabiner · 6h ago
> Is there a chance that some man who has done nothing wrong, gets accused by a woman in these groups? Yes of course there is a chance that could happen, but many would prefer to not take the risk of dating someone that has been accused of being a sex offender and the vast majority of posts with confirmation by multiple women confirm that bias.
The concern of false accusation appears to be... brushed aside. Are you a man? How would you feel if you were falsely accused? Knowing that this could snowball into being doxxed, having your employer informed etc. Innocent men have been jailed for this.
carabiner · 12h ago
There needs to be a startup accelerator or VC that solely focuses on recycled ideas. We could have an app that gathers strangers for dinners, one for reviewing people, and so on. Since all of these gained traction at some point, the idea would be you get 1-2 quick puffs of these discarded cigarette butts before selling or shutting down. Just vibe code it, go viral, collect some subscriber fees, then close due to whatever reason.
The answer to your last two questions is found within section 230 of the Communications Decency Act.
pdabbadabba · 11h ago
> “False slander” is not a thing.
It's only not a thing because, in the U.S., it's redundant. In other jurisdictions, it might be a thing, because there are places where a claim can be both defamatory and true.
No comments yet
xhkkffbf · 12h ago
I believe that at least one person has gotten a posting removed about himself by complaining directly to Apple. He presumed that Tea wouldn't care.
Whew, one look at his account and I can imagine what women who've been on dates with him would be saying haha
kingkawn · 9h ago
That dude is a pos tho
exiguus · 13h ago
A gray area in my eyes. As a father, I think it's good that my daughter uses the app.
You only need to look at the statistics to see how many women are killed by their male partners every year.
thefourthchime · 13h ago
It's harmful to spread this kind of fear. Statistically it's less than 0.05% of women die because they are killed by their partner. This puts a stigma on men in general as some sort of dangerous savages.
standardUser · 12h ago
As a man, I find it absurd and even dangerous to not attach some stigma to men. That you feel the need to invoke "dangerous savages" is maybe your own prerogative, but by any sober and fact-based analysis it is indisputable that women are justified in acting cautiously when dealing with strange men.
fsckboy · 9h ago
mothers are more than twice as likely as fathers to kill their children. and the same is true for child abuse and neglect.
humans in general act like psychos, the danger comes more from the size differential than propensity to act like a jerk.
standardUser · 9h ago
Most violence is perpetrated by men. If you're only response to that hard, cold fact is some stat about infanticide, maybe you're not honestly grappling with the issue.
throwawayq3423 · 1h ago
Most violence is perpetrated by men, but men are also equal victims.
throwanem · 9h ago
I'm justified in acting cautiously when dealing with strange pit bulls, too. That isn't the same as saying pit bulls deserve to be stigmatized. Or I don't think it is.
guywithahat · 13h ago
It's also leads to racism when people break down relationship violence by race. It's a dumb argument that helps no one
cauch · 12h ago
I think the problem is not the statement, but the conclusion.
Do we have more physical violence from men towards women than the opposite? I think I saw that the reality is yes. Does it mean that men are biologically coded to be violent, or is it a question of education and culture?
If you conclude the second one, it is not "sexist" (on the contrary, it may even be that the culture that creates the problem is itself rooted in sexism and that acknowledging some reality about its existence may help changing this culture), and does not imply prejudice against men, just acknowledging that we need to be careful in case of bad apples.
It still means that talking about this requires to be very careful.
To react on your example, I think it is a good think to notice if some population have a bigger problem at this subject than others, and we can then identify more easily the places where this problem forms and target these places. But people who concludes "look at violence divided by race, so I can generalise and be prejudicial to everyone in some race and not other" are idiots.
belorn · 12h ago
The statistics is a bit more complex and nuanced than giving straight answers. Studies looking at any form of violence in partner relationships shows both women and men having equal amount. When looking at physical violence, especially those that lead to people being charged with a crime, men are over-represented in heterosexual relationships.
However, homosexual relationships has equal rate of partner violence as heterosexual ones. A bisexual woman that has a relationship with an other woman will double her rate of physical violence compare to relationship with a man (statically). A man who has a relationship with an other man will half his rate of violence. This makes no sense at all (unless we believe that sexual orientation is an factor for violent behavior), unless we add a additional factor of sexual dimorphism. Men are on average larger and more muscular, and there seems to be a correlation between being the larger/stronger and using physical strength/fists during a fight. The smaller person is in return more likely to use tools or other means of violence. Statistically, fist also has a higher probability to do damage than improvised weapons, since people are more proficient in using their fists.
Does it mean men are biologically coded to be violent? No. Is it a question about education and culture. Maybe in some countries/cultures, and it wouldn't hurt to use the education system to teach people conflict resolution. Getting people who are physically larger to not exploit that fact during a heated fight is likely a hard problem to solve on a population level.
cauch · 9h ago
Not sure what is your point.
I think "any form of violence" is not a constructive direction. First, this ends up being very subjective: between 2 forms of psychological violence, which one is the most violent? Secondly, if indeed it is cultural, it implies that different sub-culture may have different ways of acting, so we can always play the subgroups to make it says whatever we want. But most importantly, it is not very relevant for our context: in the case of the first interactions during heterosexual dating, pretending that men risk as much as women seems a very unconvincing claim, for several reasons (even if under-represented it should be under-represented to an unrealistic level to reach an equal level, and it also does not fit with plenty of cultural tropes (I can find a video explaining explicitly that manly men need to dominate their female partner. I'm sure it exists, but the simple fact that I cannot easily find a video explaining explicitly that womenly women need to dominate their male partner shows it's not that of a trope. On the other hand, I can also easily find videos about "trad wife" that will explain that a womenly woman must be with a dominating man))
For the rest, I think we say the same thing: talking about the visible issues is not a problem in itself, but people instrumentalising these issues to be racist or sexist are the problem.
Dylan16807 · 3h ago
> Not sure what is your point.
If it's almost all about the size of the specific two people in a relationship, it's a terrible terrible idea to aggregate that by gender, leading to completely misplaced wariness and judgement.
hdgvhicv · 12h ago
Men are more likely to be victims of violent crimes than women
standardUser · 11h ago
Yes, primarily by other men as we all know.
cauch · 9h ago
Not sure what is your point?
It feels a bit like saying "there is a bug in software X, but there is also a bug in software Y, so let's not fix the bug in software X".
Of course, men also suffer from problems.
It even feels that it is usually also due to machismo or something similar.
Sometimes, it feels like the majority of men's problem is in fact self-inflicted by the manosphere. They both complain of suicide rate, army draft, violence against men, but they also promote a culture of not-showing-emotion-otherwise-you-are-not-manly, a-man-is-worthless-if-they-dont-succeed, army-is-manly-and-women-are-weak, a-man-should-show-dominence-and-other-men-are-a-threath, ...
People likes to see things in black or white, but the reality is more complicated, and there is no advantages that does not bring also some disadvantages.
exiguus · 12h ago
The context was a dating app.
And yes, men are also victims by men.
standardUser · 12h ago
Race is America is extremely idiosyncratic. Gender relations exhibit a far more consistent dynamic cross-culturally.
octopoc · 11h ago
Calling it "extremely idiosyncratic" is not indicative of reality:
> Black people are the most likely to experience domestic violence—either male-to-female or female-to-male—followed by Hispanic people and White people.2
Centers for Disease Control and Prevention. The national intimate partner and sexual violence survey: 2010-2012 state report.
> Asian people are the least likely to experience intimate partner violence.[1]
You misunderstood my comment and instead gave examples that further support the idea that race relations in America are unique and particular to our history and geography. That's why race statistics in the US are not well-suited for cross-cultural comparison, let alone for drawing gargantuan conclusions about inherent racial traits (as racists are often looking to do).
exiguus · 12h ago
The risk of females being murdered by an intimate partner is five times higher than for males. And murder is just the very end of the spectrum.
And by definition, calling out men, is not racism.
Rebelgecko · 12h ago
Are there other groups that are 5x more likely to commit murder? Even if there are, IMO we shouldn't judge every member of that group for the actions of a small minority
exiguus · 12h ago
Are we still talking about a App that helps with dating?
standardUser · 11h ago
Your inability to distinguish between race relations in America (and the extremely specific history that caused it) and the all-but-universal imbalance in violence between genders, makes your race-baiting comment a little too transparent.
HPsquared · 12h ago
It's better to think in terms of overall life damage and "quality of life years lost". I think it's very debatable which side loses more from getting involved in relationships.
adolph · 11h ago
> Statistically it's less than 0.05% of women die because they are killed by their partner.
2020 USA Per Capita Count of Mortality Event: Assault(Homicide), Female: 0.00139%
Statistically that is a rather small number. But if we take the number of women in say, America, a web search says 334.9 million. 0.05% of that is 167,450. That is quite a lot of women being killed by their partner.
deathanatos · 12h ago
According to the UNODC[1], in 2023, the rate of all murders of women in the US was 0.00205%. (2.05 per 100,000) Partner violence appears to account for ~34% of violence against women[2] (but vs. 6% for men), so that would be 0.697 per 100k or ~0.0007%, or ~1190 women/yr in the US[3]. Assuming I've done the math right… the risk is more than two orders of magnitude smaller than what you came up with.
> Partner violence appears to account for ~34% of violence against women[2] (but vs. 6% for men)
And this is sort of the point of the comment higher up: when you cut the stat this way, it seems like men are wildly dangerous creeps. But it is a statistic comparing one group to another group. We need to instead look at the absolute rate of partner violence to decide if men are on the whole violent murders or so, and there, the overall risk is low.
[3]: (I've assumed a round population of 340M for the US, with 50/50 gender, just an approximation.)
adolph · 11h ago
> when you cut the stat this way, it seems like men are wildly dangerous creeps.
Not exactly. The statistics didn't specify the gender identity of the perpetuator, just the relationship to the victim and the gender identity of the victim.
kgwgk · 12h ago
> the number of women in say, America, a web search says 334.9 million
Doesn't look correct.
pbhjpbhj · 11h ago
USA population is c.350M total, so they're probably off by half.
That looks like the general population of the US, and is out of date, it’s 340m+
edmundsauto · 12h ago
5k women are murdered in America each year, fwiw.
18k men are murdered. But women are murdered by their partners at a higher rate.
exiguus · 12h ago
I don't know were you have this numbers from, but in 2021 34% of women were killed by partner and 76% of women where killed by a known person (family, friends, colleges, partner) [1].
That’s out of women who were murdered or killed in manslaughter cases. OP was talking about base rates. 5000/170000000 is about 0.03%.
GoatInGrey · 12h ago
Your wording here is clumsy. You're saying that 34% of the adult female population was murdered by their partner. I'm assuming you meant female murder victims and not women in general?
exiguus · 12h ago
To clarify, its about murdered victims. I thought this was clear. I thought we are still talking about partnership and dating.
K0balt · 12h ago
I think poster is looking at mortality risk, not mortality cause.
qualeed · 12h ago
Your stats are for murder victims. I assume that the parent poster was talking about all causes of death.
I have no idea if their number is correct for that either.
exiguus · 12h ago
Could be. But I'm not. And the context is App for dating.
qualeed · 12h ago
>But I'm not.
But... you're trying to correct their statistics?
I agree with you that in the context, your stats maybe make more sense. But if you're going to correct someone, you generally should recognize what they were trying to communicate in the first place.
exiguus · 12h ago
I don't want to imply that someone tried to find the smallest possible number in order to deliberately misunderstand my comment, but we are still in the context of the dating app.
jameslk · 12h ago
I keep seeing the defense for Tea as an app for women’s safety, which is of course a valid concern. Wouldn’t it make more sense for a service to exist, like some kind of enforcement service provided by the government, where others can report safety concerns and that service goes and does something about it legally?
If such a service exists and isn’t being too effective, shouldn’t that be worked on?
My guess is that there’s more to the reasons for why Tea is popular but the safety argument is largely being used to defend it
ronsor · 11h ago
> Wouldn’t it make more sense for a service to exist, like some kind of enforcement service provided by the government, where others can report safety concerns and that service goes and does something about it legally?
I think this is called "the police"
sali0 · 5h ago
No it's called sarcasm
blks · 12h ago
Online men-dominated forums often dislike and feel personally attacked by people talking about sexual abuse/harassment done by other men. I guess they immediately imagine themselves being falsely accused of such acts, rather than being a woman that is attacked.
saparaloot · 13h ago
You still think so?
jabjq · 13h ago
I wonder how well-received this comment would be if it mentioned crime statistics regarding something else than gender.
webstrand · 15h ago
Not only that, I think they're forfeit their Section 230 protections since they're exercising editorial control by excluding males from the platform. So they'd be directly liable for any defamation they publish on their platform.
pridzone · 14h ago
It would be in Apple and Google’s best interest to pull these apps immediately. Multiple Supreme Court justices have indicated an interest in narrowing the breadth of section 230 immunity. This app, structured entirely around effecting the reputation of private individuals, provides a relatively clean case to do so. It’s not a stretch that the app could be considered a ‘developer in part’ of the content it hosts, and thus lose section 230 protection.
A narrowing of section 230 would not be good for Apple or Google, though they wouldn’t face any liability for the Tea apps conduct.
mikeyouse · 15h ago
That's not how 230 works - why do people keep parroting this misinformation?
It continues to confuse me that the publisher/distributor distinction that section 230 was meant to remove (created by prior Federal court decisions) gets so frequently interpreted as if section 230 had been intended to establish it.
To me this feels as if people widely thought that the Apollo Program was intended to prevent people from traveling to the moon, or Magna Carta was meant to prevent barons from limiting the king's power, or Impressionism was all about using technical artistic skills to depict scenes in a realistically detailed way.
webstrand · 15h ago
Because it's really good misinformation, thanks for the link. I had no idea that it was effectively unconditional protection.
magicalist · 13h ago
> I had no idea that it was effectively unconditional protection.
Defamation is still not protected, it's just the person who posted it who is liable. Meanwhile the site's "editorial control" is protected by the first amendment, not section 230.
JoshTriplett · 12h ago
Huge credit for actually updating in response to evidence.
Nasrudith · 6h ago
Because they seem to want it to work that way and seem to think that by spreading the misinformation that it will somehow change the way the law is interpreted.
oc1 · 2h ago
Wait, the app does what?
> The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.
What exactly does this mean? Which information is exchanged without consent of these people? This seems to me more problematic than the actual topic of the data breach.
iforgotpassword · 2h ago
You can use that app in different ways:
1) you dated a guy on tinder, he became all pushy on your first date, touched you inappropriately even though you said no. Or some guy became violent during your relationship and you even found out he has a history of that.
2) you dated a nice guy but he dumped you for whatever reason, and now you want to get back at him so you make up stuff like mentioned above, and post it there.
raincole · 6m ago
In other words it's a slander platform. Got it.
eastbound · 8m ago
3) You’re in competition with someone at work and you want to make his life difficult. You want to blackmail someone into promoting you, etc.
dash2 · 1h ago
Gossip about the opposite sex is probably the world's oldest social activity. The problem is that the internet lets it happen at industrial scale, and obviously that can be misused or have dangerous unintended consequences.
ok123456 · 10h ago
We need to stop allowing companies that are not directly engaged in financial services to request government IDs.
Facebook shouldn't legally be allowed to demand an ID any more than this disaster of an "app."
Now tens of thousands of people will be subject to identity theft because someone thought this was a neat growth hacking pattern for their ethically dubious idea of a social networking site.
Revisional_Sin · 3h ago
Unfortunately for some of us, the UK has gone the opposite direction. We now have to verify our age (or use a VPN) before accessing certain websites.
This is fine if you have a secure tool to access. It's not okay if you just try to spin up your own solution.
1123581321 · 10h ago
A secure Know Your Customer API would be a useful service for Apple and Google to provide to developers. It could scan the ID and reveal individual pieces of information with permission to the application or multiple applications. Forgive me if it already exists and this app just wasn’t using it.
Interesting; thanks. That should connect to browsers' Digital Credentials API the other user mentioned.
codedokode · 9h ago
I am not going to show my ID to Google, especially given that it is a foreign company with dubious data collection history.
ronsor · 6h ago
You are going to show your ID to at least one foreign company with dubious data collection history, because the government will eventually force it on you.
ok123456 · 10h ago
Or we could deny providing "app" developers with any such information.
octoberfranklin · 4h ago
The crimes of creating or posessing a fake ID are distinct from the crime of knowingly using one, an act which has the peculiar name "uttering".
Simple solution: decriminalize uttering to any person who is not an employee of the government or a regulated bank.
pavel_lishin · 15h ago
Good lord, why would they store those drivers' license images for an instant longer than it took to verify their users?
jsrozner · 14h ago
This. Appropriate regulation should make this an offense punishable by a large fine. There is almost no consequence to companies for bad practices.
Ideally you'd see fines in the 10%s of revenue. In egregious cases (gross negligence) like this, you should be able to go outside the LLC and recoup from equity holders' personal assets.
Alas, if only we had consumer protections.
dannyphantom · 13h ago
Absent broader regulation, we all know that apps like Tea depend HEAVILY on user trust. However, I am a bit concerned users either won't fully grasp the severity of this breach or won't care enough and end up sticking with the app regardless.
A somewhat embarrassing but relevant example: my friends and I used Grindr for years (many still do), and we remained loyal despite the company's terrible track record with user data, privacy, and security as there simply wasn't (and still isn't) a viable alternative offering the same service at the expected level.
It appears Tea saw a pretty large pop in discussion across social channels over the last few days so I'm pretty hopeful this will lend itself to widespread discussion where the users can understand just how poorly this reflects on the company and determine if they want to stick around or jump ship.
throwawayq3423 · 1h ago
"They just trust me. Dumb f*cks.."
ytpete · 11h ago
Or maybe require them to prominently disclose the breech to all current and future users on the app main screen for some period of time afterward (a year or two?). Sort of like the health-code inspection ratings posted in restaurant windows.
That cuts to the issue some other comments have pointed out, that user trust is really their most important capital – and with short attention spans and short news cycles, it may rebound surprisingly fast.
hdgvhicv · 12h ago
Companies, especially American ones, see data as an asset, rather than a liability.
The GDPR in Europe attempts to reset this but it’s still an uphill battle
dabockster · 13h ago
> Appropriate regulation should make this an offense punishable by a large fine.
And some kind of legal penalty for the engineers as well. Just fining the company does nothing to change the behavior of the people who built it in the first place.
ryandrake · 12h ago
I would at least love to see a public postmortem. What was the developer's rationale for storing extremely personal user data unencrypted, in a publicly facing database? How many layers of management approved storing extremely personal user data unencrypted, in a publicly facing database? What amount of testing was done that failed to figure out that extremely personal user data was stored unencrypted, in a publicly facing database?
ytpete · 11h ago
Requiring a 3rd-party auditor perform a postmortem whose results are posted publicly might be an interesting regulatory approach to this. Companies get shamed for their mistakes, and also the rest of the industry learns more about which practices are safe and which are dangerous. A bit like NTSB investigation reports, for example.
ohdeargodno · 11h ago
>What was the developer's rationale for storing extremely personal user data unencrypted, in a publicly facing database?
https://www.teaforwomen.com/about
>With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology to create a game-changing platform that prioritizes women’s safety
If you're lucky, a clown vibe coded this trash. If you're unlucky, he paid someone to do so, and despite his proven background about leading top Bay Area companies, didn't even think to check a single time.
The CEO is directly responsible for this.
ryandrake · 11h ago
Wow, so the entire company is a Founder and a Social Media Director??
> With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology
Blah blah blah blah blah... Just goes to show that you can write all sorts of powerful sounding words about yourself on your About page, but it doesn't say anything about your actual competence. I mean, I don't have a "proven background leading product development teams" but I sure as shit wouldn't make obvious amateur-level mistakes like this if I ever did a startup.
chemeng · 13h ago
In the US, professional certifications (PE, Bar, USMLE, CPA) exist to partially solve this problem when the certification is required to perform work legally. These are typically required in industries where lives and livelihoods of individuals and the public are at risk based on the decisions of the professional.
Joining in with some other comments on this thread, if the stamp of a certified person was required to submit/sign apps with more than 10K or 100K users and came with personal risk and potential loss of licensure, I imagine things would change quickly.
I'm personally not for introducing more gatekeeping and control over software distribution (Apple/Google already have too much power). Also not sure how you'd make it work in an international context, but would be simple to implement for US based companies if Apple/Google wanted to tackle the problem.
I think the broader issue is that we as a society don't see data exposure or bad development practices as real harm. However, exposing the addresses and personal info of people talking about potentially violent, aggressive or unsafe people seems very dangerous.
duxup · 15h ago
They shouldn't, but it appears to be a gossip app where by design they're also storing photos taken of other people (permission or not) and gossip about them...
They don't seem to value privacy.
Proofread0592 · 10h ago
I am just making a wild guess with no evidence to back it up, but I have a question and a potential answer:
How was this app going to monetize?
I'm guessing by selling user data, namely drivers license info to phone number.
hbn · 12h ago
This is what vibe coding gets us!
GoatInGrey · 12h ago
The cynical part of me feels like certain employees had uncontrolled access to the user data.
There would be a morbid irony in the idea of a tool marketed as increasing safety for women actually being a honeypot operation to accumulate very sensitive personal information on those very women.
throwawayq3423 · 1h ago
Honestly it doesn't matter that they didn't have that additional nefarious intent their incompetence and carelessness drove to the same result.
ytpete · 11h ago
Not a fan of the "vibe coding" hype, but is there any evidence that this app was built that way?
Mountain_Skies · 15h ago
According to another media report, the approval queue for new account verification was seventeen hours long. It's possible what the 4channers got was that approval queue.
IlikeKitties · 14h ago
No they got more, 23gb of files.
AlanYx · 14h ago
That's only a partial archive. There's another one with 55gb.
anonzzzies · 1h ago
Outsourcing job was it? Modern programmers are literally terrible at all basic stuff (who stores ID images in the db and then in the clear, do you have many other mental issues or what?) (I see startups like Resend making the same mistakes and still people use them, so there isn't much punishment even from people with half a brain) and AI is going to make it all so much worse. And a public bucket. I think it should be criminally liable to be that sloppy.
tonymet · 14h ago
Maybe this is a good time to think about what policy could help discourage these horrific practices (it sounds like their storage was unprotected)
* App Store review requires a lightweight security audit / checklist on the backend protections.
* App Store CTF Kill Switch. Publisher has to share a private CTF token with Apple with a public name (e.g. /etc/apple-ctf-token ). The app store can automatically kill the app if the token is ever breached.
* Publisher is required to include their own sensitive records ( access to a high-value bank account) within their backend . Apple audits that these secrets are in the same storage as the consumer records.
bawolff · 12h ago
Make company liable for damages when breached.
If you want companies to care about security then you need to make it affect their bottom line.
This wasn't the work of some super hacker. They literally just posted the info in public.
standardUser · 11h ago
There has to be a better way than just adding another deterrent to starting a company. Could there be an industry standard for storage security? Certification (a known hurdle) is better than "don't fuck up or we'll fine you to death".
LPisGood · 10h ago
I think fines are very reasonable. If you can’t safely do the thing, you should be punished for doing it. If you can’t safely safely do the thing then there is no issue.
bawolff · 11h ago
Certification is essentially "don't fuck up or we'll fine you to death" with extra steps. Especially because it mostly comes down to the company self-verifying (auditors mostly just verify you are following whatever you say you are following, not that its a good idea).
Its not like anyone intentionally posts their entire DB to the internet.
standardUser · 9h ago
Those extra steps help insult from penalties and lawsuits in a lot of cases.
ryandrake · 12h ago
This is the only way to deter this. Negligence and incompetence needs to cost companies big money, business-ruining amounts of money, or this is just going to keep happening.
tonymet · 12h ago
I agree, but relying on lawsuits is far too slow and costly . We can reduce the latency of discovery and resolution by adding software protocols.
bawolff · 11h ago
Having the threat of lawsuits is not really about the actual lawsuit, its about scaring people into being more careful. If you actually get to the lawsuit stage, the strategy has failed.
> We can reduce the latency of discovery and resolution by adding software protocols.
Can we? What does this even mean?
[Edit: i guess you mean the things in your parent comment about requiring including some sort of canary token in the DB. I'm skeptical about that as it assumes certain db structure and is difficult to verify compliance.
More importantly i don't really see how it would have stopped this specific situation. It seems like the leak was published to 4chan pretty immediately. More generally how do you discover if the token is leaked, in general? Its not like the hackers are going to self-report.]
tonymet · 6h ago
The signatures would appear in the drop . A primitive version would be file meta data or jfif. Even the images themselves or steganography could be used
bawolff · 4h ago
I guess, but it seems a bit like a solution that only works for this specific dump - most db breaches don't have photos in them.
My bigger concern though is how you translate that into discovering such breaches. Are you just googling for your token once a day? This breach was fairly public but lots of breaches are either sold or shared privately. By the time its public enough to show up in a google search usually everyone already knows the who and what of the breach. I think it would be unusual for the contents of the breach to be publicly shared without identifying where the contents came from.
itake · 11h ago
the problem is what are the damages? how much are those damages?
My SSN / private information has been leaked 10+ now. I had identify fraud once, resulting in ~8 hours of phone calls to various banks resulting in everything being removed.
What are my damages?
bawolff · 10h ago
I would suggest that damages should be punative, not to make the victims whole. So i dont think it matters.
admissionsguy · 1h ago
Punitive damages are no-go in Europe given they would mostly result in money transfers from the ruling families to common people.
GoatInGrey · 12h ago
That's a reactive measure. Certainly, it's worth pursuing. Though like the notion that you can't protect people from being murdered if you only focus on arresting murderers, there is a need for a preventative solution as well.
TZubiri · 10h ago
Maybe the idiot that published this didn't even form an llc, "waste of 200$"
beeflet · 14h ago
just use your brain and don't upload your face and driver's license to a gossip website. when I was growing up, it was common knowledge that you shouldn't post your identity online outside of a professional setting.
The onus is on users to protect themselves, not the OS. As long as the OS enables the users to do what they want, no security policy will totally protect the user from themselves.
arrowsmith · 14h ago
> just use your brain and don't upload your face and driver's license to a gossip website
Meanwhile, in the UK, new legislation requires me to upload my face and driver's license just to browse Reddit.
ronsor · 13h ago
The fact that UK politicians cannot use their brains is a separate issue. May I interest you in a VPN?
aydyn · 13h ago
You only require ID verification for NSFW subreddits, right?
Mindwipe · 13h ago
Nsfw includes subreddits that discuss beer.
GoatInGrey · 12h ago
You know, what's funny about NSFW is that a lot of things tagged NSFW are actually regularly discussed at work!
NekkoDroid · 10h ago
While true, using that logic I can say porn is also discussed at work if you work in the porn industry :)
On a more serious note, implementing such a law without also providing a 0-knowledge authentication system ready to use by the government is just so unbelievably stupid (for multiple unrelated reasons).
arrowsmith · 9h ago
All of Reddit is NSFW. Why are you on Reddit, you should be working!
selfhoster11 · 9h ago
And requiring KYC to access a subreddit marked NSFW is somehow legitimate why, exactly?
arrowsmith · 5h ago
Subreddits now 18-only in the UK now include:
r/ukguns
r/cider
r/sexualassault
r/stopsmoking
Think of the children!
qualeed · 13h ago
>just use your brain and don't upload your face and driver's license to a gossip website.
It isn't just gossip websites requiring this, and it isn't just gossip websites suffering breaches.
dvngnt_ · 14h ago
This is becoming more unfeasible as it becomes required to access online services like reddit, nexusmods, verification on dating apps. Sending facial, and documentation data is becoming mandated by governments across the world.
No comments yet
tonymet · 14h ago
The app store is auditing & restricting functionality within the iPhone, but the backend protections are a wild west.
"use your brain" is no substitute for security. This is a hacker forum. We think about how to protect apps. Even smart people have slipped up
Beijinger · 12h ago
Yeah, just upload the pictures of unsuspecting guys.
Sorry, well deserved ladies. It just made my day. ROTFL.
And please provide an app with all the names and pictures of the ladies who used it. So that I can easily check who not to date.
9dev · 11h ago
Nice, some unsolicited victim blaming!
adamrezich · 12h ago
Good thing our children will learn all about this at their mandatory Internet Literacy Fundamentals course they have to take in high school.
Oh wait—no such thing exists!
It's up to us to teach this to our children. There's no hope of getting the current generations of Internet users to grasp the simple idea that app/website backends are black boxes to you, the user, such that there is absolutely nothing preventing them from selling the personal information you gave them to anyone they see fit, or even just failing to secure it properly.
Without being a developer yourself or having this information drilled into you at a young age, you're just going to grow up naively thinking that there's nothing wrong with giving personal information such as photos of your driver's license to random third parties that you have no reason to trust whatsoever, just because they have a form in their app or on their website that requests it from you.
tonymet · 11h ago
education is helpful, but it's also inadequate. we need good drivers, and good driver safety systems. they go hand in hand.
even the most savvy consumers slip up, or are in a hurry. it's impossible to make a perfect security decision every time
benlivengood · 13h ago
In this case it appears to be a public Firebase bucket; shutting down the app wouldn't help. Quite possibly access to Firebase was mediated through a backend service and Apple couldn't validate the security of the unknown bucket anyway.
tonymet · 13h ago
Also about validating the backends, apple has the resources to provide a level of auditing over the common backends. S3, Firebase -- perhaps the top 5. It's easy to provide apple with limited access to query backend metadata and confirm common misconfigurations.
tonymet · 13h ago
I partially agree. At least the threat of app shutdown would be enough consequence for the publisher to take things seriously
benlivengood · 13h ago
I think iOS and Android already holds the threat of app store removal over developers' heads.
Presumably the risk/reward still favors risky practices.
tonymet · 12h ago
but it's not contingent on backend violations, only frontend ones. I'm proposing decoupled ways for app store validation to audit backend security.
Rendello · 13h ago
> Publisher is required to include their own sensitive records within their backend.
Now that's a creative solution! Every admin must have a table called `MY_PERSONAL_INFO` in their DB.
tonymet · 10h ago
wouldn't it be funny if the app store had to review it and make sure the personal info was sensitive and possibly humiliating enough . "sir your app has been denied because MY_PERSONAL_INFO table requires at least 3 d-pics"
tacker2000 · 10h ago
More power to app store reviewers? Please no. They already deny apps for random reasons and figuring out why is often a hair pulling experience.
tonymet · 10h ago
i agree about the power concerns, but where would you assign the authority if not the app store?
danparsonson · 7h ago
This is the kind of thing government regulation is useful for, when it works.
tonymet · 6h ago
In practice they delegate certification to a legacy and expensive certification authority
tbrownaw · 14h ago
Yes, pushing companies away from mobile apps and towards PWAs or even ordinary websites does sound like an excellent idea.
tonymet · 14h ago
it could be an enhanced certification like "Enhanced SEcurity" or "End to End security" to allow gradual adoption.
tbrownaw · 14h ago
So like those EV certs that turn the address bar green.
tonymet · 14h ago
better, in that the app store has more weight and more leverage to establish more comprehensive auditing.
The EV certs failed because general SSL identity is pretty weak. Consumers don't know how to use it to establish trust. There's no enforcement on how the names are used. for example, my county treasurer has me transfer thousands of dollars on a random domain name.
dabockster · 13h ago
The world is moving away from App Stores and walled gardens. Figure out other options.
bluescrn · 9h ago
The world was moving away from App Stores and walled gardens. And then I woke up, and returned to grim reality.
tonymet · 13h ago
that sounds preposterous . can you qualify that?
bigfishrunning · 13h ago
Linux is up to 5% of the desktop. Gog and Itch.io are DRM-free, and are slowly gaining ground against Steam. Fediverse networks are slowly gaining ground against traditional social media. Signal is more popular then ever.
There will always be lowest-common-denominator users, but there is clearly some demand for an alternative to the biggest 5 websites...
selfhoster11 · 9h ago
Meanwhile, an Android app for some random banking or government thing will require an attested boot chain measured all the way down to the stage 0 ROM burned into the SOC. That's not to say the open ecosystem isn't better, but to say it's winning enough to guarantee sustained general purpose viability is simply untrue.
ohdeargodno · 11h ago
>There will always be lowest-common-denominator users,
Interesting play, calling 95% of users "lowest-common-denominator". Those silly, blabbering morons that don't understand that they should be running Bazzite on their Framework laptops instead of using evil evil sofware.
>there is clearly some demand for an alternative to the biggest 5 websites...
This demand doesn't pay, and also happens to be some of the most demanding, entitled users you'll have ever seen.
TZubiri · 10h ago
>Apt install app
Mmmhmm
tonymet · 12h ago
i see thanks for clarifying
tonymet · 14h ago
* Mandate 3rd party auditing once an app reaches > 10k users
* App publishing process includes signatures that the publisher must embed in their database. When those signatures end up on the dark web, App Store is notified and the App is revoked
fn-mote · 14h ago
> * Mandate 3rd party auditing once an app exceeds 10k users
You have a lot of interesting suggestions.
I would love to see some kind of forced transparency. Too bad back-end code doesn’t run under any App/Play Store control, so it’s harder to force an (accurate) audit.
tonymet · 14h ago
also i remember maybe Facebook trying to do this when they acquired Parse. For a while they were promoting developers host their backends on Parse / FB .
The idea has merit. You have to relinquish some control to establish security. Look at App Store, Microsoft Store , MacOS App store -- they all sandbox and reduce API scope in order to improve security for consumers.
I'm more on the side of autonomy and trust, but then we have reckless developers doing stuff like this, putting the whole industry on watch.
tonymet · 14h ago
thanks. Yeah I think there are a lot of ways to decouple App store from publisher and auditor . That way the publisher can retain autonomy / control , while still developing trust with the consumer.
We could do better in our trade at encouraging best practices in this space. Every time there's a breach , the community shames the publisher . But the real shame is on us for not establishing better auditing protocols. Security best practices are just the start. You have to have transparent, ongoing auditing and pen-testing to sustain it.
gruez · 14h ago
>* App Store CTF Kill Switch. Publisher has to share a private CTF token with Apple with a public name (e.g. /etc/apple-ctf-token ). The app store can automatically kill the app if the token is ever breached.
How do you enforce the token actually exists? Do app developers have to hire some auditing firm to attest all their infra actually have the token available? Seems expensive.
tonymet · 14h ago
it could be made available just to apple servers via ACL or protected token. but no one else .
gruez · 14h ago
That still doesn't make sense. How does the ACL work? What prevents the usual shenanigans like cloaking to prevent legitimate detection from working? Moreover what secrets are you even trying to detect? The app API token?
No comments yet
TZubiri · 10h ago
I like the ctf one, but it would probably be hidden way deeper than the rest of the info.
1970-01-01 · 12h ago
"Breached"
1st sentence:
"exposed database"
We need a more nuanced headline here. They did nothing responsible. 404 should title this story with something that will blame them first and the 'hackers' 2nd.
ch_fr · 10h ago
Yeah, the term "breached" was a very poor choice, because it sounds like "this was breached recently" instead of telling "the database could be seen by anyone ever since the app's conception, and it only came to light today" which has much worse implications.
zahlman · 12h ago
My general observation thus far has been that submissions from 404media are rarely anything that I'd consider quality content for HN.
prophesi · 11h ago
I wouldn't go that far. What they uncover with their FOIA requests that the general public would otherwise never know about tends to be quality content. And, like the Wired, their FOIA-based articles aren't paywalled.
nis0s · 16h ago
How is this user data even reliable or useful when someone can make fake personas and populate their activity with LLMs?
Drivers licenses can be faked. Moreover, someone can just pretend to be someone else on this app with real drivers licenses.
The whole premise, implementation and process of Tea as a social media app is flawed, and a legal liability for the devs.
tamimio · 16h ago
I hope it served as a good lesson to the average person to be more cautious while submitting sensitive information like a government ID. Just because it's an app with a nice UI doesn't mean it's secure, let alone trustworthy regarding who owns it. Last week I was contacting a government agency here in Canada and the support team requested a government ID to be shared over email, which is anything but a secure communication. I tried to share it as a link to my vault, but they refused, so now either I will have to go in person or they will find another way in the meantime.
The internet went from 'YouTube asking users to never use your real name' to 'you have to submit your ID to some random app' in 10 years. Crazy!
xtracto · 13h ago
CEOs and board members should be personally criminally liable for shared personal information coming out of their platforms.
It's the only way they will push companies to STOP storing them long term.
I've been in several companies (mostly FinTech) that store personal sensitive documents "just in case". They should be used for whatever is needed and deleted. But lazy compliance and operations VPs would push to keep them... or worse, the marketing people
ronsor · 13h ago
To be fair to the FinTech companies and their leadership, banking and finance laws are so draconian to the point where you'd rather store (and risk leaking) sensitive data than face even bigger fines from the government overlords. If you want that to stop, get rid of the PATRIOT Act and reform the KYC insanity.
ethagnawl · 15h ago
> I hope it served as a good lesson to the average person to be more cautious while submitting sensitive information like a government ID.
This absolutely should not be normalized. If I'm ever prompted to submit photos of a government ID to some service, I'm turning heel. I'll try to use their phone service (which I just did successfully this week), correspond via mail or maybe, as you've said, handle it in person but I'm probably content to go without.
SoftTalker · 15h ago
The sad part is that your government ID is about as likely to be leaked by the government agency itself than it is by any third party that has an scan of it.
My driver's license is scanned every time I buy beer. I'm under no illusions that it's not quite readily available in any number of leaks or disclosures.
If that sounds defeatist, maybe it is. Nothing online is private. Once it's in a database, it's only a matter of time before it's exposed. History has proven this again and again.
wosined · 15h ago
I always do. I would have never made social media accounts if it required phone or ID. Thankfully I'm old so my accounts were made before normies flooded the net and started trusting everything.
dabockster · 13h ago
> Thankfully I'm old so my accounts were made before normies flooded the net and started trusting everything.
It wasn't "normies" so much as it was the leadership and early investors of Facebook shoving "just trust us" and FOMO literally everywhere online. The hype (and hope) in 2010 was REAL and almost all privacy related conversations were shut down on sight. Heck, I think I still have my copy of Jeff Jarvis's Public Parts (ISBN13 9781451636352) somewhere in my closet. Amazing read if you really want to understand the mindset in place at the time.
gitremote · 13h ago
You need to do this for background checks for employment, even though the employees for the background check service might be outsourced to a different country, and your government data had no protections in their jurisdiction.
hdgvhicv · 11h ago
Every hotel and his dog takes a copy of my passport, it’s basically public domain.
dabockster · 13h ago
> The internet went from 'YouTube asking users to never use your real name' to 'you have to submit your ID to some random app' in 10 years. Crazy!
Because we couldn't get anyone to take the internet seriously if it was just a bunch of anonymous pseudonyms trolling each other. And maybe that was a mistake.
hdgvhicv · 11h ago
When I started on the internet it was common to use real name, and indeed include things like addresses and phone numbers in usenet .sigs
lupusreal · 9h ago
It was definitely a mistake. The internet was not meant to be taken seriously. Measures like real name policies are designed to make people take it seriously but that is to the detriment of the users who do.
Just look at Facebook. Users with real names sharing all kinds of inane schizo nonsense, extremism, building echo chambers without realizing it, becoming completely divorced from reality as perceived by the majority of people around them in meatspace, because they section themselves off in cyberspace.
chatmasta · 14h ago
On the rare occasion when I have to do this, I blur the maximum amount of the image and watermark it with hundreds of lines of small red font saying “FOR EMPLOYMENT VERIFICATION BY $X_ENTITY.”
If they have a problem with it then I will gradually remove pieces until they’re okay. But I haven’t had to do this the few times I’ve used this tactic – it causes issues with automated scans but eventually some human manually reviews it and says it’s okay.
What I don’t like is the “live verification” apps that leave me no choice but to take a photo of it.
gruez · 14h ago
>What I don’t like is the “live verification” apps that leave me no choice but to take a photo of it.
That's becoming the norm now, presumably because of concern that people are taking leaked scans from one site, and using it to commit identify fraud (eg. getting KYC scans from crypto exchanges and using it to apply for accounts at other crypto changes, for money laundering purposes).
10000truths · 14h ago
You can use OBS to overlay your watermark on your webcam feed, then expose the composited output as a virtual camera that you select in the browser.
No comments yet
codedokode · 4h ago
You have a choice of not using such apps.
chatmasta · 3h ago
Apps like the visa application to Australia? Yes I suppose I could not use them.
octoberfranklin · 4h ago
At the cost of being excluded from a larger and larger part of everyday social life.
koakuma-chan · 15h ago
You can send it as an encrypted PDF, fwiw
add-sub-mul-div · 15h ago
If my license gets leaked and then a stalker shows up at my house, I will simply turn them away on the grounds that it was illogical to assume the license wasnt faked.
carabiner · 15h ago
> Drivers licenses can be faked. Moreover, someone can just pretend to be someone else on this app with real drivers licenses.
These are actually still very hard to do. I don't know anyone who would let me use their license for this purpose.
kashnote · 11h ago
I'm a firm believer that if you want to start a tech company, at least one of the founders has to have a technical background. Even if you outsource all the work, you need to be able to ask the right questions related to security.
It's not just that this database was accessible via the internet. It was all public data. Storing people's IDs in a public database is just... wow.
alibarber · 10h ago
But now we have amazing vibe coding tools that mean that you don’t need to be technical or whatever - you can just deliver results. After all, the best LinkedIn influencers and founders don’t care about how something is delivered, just what.
Yeah, we’ve finally, nearly, just got to the point where realizing that treating IT and security and such as simply a cost centre to be minimised maybe quite wasn’t leading to optimal security outcomes - to throwing it all away again.
jackdawipper · 10h ago
a few more of these incidents and they'll care a lot more
redeeman · 9h ago
thats a joke right?
TechDebtDevin · 10h ago
Isnt there like millions of misconfigured firebase dbs in the wild with no auth, some including fortune 500 companies?
Tech background isn’t sufficient. They need to have security background. Some of the worst people I’ve met with respect to security have been technical enough to have the wrong level of confidence.
TZubiri · 10h ago
Doctors need to study 5 to 8 years and pass rigorous exams
Attorneys the same
Structural architects and engineers the same
We have a couple of decades more until we lock tech up, up until now it was all fun and games, but now and in the future tech will be everywhere and will be load bearing
justahuman74 · 3h ago
By then we'll just launder the blame onto the AIs
Pigalowda · 6h ago
Tech is special! Think about the margins, the gains, the $$$!
I bet on greed. It always wins.
robotnikman · 13h ago
With all the state/countries starting to do ID verification, this is a good lesson in what can go horribly wrong with these types of policies.
throwacct · 10h ago
This x100.
poemxo · 1h ago
On X, one of the leaked pictures seemed to be a DoD ID card, and I wondered why Tea needed proof of someone's identity. Then I remembered Uber and Lime both want your drivers license. Facebook and Instagram supposedly request it too if your account gets locked. This is not a new normal I like.
loeg · 12h ago
"Safety" is doing a lot in this headline. It's a gossip app.
8f2ab37a-ed6c · 14h ago
Sad that a common response to "we might not want this app to exist" is "well, if you weren't cheating, you wouldn't have a problem with it".
Why do people want to live in a panopticon of their own creation, with random anonymous strangers morally policing, judging each other with zero consequence to them?
Don't think we'll ever learn our lesson when it comes to privacy, it will be Eternal September forever.
duxup · 14h ago
I think for many people see <cause> and any criticism of something that claims to be relate to that cause is seen as criticism of the cause and that's a full stop when it comes to thinking much further.
The irony in this case being that this app operates like a lot of creep subreddits and forums out there with people posting photos of other people without their permission and gossiping / telling stories about them...
8f2ab37a-ed6c · 14h ago
I agree that you could make a Tea app for every faction's favorite cause, and use "safety" as the justification: report your local communist, report your local infidel, report your local secret white supremacist, report your local secret Western imperialism agent, report your local suspected jihadi, report a homosexual, report a suspected illegal immigrant, report a local adulterer, report an apostate, report a kulak.. etc. chefkiss
Witch Hunt as a Service, with a delightful UX, a little gamification, and soon integration with your favorite apps. Coming to an App Store near you.
It's a useful app, as it helps men avoid the type of women who'd use such an app.
throwawayq3423 · 1h ago
Blaming women for wanting to seek out safety in this way is strange.
However there is something to be said about the crowd you find yourself with. If you assume this app to be necessary, I would assume your social standards are not high enough.
defrost · 1h ago
Tell us more about the lofty social circles that have no psychopaths.
What's the bar they cannot clear?
BizarroLand · 13h ago
How would you even identify who is on the app?
zetanor · 12h ago
The app conveniently offers its users' driver's licenses to the public.
oc1 · 1h ago
It's so sad that legally you can't even say this was an intrusion. All data was already public. Probably vibe coded by the ceo who has no technical competence in whatever he vibe coded.
jeroenhd · 12h ago
The leak contains drivers' licenses, but also location information. Someone on 4chan made a map of all the coordinates they could find and posted a public link.
So much for the "anonymous" app.
BizarroLand · 9h ago
I mean, if you were put on the app by an ex, how would you ever find out?
Fogest · 6h ago
I feel like that is part of the problem with it. Not only can somebody post about you make things up about you. You also may never know. And it could end up silently impacting you. Say you apply for a job and a female HR person checking your job application decides to use this app to do a "background check" on some of the males applying. If she sees someone on their saying you sexually assaulted someone, she probably isn't going to choose to interview or hire you. And she probably won't even tell you why. And the claim against you could be totally bogus.
This is the scary reality of an app like this, especially if it continued to go more mainstream.
bawolff · 12h ago
Because our entire civilization is built on recipricoal alturism, which requires reputation so that in the event someone defects it carries negative consequences to discourage defection.
8f2ab37a-ed6c · 9h ago
We're in agreement. Is an anonymous takedown app the solution for reputation management that enables civilization? If someone is trying to destroy your reputation, on which your entire livelihood depends, should you at least know who the accuser is, how reputable they are, what evidence they have? Do you want to give the Internet a magical button to destroy you on a whim?
bawolff · 4h ago
I actually agree with you that this sort of thing can have bad outcomes and thus comes with significant risk for abuse. Part of the reason reputational systems work in real life is that the people bad mouthing other people also face reputational consequences if they do so unfairly (over a long enough time period where it becomes obvious), which is something missing from this type of app.
But regardless i do understand the appeal. Dating apps suffer from basically being a low-information market place. There are of course the malicious people, which everyone has an interest in removing from the app. However even ignoroing that its a bit of a lemons market (if you excuse how dehumanizing the metaphor is). Its very hard to tell if someone is a good date just from their profile, and people who are good dates end up in relationships and exit the market quickly while bad dates stay in the market for a much longer time. Allowing some sort of review system does solve that problem - its worked in other domains, like uber drivers or what resturant to go to. So i certainly understand the appeal of why people would want this.
grokgrok · 9h ago
And these apps represent an attempt to privatize the state
octoberfranklin · 3h ago
To be fair none of this would be possible without the state-created identity infrastructure.
standardUser · 11h ago
I mostly agree, but it's different for women due to how frequently they are subject to violence and how comparatively defenseless they are compared to the average man. Many women (and men) would gladly give up some privacy in exchange for (perceived) safety. And any man who doesn't understand that is either lying or has never known a woman.
8f2ab37a-ed6c · 9h ago
It's fair that men and women have different challenges here. But humans are squishy and chaotic and self-interested, they're not angels of pure wisdom, fairness and justice. Giving someone a repercussion-free button to destroy someone else the instant they feel slighted, vindictive, threatened, jealous, disrespected, is a recipe for disaster. There's a reason these apps have not once worked sustainably, they always turn into a vile cesspool that brings the worst out of mobs.
I don't have a fix for this, it is entirely fair to want justice for the defenseless. At the same time I have a strong hunch that there is no problem-solution fit here, at least not with this sort of app.
redeeman · 9h ago
yeah because ALL women are the same, right? you seem kinda sexist here
standardUser · 9h ago
Low effort comments are against the site guidelines etc.
noisy_boy · 7h ago
What recourse would a man have against a woman who slanders him using this app just because X? Any person can have mental issues irrespective of gender.
bilekas · 10h ago
So it wasn't "breached" ... It was just so badly made that the bucket was public. Vibe coding ?
How is an app that allows users to post unverified and doxxing information about random men allowed on the IOS app store?
Apple had no issue mass censoring Parlor and others, how is an app like this able to reach #1 under all?
baobabKoodaa · 13h ago
That's because the doxxing was only allowed against men, not actual humans.
bigfishrunning · 12h ago
Sounds like you're someone who isn't dating men to begin with, and therefore don't need such an app for your "safety"
firstplacelast · 12h ago
I date men and don't think going against TOS or laws is okay even in the name of 'safety'. This app doesn't bother me and frankly I think more apps like this should be allowed, but it is hypocritical to think this should be allowed to exist and many others not.
cmxch · 15h ago
Safety for favored people, doxxing for the disfavored.
Truth.
StanislavPetrov · 15h ago
If big tech didn't have double standards they'd have no standards at all.
bitpush · 15h ago
There's only one guiding principle for Apple - and that's money. Dont let their privacy marketing ("Privacy is a human right") fool you otherwise.
mikestew · 15h ago
One could say that about any company (because "fiduciary duty", amirite?).
"Don't let Toyota's 'reliable car at a reasonable price' marketing fool you, they're all about money." Yeah, but does that preclude them from selling me an actually reliable car at a reasonable price?
bitpush · 7h ago
But when a company makes moral arguments ("We're better than others because of X") the bar goes up.
If Toyota says that we're the car company that cares about you, we want to keep you safe from the bad actors, and trust us on making right choices for you - and when you discover Toyota has been secretly building out an ad network, in bed with Chinese government, you have to call them out. And that's what Apple is doing.
Privacy is a human right, except in China where they are happy to go along with what the government wants. Google atleast had the balls to pack up and leave the country.
baobabKoodaa · 13h ago
Why don't you try uploading an app where men doxx & "review" women that they date on dating apps? See if Apple suddenly finds morals.
drak0n1c · 11h ago
Apple fired its Chief Diversity Officer when she said that white men with blue eyes can also count towards a diverse workforce. A purely non-monetary ideological capitulation.
I think it was a perfectly reasonable statement. But because it does not align with a recent radical redefinition of diversity, she was fired. Apple certainly wasn’t at risk of losing money over keeping her in that role.
throw838384 · 15h ago
Is there a way, to verify if potential partner uses this app? Or if they are in "are we dating the same guy" type of group?
I take doxing, stalking, revenge porn and cyber bullying very seriously! And I would pay good money for a background check, to stay away from such people.
generalizations · 12h ago
There is now.
codedokode · 4h ago
Ask her?
more_corn · 14h ago
Easy post negative information about yourself on there.
jeroenhd · 12h ago
You need to verify you're a woman with some form of ID before you can get into the app. Faking an ID and a picture can't be that difficult in the age of AI (especially not when the company that's supposed to verify you is this callous with their users' PII), but it's not as quick and easy as you suggest.
SrslyJosh · 14h ago
> And I would pay good money for a background check, to stay away from such people.
Buddy, believe me, women who are using Tea would pay to know that they need to avoid you too.
Seems like the simple solution here is for Tea to allow men to register and advertise themselves as not interested in Tea users, maybe by linking profiles from dating apps.
duxup · 17h ago
A flash in the pan gossip app that when it functions normally is not worried about anyone's privacy / accuracy ... also doesn't care about good policies or their user's privacy.
That seems about right.
darth_avocado · 15h ago
You could say that the *Tea has been spilt*
JohnMakin · 15h ago
Painting this as a "gossip" app seems extraordinarily reductive. Women have a good incentive to share info about and to one another for safety beyond "gossip."
darkwizard42 · 13h ago
Is it reductive? It also has good incentive for someone jilted or misinterpreting something to suddenly tarnish someone's reputation with little recourse for the other party. It is a one-sided review app for people in a way that people affected may never even know!
duxup · 14h ago
Go checkout the website, the first image is just two people gossiping.
This app operates just like an app some creep online would use, people post pictures (permission or not) and gossip about them.
jahewson · 13h ago
There’s also a ton of bad incentives for those women who lie, manipulate and abuse beyond “gossip”.
ryandv · 11h ago
Yeah? What are they?
BizarroLand · 13h ago
If guys had an app that women couldn't access where we shit talked all of our exes with photo evidence women would riot at the company HQ.
But then again, can't convince people as a whole that men are, on average, good and decent people with normal flaws just like women, and therefore deserve to be protected, loved, and appreciated equally.
"Your data privacy is of the utmost importance to us."
No it ain't.
oc1 · 1h ago
> At 6:44 AM PST on 7/25, we identified unauthorized access to our systems and immediately launched a full investigation to understand the scope and impact of the incident. Here’s what we know at this tim
The first sentence is already a lie as there was never authorization in place followed by more lies.
cmxch · 15h ago
A case for ironclad data privacy laws that allow people to pierce the veil and request deletion.
throwpoaster · 10h ago
Oh no, they doxxed the users of the doxxing app. Shocking (tiny violin emoji)!
jackdawipper · 10h ago
In 2008 when the GFC every company we worked IT for on contract fired their IT staff first. Two weeks later, we had bonanza period right through into the next year. They realised the hard way that those lowly cheap IT staff were quietly keeping them afloat. We charged a lot to fix their problems they created because their CEO thought IT was a waste of money.
This will prove security in IT coding is necessary, so enjoy watching the drama unfold.
IT security bonanza time. It wont be long.
indycliff · 12h ago
My guess, hired the absolute lowest paid developers and got what they paid for.
nonhaver · 3h ago
if im understanding correctly this was a public bucket? aside from the obvious leaking of data couldnt this also be subject to a DoW (denial of wallet) attack where a user could auto download all the images constantly on a VPS and cause a massive bill?
ungreased0675 · 7h ago
I’d like to start seeing legal jeopardy for companies that are careless with customer information. Make developers scared to retain anything they don’t absolutely need.
for someone who thought Tea was a good idea, what would be the objection be if this leaked contributor data were used to populate a similar app to warn men off?
octoberfranklin · 3h ago
There's no objection, but it doesn't work because men compete while women collude.
This has evolutionary origins. A man can, theoretically, father around a thousand children or more in the time it takes a woman to bear one. Sperm are cheap so those who need sperm (i.e. women) don't need to fight with each other. There's plenty to go around. Eggs are scarce so males of myriad species fight each other to the death over them.
It's just biology.
Frost1x · 13h ago
A rather brilliant idea I must say.
motohagiography · 9h ago
obviously it would be malicious and unethical, but since that didn't seem to stop Tea users, I'd be interested in what their arguments against it would be.
realsolipsist · 3h ago
Just wanted to add…I can’t sneed
thekevan · 9h ago
Just yesterday I saw tweets from someone popular in tech Twitter talking about how great it was that he helped the person who made this.
ridiculous_leke · 15h ago
You can get Apple Legal involved if your face is on the app and they should get the related posts removed.
cherryteastain · 14h ago
It's on a torrent. Good luck getting that removed.
schroeding · 14h ago
I think they mean the actual posts on tea itself, not the leaked ID photos.
jjangkke · 15h ago
- The fact that this app exists solidifies the data that a small group of men/women do most of the dating on tinder etc while the vast majority land dates far less if none at all.
- This creates distorted market supply and demand where those small group of men/women become sought after and its only human nature in that they value their supply less than the rest.
- Toxic behavior is expected from that small group of highly attractive people that do all the dating.
- It was only a matter of time before such app would run into legal issues or attract angry individuals. Now the damage to the leaked identities will be prolonged. With the AI tech today, the extent to which a damage can be done is unknown (ex. deepfake, impersonations, further doxxing).
- Tea user's driver licenses as well as selfies, usernames, emails, posts about their dates will drastically increase the surface area for lawsuits, fraud and exploitation by malicious agents.
- The users of this site and those that have directly posted images, details have opened themselves up to significant legal and criminal liability. Given these apps were probably popular in large city centers like California, NY have heavy punishment for digital harassment and privacy violations on top of the damages that can be claimed against them by the men who's information and details were posted.
- Tea is largely insulated from what the users post which means that their biggest exposure might be just neglect and failure to secure data which comes with a slap on the wrist.
Which will make it harder for Tea's userbase to claim large damages against it.
I read more details about this case and its beyond egregious. Unencrypted firebase and full public buckets. There is no hacking involved, the tokens were being used to pull data from roughly all 30,000 users of Tea and were only blocked short while ago.
Allegedly, 60GB of photos, user personal information, driver license, gps data being shared on torrent. A map of all 30,000 users tied to GPS data is being posted as well.
Given the extreme neglect to secure their data, I now believe Tea will be open to even bigger legal liability possibly criminal even.
IlikeKitties · 14h ago
> Allegedly, 60GB of photos, user personal information, driver license, gps data being shared on torrent. A map of all 30,000 users tied to GPS data is being posted as well.
Yeah, I wouldn't worry about the allegedly part, 4chan is dissecting that torrent as we speak, it's quite the party.
No comments yet
wosined · 15h ago
Let's be real you wrote men/women only to be PC. You really meant small group of men.
phkahler · 14h ago
>> Let's be real you wrote men/women only to be PC. You really meant small group of men.
Let me share a message I got from a woman I met a couple years ago on a dating site: "Just a side note about the dating thing on here. I get very annoyed with how horribly men take care of themselves or even try to communicate. Most men today on these sites are repulsive. It was refreshing to see you smile, and look nice. Thank you for that."
So it's not a bunch of red-pill alpha guys. I'm an average guy with basic manners and a lack of creepiness. Heck I was near my all time high weight at the time. Every single woman on those things has at least one story about a guy she met that will make you cringe from his behavior. My fav was the guy who sent a woman flowers before even meeting her - at her workplace! Dude the cyberstalking you need to do to pull that off is CREEPY AF - not romantic.
If you want to be in that top 10 percent of men the bar is incredibly low.
packetlost · 15h ago
No, it really does apply to both. Women who are not dating or are in a stable relationship won't use that app.
jjangkke · 14h ago
People with stable values and relationships most likely won't be on these apps. The wide acceptance of hookup culture via apps is not universal.
In some cultures, mentioning dating apps will immediately lead to negative assumptions and connections are done through vetted networks and specific establishments where "hunting" activity is allowed, some with even more boundary pushing that would be impossible in Western culture.
gruez · 14h ago
Not sure about what "some cultures" you're talking about, but AFAIK "dating apps" is the #1 answer (or at least in the top 3) to "how did you meet your partner" in many countries. They're not just for hookups. Many even market themselves as being for committed relationships, or have features to facilitate that (eg. filters).
arrowsmith · 14h ago
Yes but for the women who are on the app, the distribution of dates is much less skewed. (I assume.)
"An app was created to help women stay safe on dates and avoid creeps, proceeds to be hacked by creeps"
Not a great look here.
However, Tea could have done a modicum of cybersecurity work (or hired an outside firm) to prevent this. If they are claiming to want to keep women safe (and not just running a gossip board) then this should be a red alert for them.
No public acknowledgement is concerning...
Levitz · 10h ago
An app that was created to publicly share images and public information of people got the images and public information of the people sharing it exposed.
I don't know how can anyone feel wrong about this without feeling even worse for what was already taking place.
anonfordays · 7h ago
>However, Tea could have done a modicum of cybersecurity work (or hired an outside firm) to prevent this.
I have no doubt in my mind that this is what they did. An "outside firm" vibe coded this and delivered the results.
amelius · 12h ago
Isn't Apple supposed to protect these app users? I suspect a lawsuit is in the making.
spacebanana7 · 10h ago
There’s nothing Apple can really do about backend security of apps.
Conceivably these storage endpoints might’ve never been directly exposed to mobile clients, instead going through other proxies or CDNs.
honeybadger1 · 14h ago
it should have never been allowed to be published anyway. not trying to justify what is happening, but these kind of apps are historically abused and create more problems than they intentionally try to solve.
noisy_boy · 7h ago
At this rate what is even the point of dating for men? An angry ex can just ruin your reputation.
Ancapistani · 15h ago
I thought 4chan died a year or so ago?
Ugh. I’m clearly getting old. I don’t even remember the last time I went to 4chan.
tokai · 15h ago
It was knocked offline and a lot of journalists and bloggers spun a history about it not coming back. But it did.
linkage · 13h ago
It's unironically a stronger case for network effects than Facebook
Ancapistani · 14h ago
Thanks - this is context I was missing :)
morkalork · 15h ago
All the mods were doxxed too, but life uh finds a way?
jabroni_salad · 14h ago
that thing is a cockroach. It will survive every tech company you can care to name.
koakuma-chan · 15h ago
Firebase again lol
progbits · 15h ago
Letting frontend bootcamp devs think they can do backend was a mistake .
throwacct · 10h ago
Hahaha. Bet money they left everything accessible just by signing in into the app.
rozap · 4h ago
it's always firebase. always.
technion · 7h ago
Given it's now "fixed", here's the scraping code so you can verify how this went down:
Why the downvote? It is just pictures and names. Both disclosed against their will but, and this is the ROTFL part, this is exactly what the ladies did. Uploading pictures and names of unsuspecting male victims and violating their privacy.
Let ladies have some of their own medicine.
anal_reactor · 11h ago
This is legit funny
trallnag · 13h ago
Damn, this app is going down quicker than coalfax
Edit: Nevermind, looks like Tea has been around for quite some time already. But it kinda flew under the radar with a fairly small user base.
What's the actual violation though? If you click through the "User Generated Content" link, it shows that it's allowed, just that they have to moderate it.
I believe this argument, still not clear why it became viral recently
jasonvorhe · 9h ago
Tiktok. Some men who got flagged in the app shared their perspectives and some of it went viral.
pavel_lishin · 15h ago
> more likely a vibe coded slop app
I mean, it's fun to throw baseless accusations around, but do you have any actual reason to suspect this?
therein · 15h ago
If you look at the API, it is a slop app. The IDs were being uploaded to a public Firebase bucket. Chats are also public now. The full API keys are leaked because they were in the shipped app.
Vvector · 14h ago
None of that ever happened before AI. Right...
bigfishrunning · 12h ago
It had to learn from somewhere!
raverbashing · 15h ago
Do you think if that was disproved that would be better somehow?
bobsmooth · 16h ago
With all this talk about age verification, I have to wonder if the complete lack of security was intentional.
pavel_lishin · 15h ago
How do you mean?
bobsmooth · 15h ago
The UK and some US states are instituting age verification for adult content. Doxxing thousands of women is a great way to get people talking about privacy and security.
pavel_lishin · 15h ago
That feels like a hell of a risk to take just to get a conversation started. Not just the obvious implications of endangering all the users, but the cloud that's going to hang over everyone associated with Tea, now.
This is such excruciating incompetence by the app developers I'm wondering if it was intentional. Done to punish the women who dared to speak up about vile men.
I just hope they can pursue legal action for this, whether it was a deliberate trap or not.
fHr · 10h ago
hahahhahaha
hnpolicestate · 8h ago
The trend has been for all things related to sex, dating and relationships to be aggressively male hostile. But I think it's certainly peaked. Off topic, any notice how anti -male bumble is? Trash app.
WrongOnInternet · 9h ago
Not to get all conspiratorial, but if I was an incel, or other type of woman-hating-man, with an axe to grind, creating an app to "protect" women and their dirty secrets, then having their data "breached" would be a pretty diabolical revenge plan. Only women can join the app, but the only person running the app is a man? Nothing suspicious about that...
exiguus · 13h ago
Kind of meta toxic behaviour to download the data from a App that has the goal to prevent woman from men toxic behaviour.
az226 · 13h ago
Doxxers getting doxxed is peak irony.
jahewson · 13h ago
Let’s not kid ourselves, the goal is to shame men in an attempt to control them.
archagon · 12h ago
Maybe if all these creepy men just dated each other and left women alone, the problem would solve itself.
lupusreal · 11h ago
Great suggestion, very practical and well intentioned. On that note, I had another idea; toxic women should stop associating with men. They should take themselves off the dating apps and stop ruining the lives of any men that might be unfortunate enough to pair up with them. My suggestion is just as practical as your suggestion I think. The toxic women can self-identify and voluntarily exclude themselves just as well as the creepy men.
loeg · 12h ago
I don't think that's the actual goal, or outcome.
jjangkke · 15h ago
Some observations:
- The fact that this app exists solidifies the data that a small group of men/women do most of the dating on tinder etc while the vast majority land dates far less if none at all.
- This creates distorted market supply and demand where those small group of men/women become sought after and its only human nature in that they value their supply less than the rest.
- Toxic behavior is expected from that small group of highly attractive people that do all the dating.
- It was only a matter of time before such app would run into legal issues or attract angry individuals. Now the damage to the leaked identities will be prolonged. With the AI tech today, the extent to which a damage can be doned with the information from the leaks is unknown.
- As for the company behind Tea, they are done. They face a monumental class action lawsuit as well as ongoing individual civil/criminal cases that will arise from the leaked identities, in particular the photo of driver licenses as well as selfies, usernames, emails drastically increase the surface area for damages.
- The users of this site and those that have directly posted images, details have opened themselves up to significant liability from not only the men they have targeted but from law enforcement.
- We'll see some new laws being formed from this case. Once again, we see the hidden dangers of blindly trusting large popular platforms with sensitive data but the twist with Tea here is the defamation activity that opens up its users to both civil and criminal liability.
pavel_lishin · 15h ago
> The fact that this app exists solidifies that a small group of men/women do most of the dating on the quick fleeting connections on tinder etc while the vast majority on a few if not none at all.
I don't follow.
> This creates distorted market supply and demand where those small group of men/women become sought after
Isn't that true in the real world as well? I'm not exactly a hunk; people weren't tripping over themselves to ask me out, whereas some of my friends and acquaintances did have to figuratively beat people off with a stick.
firefax · 10h ago
>Isn't that true in the real world as well?
I suspect the folks complaining about "markets" in online dating are not the kind of people who can connect offline.
To be fair, I think online dating has gotten worse -- sites like OkCupid used to match you based on shared affinity... the issue there is you could be a very high match on shared values but not someone's "type" visually -- imagine being shown the girl of your dreams only to find out the feeling is not mutual :-)
Conversely, I feel like people sometimes forget that they opted into these interactions, it's not like someone strolled up in a bar and began talking at them.
Anyways... if you're frustrated with apps, I'd suggest doing just that. Talk to people.
I met my last girlfriend at a bus stop. Before that, on a porch -- I was walking by and struck up a convo.
If you can't connect with people organically, no amount of tech can save you.
arrowsmith · 13h ago
It’s true in the real world, but dating apps make it much more exaggerated.
msgodel · 9h ago
I think making prostitution illegal was probably a mistake. This used to be confined to brothels and everyone shamed it.
Freewalled
https://jarv.is/notes/cloudflare-dns-archive-is-blocked
I linked the plain HTTP version... which seems to rely on a series of redirects; potentially TOR:
Tough to say :) Vaguely reminiscent of SNI troubles on the web server... which can depend on the client. I thought that was becoming exceedingly irrelevant, though.>DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!
>Tea App uploads all user verification submissions to this public firebase storage bucket with the prefix "attachments/": [link, now offline]
>Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It's a public bucket. I have written a Python script which scrapes the bucket and downloads all the images, page by page, so you can see if you're in it: [pastebin link]
>The censoring in picrel was added by me. The images in the bucket are raw and uncensored. Nice "anonymous" app. This is what happens when you entrust your personal information to a bunch of vibe-coding DEI hires.
>I won't be replying to this or making any more threads about it. I did my part, God bless you all. Regards, anon
Being so careless with people's personal data should be a major crime, tbh. If I manipulated thousands of people to let me scan their passports and various other bits of personal info, then just left the copies around the city for people to find, I'd be prosecuted, and rightfully so.
"Tea was founded by Sean Cook, a tech innovator inspired by his mother’s unsettling encounters with online dating, including catfishing and meeting men with hidden criminal pasts. His goal? Create a women-only space where users can post honest reviews, red flags, and personal stories about men they’ve dated. Unlike traditional dating apps, Tea isn’t about swiping for matches—it’s about safety. The app offers tools like background checks, catfish verification through “Catfish Finder AI,” and a secure community forum called “The Tea Party Group Chat.” Plus, 10% of its profits go to the National Domestic Violence Hotline, amplifying its commitment to women’s safety.
The app’s anonymous platform is its heart, letting women share warnings without fear. One user’s story stands out: Sarah, a 28-year-old from Chicago, posted about her ex, who seemed charming but turned violent. After escaping the relationship, she learned he was active on dating apps. Her Tea post detailed his behavior, and later, another user reached out on social media, thanking her for the warning that kept her from a dangerous date."
https://www.hypefresh.com/new-tea-app-lets-women-warn-others...
Women who were sexually assaulted tried to warn other women about their assaulter on the app. Anon doxxed these sexual assault victims, re-victimizing them. Anon thinks that it's men who were victimized and want to take revenge on these women who experienced sexual assault.
It's expected that anon is misogynist, and now the talking point is that these women are perpetrators of misandry who got what they deserve.
The proof is in the pudding.
It was built for doxxing and quite potentially spreading lies about men and on top of that, they doxxed all of their users, too. They pretty much doxxed everyone who used the app or was mentioned on the platform.
I don’t see how it is not a doxxing app, but go ahead and find me another PR article that says it is the best thing since sliced bread and the founders should be saints.
The selling point is you sign up and can share, support, amplify fellow doxers. A community for the non-Chan-ish, but Chan-ish, crowd to commune.
But when your in, it looks like your the first sign up.
To you. To the rest of the world all your sign up info is on DoxedMyself.com.
But I don’t have the time. So feel free to Y-combinate to your hearts worth! On me!
It's fucked up that you can't have an honest app to keep people safe, but the makers could have known the problems in advance, and probably did.
> One user’s story stands out
In which precisely nothing happened. We don't even know the nature of the alleged violence.
> It's expected that anon is misogynist
Did you just give a negative impression of someone you don't know?
Anon doxxed women who might have restraining orders against violent stalkers, and they assumed that female coders created the female-based app by referring to "vibe-coding DEI hires".
Why are you defending a doxxer hacker?
the vast majority of posts are speculation on someone being douchey or a cheater. women in their twenties seem to really enjoy browsing through the gossip.
Whether the original intent was honourable or not - or if they decide to spend part of their income to a honourable cause - does not factor in to the nature of the system.
Worse, in some jurisdictions (I’m not certain about the US specifics), this kind of unsanctioned exposure could actively hinder legal prosecution of actual predators. If a person is publicly accused on a non-official platform before trial, any resulting lawsuit might be thrown out on grounds of prejudicial exposure or even perjury. The accused could claim that the testimony is tainted or retaliatory — particularly if the platform enables near-anonymous posting without formal vetting^1.
[1] Yes, the app collects driver’s licenses. But let’s be honest: in the U.S., a fake driver’s license is practically a rite of passage. Entire generations of underage teens have used them to get into clubs and bars. If that’s your trust anchor, you don’t have much of one.
A criminal justice system has to protect even the accused against injustice. If it doesn't, it's not justice, but just a kangaroo court.
How hard would it be to believe that none of that was true and the woman was being vindictive?
People can be shitty, including women.
Western society has become actively anti-dating lately (think: ever since the 1980s). People, especially women, are actively encouraged to scrutinise even minor behaviour for red flags, after all, every man is a potential serial killer. This is so prevalent that we have made movies about that sort of paranoia ... and there are people in treatment over it. Clinically, this is often referred to as hypervigilance/paranoia syndrome, a pattern related to PTSD — both as a consequence of trauma and, paradoxically, as a source of relational dysfunction.
This is not meant to downplay the reality of actual assaults. But it points to a deeper systemic issue: The drive to protect against potential violence has, in some circles, taken on a life of its own - and in doing so, it has poisoned trust.
So - I do not claim your 4 women were not at some point scared by a guy during a date. But what used to be considered 'assertive, reliable, masculine' behaviour in the 1950s has become 'prelude to slaughter' these days, especially when other factors are present (e.g. 'he doesn't turn out to be Prince Charming that I expected' or 'he decided to split the bill').
So ... if there is an actual case of domestic violence, the solution is not to create an instrument that can be badly abused and does not follow rule of law - it is to go to ... law enforcement, and let the courts deal with it. IF the guy is a problem, let them put him away, rather than slandering him online.
Another called (a different woman) a “dirty bitch” when she declined a second date.
Amongst my female friends, I’ve become aware only in my late 40s just how many have suffered sexual assault outside of relationships or controlling and abusive behaviour within them.
I guess what I’m saying is that I think women being vigilant is rational behaviour. In my twenties and thirties I just lacked the imagination to see that colleagues and even male friends would behave in this way, but that can and have.
I don’t think this site is necessarily the right way to fix the problem, but I can totally understand the motivation.
The “sex toy guy” (and yes, I now imagine the most awkward and presumptuous version of that scenario - perhaps with a flourish of presentation) is clearly socially tone-deaf. But if no coercion or violence took place: Should his name and face be broadcast online so he can be branded “The Dildo King” for life?
The “dirty bitch” guy? Rude and vulgar, certainly. But how many women have made disparaging comments about men — their height, their hair, their genitals - sometimes in front of them, sometimes with friends? We should strive for dignity and respect on both sides. If we accept social shaming as a norm, it shouldn’t surprise us when the pendulum swings both ways - and no one wins in that world. Was the woman in this case threatened or harmed beyond a verbal outburst?
Being in my mid-40s, I’ve also witnessed what a false or misguided accusation can do to a man - careers destroyed, relationships severed, even suicides.
What we’re dealing with is a cultural and moral challenge - not a technological one. And cultural problems can only be solved through dialogue, mutual respect, and shared norms - not through factionalism or digital vigilantism.
Trust is a hard thing to come by online, even when people aren't anonymous and speaking publicly (Facebook or any other online place where one might use their real name). Giving people the cover of privacy from the person they are reporting about isn't going to increase the veracity of what's posted.
We already know how people behave online. It's either naive, ignorant or negligent to think otherwise.
How is Tea even legal? Isn't this just a legal libel timebomb waiting to happen?
"This guy is a creeper and treats romantic partners terribly" is pure opinion, and cannot be defamatory. The (rare) kinds of opinion statements that can be defamatory generally take the form of "I believe (subjective thing) about this person because I observed (objective thing)", where "(objective thing)" is itself false. "The vibe I get about this person is that they hunt humans for sport" does not take that form and is almost certainly not defamatory.
Under US law, providers are generally not liable for defamatory content generated by users unless you can show they materially encouraged that content in its specifics, which is a high bar app providers are unlikely to clear.
Standard disclaimer that law varies by jurisdiction. However, that limited list typically includes claims that the person committed a crime. Many juristictions also include accusing someone of having a contagious disease, engaging in sexual misconduct, or engaging is misconduct that is inconsistent with proper conduct in their profession.
In other words, the types of things I would expect people to be talking about on tea overlap heavily with defamation per-se.
If the users were careful to make all of their statements opinions, that defense would work. However, I doubt that is the case. Instead, I expect many users to include example of what their ex did that led to their opinion; which gets directly into the realm of factual statements.
The provider protections are real, and likely protect the app from direct lawsuits (or, at least from losing them), but do not protect the app's users. A few news stories about an abusive ex going after their former partner based on what they posted in the app could be enough to scare users away. You don't even need to win the lawsuit if your goal is to harass the other person.
That is true. But i think untrained and emotionaly involved individuals will have trouble navigating the boundaries of defamation. Instead of writing opinions like “treats romantic partners terribly” they will write statements purporting facts like “this creep lured me to his house, raped me, and gave me the clap”. This is not an opinion but three individually provable statements of facts. Plus the third would be considered “defamation per se” in most jurisdictions if it were false. (The false allegation that someone has an STD is considered so loathsome that in most places the person wouldn’t need to prove damages.)
Unles specifically coached people would write this second way. Both because it is rethoricaly more powerfull, but also because they would report on their own personal experience. To be able to say “treats romantic partners terribly” they would need to canvas multiple former partners and then put their emotionaly charged stories into calm terms. That requires a lot of work. While the kind of message i’m suggesting only requires the commenter to report things they personaly know about. And in an emotionaly charged situation, like a breakup, people would be more likely to exagarate in their descriptions, making defamatory claims more likely.
> Under US law, providers are generally not liable for defamatory content generated by users…
This is true, and i believe this is the real key. Even if the commenters would be liable, the site themselves would be unlikely to become liable with them.
1. To prove that the factual claims made by the defendant were false, and that the defendant should have known they were false
2. That you suffered actual damages from those claims
Very hard to make happen on a dating app.
What happened on the tea app were probably not knowable, observable or refutable for those actually being doxxed or slandered.
That isn’t me saying 4chan is absolutely morally in the clear, but it’s still quite a significant distinction.
It seems like your argument is based on (1) the discussion being slander (assumption); and (2) the idea that you could refute it if it were public (good luck, low credibility, also most men would immediately respond with vulgar name calling and - at least if anonymous - threats).
The claim that it provides safety really is just that, an empty claim.
A better way would have been to charge a small subscription fee - like $2/month or something. The fee filters out 99% of the trolls out there (who wants to pay to troll) and also gives the app/website admins access to billing info - name, mailing address, phone number, etc - without the need for a full ID scan. So the tiny amount of trolls that do pay to troll would have to enter accurate deanonymizing payment information to even get on the system in the first place.
And it can be made so only admins know peoples' true identities. For the user facing parts, pseudonyms and usernames are still very possible - again so long as everyone understands up front that such a platform would ultimately not be anonymous on the back end.
But oh no, that won't hypergrow the company and dominate the internet! Think of all the people in India and China you're missing out on! /sarcasm
Have you seen who has the blue checkmarks on Twitter/X now? I'll give you a hint, it's not the people who argue in good faith.
That's Pure. And they have more than 5$ I believe.
The only reason I haven't is because it feels like LinkedIn may have already jumped the shark and I wouldn't really get the value for my money.
The issue is they decided to roll their own extremely questionable service and insecurely store sensitive images in a public bucket
Multiple SAAS vendors provide ID verification for ~$2/each. They should have eaten that fee when it was small and then found a way pass it onto the users later
It is not, indeed.
The first part is its goal: identity is secondary, the main purpose is money. It means a customer can put a fake name and address as long as the money part is considered OK. Most PSPs won't check the cardholder name (it can be used for fuzzy scoring, but exact match is a fool's errand). Address is usually only required for physical goods and won't be checked otherwise. And 3DSecure will shift the blame enough that the PSP won't need to care that much about the details.
The second part is the whole mess that comes with payments. You'll become a card testing pot in no time, and you'll be dealing with all the fuss just to check identities, you'll soon be rising the token payment to a significant amount to cover the costs, and before you realize it half your business has shifted into payment handling.
This is incorrect. The parent acts like it isn't trivial to obtain payment methods that aren't linked to the payer. It seems like a reasonable possibility.
For whom? For people willing to be an asshole on the internet? For people willing to stalk other people online? This sounds exactly like the group of people that would look for ways of paying for something in ways not linked to them, even if that means "borrowing" someone else's identity
You've never visited X (formerly known as Twitter)?
While the above statement would benefit from adding the word "Some" to the start, I'm not sure it would generate much outcry.
Women aren't evaluated on their income like men are, they are evaluated on their looks. An equivalent app would be something that lets men share if women are less attractive than their pictures.
https://www.cdc.gov/intimate-partner-violence/about/index.ht...
Notably:
—- About 41% of women and 26% of men experienced contact sexual violence, physical violence, or stalking by an intimate partner during their lifetime and reported a related impact.
—- Over 61 million women and 53 million men have experienced psychological aggression by an intimate partner in their lifetime.
I’m not minimising the idea that women can Be violent, but we need to be careful to have in proportion. If you look at the most serious categories of harm, or only murder, the differences really are very stark.
> psychological aggression
Not at all downplaying the seriousness of emotional and psychological abuse, but these are very different things. Which is the main reason that the concept of this app doesn't bother me much. The immediate physical safety risks of dating as a woman are significantly greater than for men.
Broken bones heal, but psychological wounds can last a lifetime -- and cut that lifetime short either through self-harm or the impact on chronic diseases. Sexual assault is so problematic because it has a very long term psychological impact on people.
Because we live in black crime culture and blacks do violently attack whites on much greater scale than the other way around. You don’t have to be even necessarily evil for that, honestly just some normalised behaviour in some black people can be enough to become a criminal for white people.
Do you not see how this is deeply wrong?
No comments yet
By this logic: I suppose glassdoor, yelp, or Google reviews aren't legal either?
What about identity verification as part of any employment offer?
Even the open platforms creep me out. I don’t like seeing unverified accounts of crime in Nextdoor, I think if you see some crime you go to the police. I had a series of in person interactions with a woman which seemed creepy in retrospect, her Nextdoor was full of creepy stuff including screenshots of creepy online interactions. At least this gives everyone clear evidence they should keep away.
Or in this case, sharing personal information about yourself...
…is clearly not the US, which has probably the most expansive understanding of “freedom of speech” in the world.
Where you come from, people arent allowed to share their own experiences interacting with third parties without the third parties consent?
Sounds pretty oppressive, but there are absolutely many jurisdictions where that is not the case.
Its the only country in the world where Tea operates or is open to users, what other country’s laws do you think apply to it?
Cool, I'm sure Tea is only available to report things about United States citiz... nevermind.
It runs afoul of about a dozen european rights to privacy, imagery and consent laws. And that's just by posting pictures ! Libel and slander are a bunch of others, right to a response is also another... the list is long. It is, once again, yet another dudebro trying to skirt legality.
The EU is welcome to try to enforce its local laws on the US operations of a US business open only to US users, but I don’t think its going to have much success.
https://www.edpb.europa.eu/system/files/2024-10/edpb_2024041...
That boat already sailed and it already happened. "US only operations" does not matter (which is already bullshit, as Tea does not verify that users are US ones, they merely disabled downloading in the play/app store): posting pictures of European citizens runs afoul of European laws. Sure, they can't come and arrest you on US soil. Just don't travel too much.
Tea can collect and use photos of EU citizens, if it collected them in the USA, with (all other things being equal) no fear of GDPR violations.
So, yes Facebook can't collect photos of EU citizens, then process and do "stuff" with them in the USA, without violating GDPR, because that'd be the easiest out ever for multinational tech companies.
It is the location of the subject of the personal data collection that matters, not their citizenship.
The document you linked is interesting but I'm skeptical that you actually read it. It effectively says that in practice there's no hope of enforcing actions against entities that are purely in the US unless their behavior has run afoul of state or federal policy.
It does note that if concrete damages are recognized by the court that there is a decent chance US courts will cooperate to enforce the judgment. But the vast majority of GDPR enforcement is punitive as opposed to compensatory so it's not particularly relevant.
I'm also not clear why you think traveling would matter. DPA penalties are administrative in nature, not criminal. They are also likely to be levied against corporations as opposed to individuals. My guess is that the extremely unlikely worst case is your entry or visa application getting denied.
Two Germans shooting each other in Australia break Australian law, but not German law.
A remarkable fact that's stayed with me: Ken White (@popehat) once said that in his defamation law practice, his largest category of consultations was with clients who'd said negative things about a past romantic partner, who then threatened to sue. I believe his point was those negative things were true most of the time, but difficult to prove, or defend.
I think sometimes folks don't properly threat model what can be done if someone chooses to think about what the consequences for breaking a rule are and letting that guide their actions, rather than striving to avoid breaking them out of some kind of moral principle.
No comments yet
Yes, and? The service is protected in the US by Section 230, and Tea doesn't operate anywhere else currently. Individual users who use it defame are, in principal, subject to defamation liability, but in the US (and, again, that’s the only jurisdiction currently relevant), the burden to proving that the description was both false and at least negligently made (as well as the other elements of the tort) falls on the plaintiff (it is often said that “truth is an absolute defense”, but that’s misleading—falsity and fault are both elements of the prima facie case the plaintiff must establish.)
Sure, in a jurisdiction with strict liability for libel and where truth is actually a defense, and/or where the platform itself, being a deep pockets target, was exposed, Tea would be a more precarious business. But that’s not where it operates.
I suspect that's going to be more of a problem for Tea than hypothetical individual defamation cases.
Although having said that, how can you sue someone for defamation if you never find out you're being defamed?
Any woman can say "Don't date [name], he's a bad person" and the victim will never know.
Unless he asks a female friend for a social credit check, all [name] will see is a shrinking pool of opportunities.
"He's a bad person and you shouldn't date him" is an opinion you can legally express anywhere as much as you want.
I mean, I think it depends what you claim in this post.
I have seen false rape claims, false claims of child abuse, neglect, etc.
With zero repercussions, of course.
Some social problems just don't have technological solutions.
Those ten reports could be made by one person. That one person might not even know the person they're accusing. That one person might be a man. That one person might be a bot.
You'd have to ignore the last three decades of online identity, trolling and social media pitfalls to not recognize that.
And please don't compare reviewing a can opener on Amazon to accusing someone anonymously of a heinous crime on an app built by one person.
But I'm not sure I'm going to convince you with words so I'll suggest this:
Go and build this app.
Build it, see what happens. Nobody else has been able to crack this but maybe you can.
A lot of men have had experiences like this one. Either directly or they know someone it happened to. Yeah #NotAllWomen but way too many will exploit the feminist #BelieveAllWomen culture to gain even trivial benefits. An app devoted to letting women anonymous gossip and engage in reputation warfare without fear of consequence, or even fear that the man might reply in self defense, is going to get flooded with women like the taxi passenger.
Go read some statistics on the number of women harassed, abused, raped, and killed every day—every single day—because they are women.
Go ask your mother, your sister, your wife, your female best friend, when they had their last abusive encounter.
Go ask your friends of both genders what the worst things are that could happen to them when walking home at night, and compare the responses.
Go read some historic accounts of how women were treated for… pretty much all of history.
Go look up news articles of what can happen to women when riding a taxi. Spoiler: it’s not just a threat.
Yes, there are some abusive women out there. Yes, it’s fucked up when that happens to you. But trying to insinuate the levels of violence against men would be even remotely comparable is just plain awful.
By people going on the same sort of rants like you just did.
Some People are terrible, especially when they think they can act without consequences.
Does that excuse men doing bad things too? No.
But it sure does (or should!) make anyone with a brain question hyperbolic claims of abuse or violence without actual evidence.
That's not what it is intended for, but many people after relationships end can be extremely emotional and sometimes very spiteful. It's not uncommon for people to embellish or lie about the truth to make themselves look better and the other person look shitty. Especially if you're the one being dumped, you may be even more likely to engage in petty behaviour.
I personally have experienced an ex making up a sexual assault story. This kind of app didn't exist then, but she even went as far as reporting me to the police. Luckily the police investigated and could easily discern it was a lie. Going to the police is obviously a much higher burden than using an app, and yet many females still go make false SA claims there. Do you really think it wouldn't be a common problem for people to do the same in an app at a much higher rate?
People often believe things like SA claims without any evidence and will often even attack people trying to defend the person or insist on some kind of proof. It means that someone making up bull crap on these apps is going to be treated like it is true, yet the rates of lies would likely be pretty high.
People can just be so crazy when it comes to relationships/love. Especially when it comes to people in their teens or early 20's, the brain isn't fully developed and dealing with these emotions is even more challenging and leads to even more rash decision making.
The more common it is, the more damaging false claims of it are. It's a self-defeating linear relationship.
It might be relavent to who wins the lawsuit, but sometimes the mere existence of a lawsuit is pretty painful.
I mean if witches didn't do anything surely they wouldn't be hunted down.
A well-designed system will maximize utility for the former, and minimize utility for the latter. An app where women can leave what are practically anonymous reviews for men is not such a system.
This isn't all of the people, but in my experience in life it's more than enough to make this app impossible to filter.
coolcoolcool. I'm sure that never ever gets abused horrifically.
I still maintain my pet theory that this is a downstream effect of the normalization of paranoia around pedophiles that began hitting the mainstream in the '80s. The modern world is exceptionally safe, yet to the average person, it feels exceptionally dangerous.
...While I've got the hood up, I'll continue soapboxing.
I've started seeing rare instances such as a young woman walking around a corner and there is a man rounding the same corner, surprising her by mistake, and the woman starts crying or breathing in a panicked way, unable to regulate herself for several minutes. It's not always walking around the corner at the same time, but there's a common pattern of being surprised by a man just going about his day and experiencing a severe fear response to that interaction.
When I look at a lot of cultural related issues today, beyond just gender, I see many signs of pervasive psychological issues. I don't know what the solution is, but I'm very confident that the root cause is more complicated than something you can describe in a single sentence.
But I was friends with my wife's friends before we got married, and in a sample size of ~20 women my age, every single one of them has experienced inappropriate and unwanted touching in social settings. And a large number of them were victims of outright rape.
In comparison, I have many male friends and of them, I only know one who has been wrongly accused of sexual assault (the lady openly talked about doing it to help with a promotion...)
So even if both sides may have a few bad apples, one side is a much more prevalent problem when it comes to the number of victims.
The same hypothetical 5% can inflict harm to multiple women, that's why multiple women and girls complained about Epstein and Trump.
Men's driver licenses were not distributed online. Only women's driver licenses were distributed online.
I assume the app then runs facial recognition.
This may be legal in the US, but not under GDPR. Pictures of faces are biometric data (explicitly listed as such), which falls under additional restrictions beyond personally identifiable information.
A drivers license with the picture blacked out would be less sensitive than the picture itself!
Imagining a future where I have to pay Tea to promote and astroturf my profile or they lower my rating, and pay bot farms to post glowing reviews
Yes, as far as I understand, you upload pictures of men, either taken in the wild or from dating sites (Tinder) against their will. I am pretty sure that this would be illegal in some jurisdictions. Especially EU.
Without bias and gossip, who would even want to use the app?
https://en.wikipedia.org/wiki/Lulu_(app)
It gets shut down, everyone forgets, then someone eventually has a brilliant idea...
It come from a place of sincerity but defenders imagine everyone would use it for the same reasons they would: Warning people of genuine threats in the dating world. They would never use it for gossip, or revenge, or creative writing, etc. so they don't imagine others would.
But at scale, if generously only 0.1% of women in America are bad actors that would weaponize this app, that's over 150k people (not to mention men slipping past security). And the thing about bad actors is that one bad actor can have an outsized effect.
The problem is the demand is there for such groups and I see posts that range from, “this guy tried to get me to get in his car”, or “man exposed himself to me”, to “man has twice approached children at my child’s school” or “I was drugged and raped after meeting with X on Y dating app”.
Lots of sexual attackers are known to multiple women.
Fact is that in lots of countries rape kits don’t get processed, it’s hard to secure a conviction, many serial sex offenders walk free and many women don’t want to go through a reliving of their trauma in court.
As a result these kinds of groups are very useful, not just for women who are actively dating, but for women who are simply existing in day-to-day public life. We have a president and a supreme court judge who both have been accused of serious sex offenses and nothing happened.
Is there a chance that some man who has done nothing wrong, gets accused by a woman in these groups? Yes of course there is a chance that could happen, but many would prefer to not take the risk of dating someone that has been accused of being a sex offender and the vast majority of posts with confirmation by multiple women confirm that bias.
These groups help keep women safer than without them. There’s a good reason why many women just don’t date at all any more. Covid lockdowns reminded them that they don’t really need it and it’s more hassle than it’s worth.
Sadly the vast majority of men are fine (not all men), but not enough call out the bad and dangerous behavior of a minority of their friends and peers. Until that happens women will be drawn to these apps and groups to try to be safer and not be a part of a sex crime statistic.
The concern of false accusation appears to be... brushed aside. Are you a man? How would you feel if you were falsely accused? Knowing that this could snowball into being doxxed, having your employer informed etc. Innocent men have been jailed for this.
https://news.ycombinator.com/item?id=41707495
The answer to your last two questions is found within section 230 of the Communications Decency Act.
It's only not a thing because, in the U.S., it's redundant. In other jurisdictions, it might be a thing, because there are places where a claim can be both defamatory and true.
No comments yet
https://x.com/JacobJohnson494/status/1948222924235624870
humans in general act like psychos, the danger comes more from the size differential than propensity to act like a jerk.
Do we have more physical violence from men towards women than the opposite? I think I saw that the reality is yes. Does it mean that men are biologically coded to be violent, or is it a question of education and culture?
If you conclude the second one, it is not "sexist" (on the contrary, it may even be that the culture that creates the problem is itself rooted in sexism and that acknowledging some reality about its existence may help changing this culture), and does not imply prejudice against men, just acknowledging that we need to be careful in case of bad apples.
It still means that talking about this requires to be very careful.
To react on your example, I think it is a good think to notice if some population have a bigger problem at this subject than others, and we can then identify more easily the places where this problem forms and target these places. But people who concludes "look at violence divided by race, so I can generalise and be prejudicial to everyone in some race and not other" are idiots.
However, homosexual relationships has equal rate of partner violence as heterosexual ones. A bisexual woman that has a relationship with an other woman will double her rate of physical violence compare to relationship with a man (statically). A man who has a relationship with an other man will half his rate of violence. This makes no sense at all (unless we believe that sexual orientation is an factor for violent behavior), unless we add a additional factor of sexual dimorphism. Men are on average larger and more muscular, and there seems to be a correlation between being the larger/stronger and using physical strength/fists during a fight. The smaller person is in return more likely to use tools or other means of violence. Statistically, fist also has a higher probability to do damage than improvised weapons, since people are more proficient in using their fists.
Does it mean men are biologically coded to be violent? No. Is it a question about education and culture. Maybe in some countries/cultures, and it wouldn't hurt to use the education system to teach people conflict resolution. Getting people who are physically larger to not exploit that fact during a heated fight is likely a hard problem to solve on a population level.
I think "any form of violence" is not a constructive direction. First, this ends up being very subjective: between 2 forms of psychological violence, which one is the most violent? Secondly, if indeed it is cultural, it implies that different sub-culture may have different ways of acting, so we can always play the subgroups to make it says whatever we want. But most importantly, it is not very relevant for our context: in the case of the first interactions during heterosexual dating, pretending that men risk as much as women seems a very unconvincing claim, for several reasons (even if under-represented it should be under-represented to an unrealistic level to reach an equal level, and it also does not fit with plenty of cultural tropes (I can find a video explaining explicitly that manly men need to dominate their female partner. I'm sure it exists, but the simple fact that I cannot easily find a video explaining explicitly that womenly women need to dominate their male partner shows it's not that of a trope. On the other hand, I can also easily find videos about "trad wife" that will explain that a womenly woman must be with a dominating man))
For the rest, I think we say the same thing: talking about the visible issues is not a problem in itself, but people instrumentalising these issues to be racist or sexist are the problem.
If it's almost all about the size of the specific two people in a relationship, it's a terrible terrible idea to aggregate that by gender, leading to completely misplaced wariness and judgement.
It feels a bit like saying "there is a bug in software X, but there is also a bug in software Y, so let's not fix the bug in software X".
Of course, men also suffer from problems. It even feels that it is usually also due to machismo or something similar. Sometimes, it feels like the majority of men's problem is in fact self-inflicted by the manosphere. They both complain of suicide rate, army draft, violence against men, but they also promote a culture of not-showing-emotion-otherwise-you-are-not-manly, a-man-is-worthless-if-they-dont-succeed, army-is-manly-and-women-are-weak, a-man-should-show-dominence-and-other-men-are-a-threath, ...
People likes to see things in black or white, but the reality is more complicated, and there is no advantages that does not bring also some disadvantages.
> Black people are the most likely to experience domestic violence—either male-to-female or female-to-male—followed by Hispanic people and White people.2 Centers for Disease Control and Prevention. The national intimate partner and sexual violence survey: 2010-2012 state report.
> Asian people are the least likely to experience intimate partner violence.[1]
[1] https://www.verywellmind.com/domestic-violence-varies-by-eth...
2020 USA Per Capita Count of Mortality Event: Assault(Homicide), Female: 0.00139%
https://datacommons.org/tools/visualization#visType%3Dtimeli...
> Partner violence appears to account for ~34% of violence against women[2] (but vs. 6% for men)
And this is sort of the point of the comment higher up: when you cut the stat this way, it seems like men are wildly dangerous creeps. But it is a statistic comparing one group to another group. We need to instead look at the absolute rate of partner violence to decide if men are on the whole violent murders or so, and there, the overall risk is low.
[1]: https://dataunodc.un.org/dp-intentional-homicide-victims
[2]: https://bjs.ojp.gov/female-murder-victims-and-victim-offende...
[3]: (I've assumed a round population of 340M for the US, with 50/50 gender, just an approximation.)
Not exactly. The statistics didn't specify the gender identity of the perpetuator, just the relationship to the victim and the gender identity of the victim.
Doesn't look correct.
https://www.worldometers.info/demographics/us-demographics/
18k men are murdered. But women are murdered by their partners at a higher rate.
Edit: 100% are murder victims
https://bjs.ojp.gov/female-murder-victims-and-victim-offende...
I have no idea if their number is correct for that either.
But... you're trying to correct their statistics?
I agree with you that in the context, your stats maybe make more sense. But if you're going to correct someone, you generally should recognize what they were trying to communicate in the first place.
If such a service exists and isn’t being too effective, shouldn’t that be worked on?
My guess is that there’s more to the reasons for why Tea is popular but the safety argument is largely being used to defend it
I think this is called "the police"
A narrowing of section 230 would not be good for Apple or Google, though they wouldn’t face any liability for the Tea apps conduct.
https://www.techdirt.com/2020/06/23/hello-youve-been-referre...
To me this feels as if people widely thought that the Apollo Program was intended to prevent people from traveling to the moon, or Magna Carta was meant to prevent barons from limiting the king's power, or Impressionism was all about using technical artistic skills to depict scenes in a realistically detailed way.
Defamation is still not protected, it's just the person who posted it who is liable. Meanwhile the site's "editorial control" is protected by the first amendment, not section 230.
> The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.
What exactly does this mean? Which information is exchanged without consent of these people? This seems to me more problematic than the actual topic of the data breach.
1) you dated a guy on tinder, he became all pushy on your first date, touched you inappropriately even though you said no. Or some guy became violent during your relationship and you even found out he has a history of that.
2) you dated a nice guy but he dumped you for whatever reason, and now you want to get back at him so you make up stuff like mentioned above, and post it there.
Facebook shouldn't legally be allowed to demand an ID any more than this disaster of an "app."
Now tens of thousands of people will be subject to identity theft because someone thought this was a neat growth hacking pattern for their ethically dubious idea of a social networking site.
https://theconversation.com/porn-websites-now-require-age-ve...
https://developer.apple.com/videos/play/wwdc2025/232/
Link to the related web standard https://www.w3.org/TR/vc-data-model-2.0/
Simple solution: decriminalize uttering to any person who is not an employee of the government or a regulated bank.
Ideally you'd see fines in the 10%s of revenue. In egregious cases (gross negligence) like this, you should be able to go outside the LLC and recoup from equity holders' personal assets.
Alas, if only we had consumer protections.
A somewhat embarrassing but relevant example: my friends and I used Grindr for years (many still do), and we remained loyal despite the company's terrible track record with user data, privacy, and security as there simply wasn't (and still isn't) a viable alternative offering the same service at the expected level.
It appears Tea saw a pretty large pop in discussion across social channels over the last few days so I'm pretty hopeful this will lend itself to widespread discussion where the users can understand just how poorly this reflects on the company and determine if they want to stick around or jump ship.
That cuts to the issue some other comments have pointed out, that user trust is really their most important capital – and with short attention spans and short news cycles, it may rebound surprisingly fast.
The GDPR in Europe attempts to reset this but it’s still an uphill battle
And some kind of legal penalty for the engineers as well. Just fining the company does nothing to change the behavior of the people who built it in the first place.
https://www.teaforwomen.com/about >With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology to create a game-changing platform that prioritizes women’s safety
If you're lucky, a clown vibe coded this trash. If you're unlucky, he paid someone to do so, and despite his proven background about leading top Bay Area companies, didn't even think to check a single time.
The CEO is directly responsible for this.
> With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology
Blah blah blah blah blah... Just goes to show that you can write all sorts of powerful sounding words about yourself on your About page, but it doesn't say anything about your actual competence. I mean, I don't have a "proven background leading product development teams" but I sure as shit wouldn't make obvious amateur-level mistakes like this if I ever did a startup.
Joining in with some other comments on this thread, if the stamp of a certified person was required to submit/sign apps with more than 10K or 100K users and came with personal risk and potential loss of licensure, I imagine things would change quickly.
I'm personally not for introducing more gatekeeping and control over software distribution (Apple/Google already have too much power). Also not sure how you'd make it work in an international context, but would be simple to implement for US based companies if Apple/Google wanted to tackle the problem.
I think the broader issue is that we as a society don't see data exposure or bad development practices as real harm. However, exposing the addresses and personal info of people talking about potentially violent, aggressive or unsafe people seems very dangerous.
They don't seem to value privacy.
How was this app going to monetize?
I'm guessing by selling user data, namely drivers license info to phone number.
There would be a morbid irony in the idea of a tool marketed as increasing safety for women actually being a honeypot operation to accumulate very sensitive personal information on those very women.
* App Store review requires a lightweight security audit / checklist on the backend protections.
* App Store CTF Kill Switch. Publisher has to share a private CTF token with Apple with a public name (e.g. /etc/apple-ctf-token ). The app store can automatically kill the app if the token is ever breached.
* Publisher is required to include their own sensitive records ( access to a high-value bank account) within their backend . Apple audits that these secrets are in the same storage as the consumer records.
If you want companies to care about security then you need to make it affect their bottom line.
This wasn't the work of some super hacker. They literally just posted the info in public.
Its not like anyone intentionally posts their entire DB to the internet.
> We can reduce the latency of discovery and resolution by adding software protocols.
Can we? What does this even mean?
[Edit: i guess you mean the things in your parent comment about requiring including some sort of canary token in the DB. I'm skeptical about that as it assumes certain db structure and is difficult to verify compliance.
More importantly i don't really see how it would have stopped this specific situation. It seems like the leak was published to 4chan pretty immediately. More generally how do you discover if the token is leaked, in general? Its not like the hackers are going to self-report.]
My bigger concern though is how you translate that into discovering such breaches. Are you just googling for your token once a day? This breach was fairly public but lots of breaches are either sold or shared privately. By the time its public enough to show up in a google search usually everyone already knows the who and what of the breach. I think it would be unusual for the contents of the breach to be publicly shared without identifying where the contents came from.
My SSN / private information has been leaked 10+ now. I had identify fraud once, resulting in ~8 hours of phone calls to various banks resulting in everything being removed.
What are my damages?
The onus is on users to protect themselves, not the OS. As long as the OS enables the users to do what they want, no security policy will totally protect the user from themselves.
Meanwhile, in the UK, new legislation requires me to upload my face and driver's license just to browse Reddit.
On a more serious note, implementing such a law without also providing a 0-knowledge authentication system ready to use by the government is just so unbelievably stupid (for multiple unrelated reasons).
r/ukguns r/cider r/sexualassault r/stopsmoking
Think of the children!
It isn't just gossip websites requiring this, and it isn't just gossip websites suffering breaches.
No comments yet
"use your brain" is no substitute for security. This is a hacker forum. We think about how to protect apps. Even smart people have slipped up
Sorry, well deserved ladies. It just made my day. ROTFL.
And please provide an app with all the names and pictures of the ladies who used it. So that I can easily check who not to date.
Oh wait—no such thing exists!
It's up to us to teach this to our children. There's no hope of getting the current generations of Internet users to grasp the simple idea that app/website backends are black boxes to you, the user, such that there is absolutely nothing preventing them from selling the personal information you gave them to anyone they see fit, or even just failing to secure it properly.
Without being a developer yourself or having this information drilled into you at a young age, you're just going to grow up naively thinking that there's nothing wrong with giving personal information such as photos of your driver's license to random third parties that you have no reason to trust whatsoever, just because they have a form in their app or on their website that requests it from you.
even the most savvy consumers slip up, or are in a hurry. it's impossible to make a perfect security decision every time
Presumably the risk/reward still favors risky practices.
Now that's a creative solution! Every admin must have a table called `MY_PERSONAL_INFO` in their DB.
The EV certs failed because general SSL identity is pretty weak. Consumers don't know how to use it to establish trust. There's no enforcement on how the names are used. for example, my county treasurer has me transfer thousands of dollars on a random domain name.
There will always be lowest-common-denominator users, but there is clearly some demand for an alternative to the biggest 5 websites...
Interesting play, calling 95% of users "lowest-common-denominator". Those silly, blabbering morons that don't understand that they should be running Bazzite on their Framework laptops instead of using evil evil sofware.
>there is clearly some demand for an alternative to the biggest 5 websites...
This demand doesn't pay, and also happens to be some of the most demanding, entitled users you'll have ever seen.
Mmmhmm
* App publishing process includes signatures that the publisher must embed in their database. When those signatures end up on the dark web, App Store is notified and the App is revoked
You have a lot of interesting suggestions.
I would love to see some kind of forced transparency. Too bad back-end code doesn’t run under any App/Play Store control, so it’s harder to force an (accurate) audit.
The idea has merit. You have to relinquish some control to establish security. Look at App Store, Microsoft Store , MacOS App store -- they all sandbox and reduce API scope in order to improve security for consumers.
I'm more on the side of autonomy and trust, but then we have reckless developers doing stuff like this, putting the whole industry on watch.
We could do better in our trade at encouraging best practices in this space. Every time there's a breach , the community shames the publisher . But the real shame is on us for not establishing better auditing protocols. Security best practices are just the start. You have to have transparent, ongoing auditing and pen-testing to sustain it.
How do you enforce the token actually exists? Do app developers have to hire some auditing firm to attest all their infra actually have the token available? Seems expensive.
No comments yet
1st sentence: "exposed database"
We need a more nuanced headline here. They did nothing responsible. 404 should title this story with something that will blame them first and the 'hackers' 2nd.
Drivers licenses can be faked. Moreover, someone can just pretend to be someone else on this app with real drivers licenses.
The whole premise, implementation and process of Tea as a social media app is flawed, and a legal liability for the devs.
The internet went from 'YouTube asking users to never use your real name' to 'you have to submit your ID to some random app' in 10 years. Crazy!
It's the only way they will push companies to STOP storing them long term.
I've been in several companies (mostly FinTech) that store personal sensitive documents "just in case". They should be used for whatever is needed and deleted. But lazy compliance and operations VPs would push to keep them... or worse, the marketing people
This absolutely should not be normalized. If I'm ever prompted to submit photos of a government ID to some service, I'm turning heel. I'll try to use their phone service (which I just did successfully this week), correspond via mail or maybe, as you've said, handle it in person but I'm probably content to go without.
My driver's license is scanned every time I buy beer. I'm under no illusions that it's not quite readily available in any number of leaks or disclosures.
If that sounds defeatist, maybe it is. Nothing online is private. Once it's in a database, it's only a matter of time before it's exposed. History has proven this again and again.
It wasn't "normies" so much as it was the leadership and early investors of Facebook shoving "just trust us" and FOMO literally everywhere online. The hype (and hope) in 2010 was REAL and almost all privacy related conversations were shut down on sight. Heck, I think I still have my copy of Jeff Jarvis's Public Parts (ISBN13 9781451636352) somewhere in my closet. Amazing read if you really want to understand the mindset in place at the time.
Because we couldn't get anyone to take the internet seriously if it was just a bunch of anonymous pseudonyms trolling each other. And maybe that was a mistake.
Just look at Facebook. Users with real names sharing all kinds of inane schizo nonsense, extremism, building echo chambers without realizing it, becoming completely divorced from reality as perceived by the majority of people around them in meatspace, because they section themselves off in cyberspace.
If they have a problem with it then I will gradually remove pieces until they’re okay. But I haven’t had to do this the few times I’ve used this tactic – it causes issues with automated scans but eventually some human manually reviews it and says it’s okay.
What I don’t like is the “live verification” apps that leave me no choice but to take a photo of it.
That's becoming the norm now, presumably because of concern that people are taking leaked scans from one site, and using it to commit identify fraud (eg. getting KYC scans from crypto exchanges and using it to apply for accounts at other crypto changes, for money laundering purposes).
No comments yet
These are actually still very hard to do. I don't know anyone who would let me use their license for this purpose.
It's not just that this database was accessible via the internet. It was all public data. Storing people's IDs in a public database is just... wow.
Yeah, we’ve finally, nearly, just got to the point where realizing that treating IT and security and such as simply a cost centre to be minimised maybe quite wasn’t leading to optimal security outcomes - to throwing it all away again.
https://www.bleepingcomputer.com/news/security/misconfigured...
We have a couple of decades more until we lock tech up, up until now it was all fun and games, but now and in the future tech will be everywhere and will be load bearing
I bet on greed. It always wins.
Why do people want to live in a panopticon of their own creation, with random anonymous strangers morally policing, judging each other with zero consequence to them?
Don't think we'll ever learn our lesson when it comes to privacy, it will be Eternal September forever.
The irony in this case being that this app operates like a lot of creep subreddits and forums out there with people posting photos of other people without their permission and gossiping / telling stories about them...
Witch Hunt as a Service, with a delightful UX, a little gamification, and soon integration with your favorite apps. Coming to an App Store near you.
However there is something to be said about the crowd you find yourself with. If you assume this app to be necessary, I would assume your social standards are not high enough.
What's the bar they cannot clear?
So much for the "anonymous" app.
This is the scary reality of an app like this, especially if it continued to go more mainstream.
But regardless i do understand the appeal. Dating apps suffer from basically being a low-information market place. There are of course the malicious people, which everyone has an interest in removing from the app. However even ignoroing that its a bit of a lemons market (if you excuse how dehumanizing the metaphor is). Its very hard to tell if someone is a good date just from their profile, and people who are good dates end up in relationships and exit the market quickly while bad dates stay in the market for a much longer time. Allowing some sort of review system does solve that problem - its worked in other domains, like uber drivers or what resturant to go to. So i certainly understand the appeal of why people would want this.
I don't have a fix for this, it is entirely fair to want justice for the defenseless. At the same time I have a strong hunch that there is no problem-solution fit here, at least not with this sort of app.
Women are anonymously spilling tea about men in their cities on viral app - https://news.ycombinator.com/item?id=44682914 - July 2025 (17 comments)
Apple had no issue mass censoring Parlor and others, how is an app like this able to reach #1 under all?
Truth.
"Don't let Toyota's 'reliable car at a reasonable price' marketing fool you, they're all about money." Yeah, but does that preclude them from selling me an actually reliable car at a reasonable price?
If Toyota says that we're the car company that cares about you, we want to keep you safe from the bad actors, and trust us on making right choices for you - and when you discover Toyota has been secretly building out an ad network, in bed with Chinese government, you have to call them out. And that's what Apple is doing.
Privacy is a human right, except in China where they are happy to go along with what the government wants. Google atleast had the balls to pack up and leave the country.
https://www.bet.com/article/pe65fc/apple-s-black-diversity-c...
I take doxing, stalking, revenge porn and cyber bullying very seriously! And I would pay good money for a background check, to stay away from such people.
Buddy, believe me, women who are using Tea would pay to know that they need to avoid you too.
Seems like the simple solution here is for Tea to allow men to register and advertise themselves as not interested in Tea users, maybe by linking profiles from dating apps.
That seems about right.
This app operates just like an app some creep online would use, people post pictures (permission or not) and gossip about them.
But then again, can't convince people as a whole that men are, on average, good and decent people with normal flaws just like women, and therefore deserve to be protected, loved, and appreciated equally.
https://www.teaforwomen.com/data-breach
No it ain't.
The first sentence is already a lie as there was never authorization in place followed by more lies.
This will prove security in IT coding is necessary, so enjoy watching the drama unfold.
IT security bonanza time. It wont be long.
RIP
https://x.com/vxunderground/status/1948850061493850598
This has evolutionary origins. A man can, theoretically, father around a thousand children or more in the time it takes a woman to bear one. Sperm are cheap so those who need sperm (i.e. women) don't need to fight with each other. There's plenty to go around. Eggs are scarce so males of myriad species fight each other to the death over them.
It's just biology.
- This creates distorted market supply and demand where those small group of men/women become sought after and its only human nature in that they value their supply less than the rest.
- Toxic behavior is expected from that small group of highly attractive people that do all the dating.
- It was only a matter of time before such app would run into legal issues or attract angry individuals. Now the damage to the leaked identities will be prolonged. With the AI tech today, the extent to which a damage can be done is unknown (ex. deepfake, impersonations, further doxxing).
- Tea user's driver licenses as well as selfies, usernames, emails, posts about their dates will drastically increase the surface area for lawsuits, fraud and exploitation by malicious agents.
- The users of this site and those that have directly posted images, details have opened themselves up to significant legal and criminal liability. Given these apps were probably popular in large city centers like California, NY have heavy punishment for digital harassment and privacy violations on top of the damages that can be claimed against them by the men who's information and details were posted.
- Tea is largely insulated from what the users post which means that their biggest exposure might be just neglect and failure to secure data which comes with a slap on the wrist. Which will make it harder for Tea's userbase to claim large damages against it.
I read more details about this case and its beyond egregious. Unencrypted firebase and full public buckets. There is no hacking involved, the tokens were being used to pull data from roughly all 30,000 users of Tea and were only blocked short while ago.
Allegedly, 60GB of photos, user personal information, driver license, gps data being shared on torrent. A map of all 30,000 users tied to GPS data is being posted as well.
Given the extreme neglect to secure their data, I now believe Tea will be open to even bigger legal liability possibly criminal even.
Yeah, I wouldn't worry about the allegedly part, 4chan is dissecting that torrent as we speak, it's quite the party.
No comments yet
Let me share a message I got from a woman I met a couple years ago on a dating site: "Just a side note about the dating thing on here. I get very annoyed with how horribly men take care of themselves or even try to communicate. Most men today on these sites are repulsive. It was refreshing to see you smile, and look nice. Thank you for that."
So it's not a bunch of red-pill alpha guys. I'm an average guy with basic manners and a lack of creepiness. Heck I was near my all time high weight at the time. Every single woman on those things has at least one story about a guy she met that will make you cringe from his behavior. My fav was the guy who sent a woman flowers before even meeting her - at her workplace! Dude the cyberstalking you need to do to pull that off is CREEPY AF - not romantic.
If you want to be in that top 10 percent of men the bar is incredibly low.
In some cultures, mentioning dating apps will immediately lead to negative assumptions and connections are done through vetted networks and specific establishments where "hunting" activity is allowed, some with even more boundary pushing that would be impossible in Western culture.
magnet:?xt=urn:btih:3e5a8c55eb4720b4fbd1d0fb5c45adb0fad53569&dn=tea
Not a great look here.
However, Tea could have done a modicum of cybersecurity work (or hired an outside firm) to prevent this. If they are claiming to want to keep women safe (and not just running a gossip board) then this should be a red alert for them. No public acknowledgement is concerning...
I don't know how can anyone feel wrong about this without feeling even worse for what was already taking place.
I have no doubt in my mind that this is what they did. An "outside firm" vibe coded this and delivered the results.
Conceivably these storage endpoints might’ve never been directly exposed to mobile clients, instead going through other proxies or CDNs.
Ugh. I’m clearly getting old. I don’t even remember the last time I went to 4chan.
https://pastebin.com/CPBiqd1E
No comments yet
Let ladies have some of their own medicine.
Edit: Nevermind, looks like Tea has been around for quite some time already. But it kinda flew under the radar with a fairly small user base.
https://support.google.com/googleplay/android-developer/answ...
But yeah please tell me how "we care about your privacy"
I mean, it's fun to throw baseless accusations around, but do you have any actual reason to suspect this?
Two people, in public.
I just hope they can pursue legal action for this, whether it was a deliberate trap or not.
- The fact that this app exists solidifies the data that a small group of men/women do most of the dating on tinder etc while the vast majority land dates far less if none at all.
- This creates distorted market supply and demand where those small group of men/women become sought after and its only human nature in that they value their supply less than the rest.
- Toxic behavior is expected from that small group of highly attractive people that do all the dating.
- It was only a matter of time before such app would run into legal issues or attract angry individuals. Now the damage to the leaked identities will be prolonged. With the AI tech today, the extent to which a damage can be doned with the information from the leaks is unknown.
- As for the company behind Tea, they are done. They face a monumental class action lawsuit as well as ongoing individual civil/criminal cases that will arise from the leaked identities, in particular the photo of driver licenses as well as selfies, usernames, emails drastically increase the surface area for damages.
- The users of this site and those that have directly posted images, details have opened themselves up to significant liability from not only the men they have targeted but from law enforcement.
- We'll see some new laws being formed from this case. Once again, we see the hidden dangers of blindly trusting large popular platforms with sensitive data but the twist with Tea here is the defamation activity that opens up its users to both civil and criminal liability.
I don't follow.
> This creates distorted market supply and demand where those small group of men/women become sought after
Isn't that true in the real world as well? I'm not exactly a hunk; people weren't tripping over themselves to ask me out, whereas some of my friends and acquaintances did have to figuratively beat people off with a stick.
I suspect the folks complaining about "markets" in online dating are not the kind of people who can connect offline.
To be fair, I think online dating has gotten worse -- sites like OkCupid used to match you based on shared affinity... the issue there is you could be a very high match on shared values but not someone's "type" visually -- imagine being shown the girl of your dreams only to find out the feeling is not mutual :-)
Conversely, I feel like people sometimes forget that they opted into these interactions, it's not like someone strolled up in a bar and began talking at them.
Anyways... if you're frustrated with apps, I'd suggest doing just that. Talk to people.
I met my last girlfriend at a bus stop. Before that, on a porch -- I was walking by and struck up a convo.
If you can't connect with people organically, no amount of tech can save you.