Women’s ‘red flag’ app Tea is a privacy nightmare
Technology
127
Beiträge
61
Kommentatoren
1.5k
Aufrufe
-
Wouldn't some sort of proxy in between the bucket and the client app solve this problem? I feel like you could even set up an endpoint on your backend that manages the upload. In other words, why is it necessary for the client app to connect directly with the bucket?
Maybe I'm not understanding the gist of the problem
Exactly, it's not necessary. It's bad / lazy design. You don't expose the DB storage directly, you expose a frontend that handles all the authentication and validation stuff before accessing the DB on the backend. That's normal Client-Server-Database architecture.
-
On one hand, yes. On the other, women have, based upon crime statistics, legitimate reasons to avoid putting themselves in a situation where they may be assaulted or murdered for reporting problematic and/or worrisome behavior.
I don't think creating an incel style circlejerk is the best solution.
-
Good lord, please tell me you did not just use ted bundy to describe what you think women like in men?
also did you just lore dump to a complete stranger? we're having a casual conversation.
i never said anything as insane as "Systematically doxxing and libeling men is a risk we're just going to have to take". i said doxxing should be avoided, if you'd read any of my comments.
who is this long winded comment for, exactly?
please tell me you did not just use ted bundy to describe what you think women like in men?
I did, because he was. Two different ways.
-
Bundy's modus operandi was to approach women in public as a handsome, charming stranger. I'm pretty sure women like handsome, charming strangers; the entire female dating strategy seems to be geared toward attracting handsome, charming strangers. Ted Bundy was able to attract dozens of victims like that. There's an inherent danger in attracting strangers, because sometimes strangers are psychopaths.
-
Ted Bundy got a LOT of fan mail from women while he was in prison. Love letters, marriage proposals, nude photos. A shocking number of women saw his picture on the news alongside words like "murder trial" and "death sentence" and said "That's the man for me." He pulled some weird stunt to "get married" and he fathered a child from prison. This isn't unique to Ted Bundy, lots of mass murderers and serial killers have groupies, from Charles Manson to Dylan Klebold.
i said doxxing should be avoided, if you’d read any of my comments.
You came across as pretty lukewarm to me. "Yeah doxxing is a problem I guess." You can't have a Don't Date Him Girl website without doxxing. Doxxing is how they work.
-
-
This post did not contain any content.
A more ironic outcome couldn't have happened
-
A lot of people have speculated that.
According to their statement their code was written in Feb/2024 and predates "vibe coding"
What intrigue me is this:
I'm confident vibe coding was not to blame in this particular case,
So they used vibe coding, they are only saying that they think/hope that it is not the cause of the break (and maybe also of the second one)
And if vvibe coding is not caused then they are even more incompetent.
-
I don't think creating an incel style circlejerk is the best solution.
I agree. Some sort of solution is necessary but this probably isn't it.
-
please tell me you did not just use ted bundy to describe what you think women like in men?
I did, because he was. Two different ways.
-
Bundy's modus operandi was to approach women in public as a handsome, charming stranger. I'm pretty sure women like handsome, charming strangers; the entire female dating strategy seems to be geared toward attracting handsome, charming strangers. Ted Bundy was able to attract dozens of victims like that. There's an inherent danger in attracting strangers, because sometimes strangers are psychopaths.
-
Ted Bundy got a LOT of fan mail from women while he was in prison. Love letters, marriage proposals, nude photos. A shocking number of women saw his picture on the news alongside words like "murder trial" and "death sentence" and said "That's the man for me." He pulled some weird stunt to "get married" and he fathered a child from prison. This isn't unique to Ted Bundy, lots of mass murderers and serial killers have groupies, from Charles Manson to Dylan Klebold.
i said doxxing should be avoided, if you’d read any of my comments.
You came across as pretty lukewarm to me. "Yeah doxxing is a problem I guess." You can't have a Don't Date Him Girl website without doxxing. Doxxing is how they work.
skipped everything about ted bundy cause wtf you're obsessed, man. maybe join a bundy dating app?
also let me make it clear since you missed it last time (even though you quoted it). I think doxxing is bad and should be avoided. fuck's sake man. i am a commenter, not a politician. i read this stuff over breakfast. take it easy ffs.
not everything has to be a huge debate.
-
-
I feel that the app filled a need of women we should not ignore. But the app, both this specific app and also the overall concept, is just too rife with downsides to be workable.
So we, as men and as society need to reevaluate why women feel the need for such an app, and reinvest in the criminal justice system to hold victimizers more accountable.
It’s okay to call this app and similar Facebook groups unacceptable. But that’s not enough, we must also call for stronger protections for victims of criminal behavior.
I think there must be a way to deliver on the value of the app without it being the privacy/public exposure nightmare it sounds like. Speaking naively, perhaps a setup where you can only speak about a person with those who have actually matched with them.
-
Yup. It sounds like they were following security worst practices.
I get doing that in Dev for testing before launch, but in production? that’s insane.
Like it has to either be a junior developer playing the role of lead or some serious lack of web dev fundamentals haha
-
I think there must be a way to deliver on the value of the app without it being the privacy/public exposure nightmare it sounds like. Speaking naively, perhaps a setup where you can only speak about a person with those who have actually matched with them.
There’s no “matching” on this app, because men aren’t allowed. By its very design, you can’t avoid the unilateral one-sidedness.
-
There’s no “matching” on this app, because men aren’t allowed. By its very design, you can’t avoid the unilateral one-sidedness.
Sorry, I do understand that, I was just thinking of an improvement that might help. I thought having the same phone number might work too but that gets dodgier.
-
This post did not contain any content.
How many red flags do you need to collect before you get a free cat?
-
Why did the app had the government IDs and credit card data to begin with? The app looks like an obvious phishing scam/ Honeypot situation.
that's a great(terrible) idea for a sex trafficking psyop. just get yourself a female spokesperson and make it a platform that gives a voice to women who have survived abuse. they'll willingly give you all their information on where to find them and their psych profiles on how to manipulate them.
fucked up, but really shows how fucked up apps are in general and how much power we give to them over ourselves.
-
It was potentially defamation when it was just women...talking to one another, too. This seems like a pretty solid case of men looking at something women do to protect each other, and saying "...but what about the men who could be negatively affected in some cases?" I also think the tone in which this is being discussed is pretty revealing about Lemmy's demographics.
the app is called TEA - it is a gossip vector masquerading as a safety mechanism, and people are making all sorts of claims about innocent people they had a bad date about, including their full name, location, workplace, pictures of their face - and accusing them baselessly in some (or most) instances of violent crimes.
If you can't see how not only that wouldnt make women safer, but instead is a black mirror episode - there's something wrong.
People against this app aren't against women's safety, and they dont necessarily believe our current systems and protection are adequate - but getting lynched by half a city because of a jaded ex is not a solution and is a crime of its own.
I mean half the posts on similar Facebook groups complain about the men being "narcissists" yeah its a shitty personality trait but thats clearly not a fucking safety issue, its about gossiping and doxxing people.
-
This post did not contain any content.
Sounds MAGA level IT and dev.
-
I get doing that in Dev for testing before launch, but in production? that’s insane.
Like it has to either be a junior developer playing the role of lead or some serious lack of web dev fundamentals haha
I'd argue that it should not even be done in Dev. Dev, staging/testing, and prod environments should all be as close to one another as possible, especially for infra like datastores.
-
As I mentioned in other comments, I am a noob when it comes to web-sec; please forgive what may be dumb questions.
Is it really just permission rights "over-exposure" issue? Or does one need to also encrypt and then decrypt the data itself that must be sent to a database?
Also, if you have time, recommend any links to web/cloud/SaaS security best practices "for dummies"?
As I mentioned in other comments, I am a noob when it comes to web-sec; please forgive what may be dumb questions.
There's nothing to forgive. Asking questions and being curious is how you learn this stuff.
Is it really just permission rights "over-exposure" issue?
From what I've read, it's more fundamental than that. It's a basic architecture issue. The datastore was publicly accessible, which it should never be. If they had it setup according to best practices, with an API to proxy access and auth, the datastore's permissions would be of minimal consequence, unless their network was compromised (still best practice to secure it and approach with a zero-trust mindset).
Or does one need to also encrypt and then decrypt the data itself that must be sent to a database?
Generally, cloud datastores handle encryption/decryption transparently, as long as the account accessing data has authorization to use the key. They probably also didn't have encryption setup.
Also, if you have time, recommend any links to web/cloud/SaaS security best practices "for dummies"?
Here are some more resources:
-
Well im a man. And most men i interact with are casually misandrist, ableist and homophobic. I can't imagine they behave any better when they're trying to fuck you
So confirmation bias. Gotcha. That's generally not a great way to make sweeping generalizations about 50% of the population.
You ever hear that adage about smelling shit wherever you go, maybe check your shoes?
