Women’s ‘red flag’ app Tea is a privacy nightmare
Technology
127
Beiträge
61
Kommentatoren
1.5k
Aufrufe
-
I'm certainly no web security expert, but shouldn't Tea's junior network/backend/security developers, let alone seniors, know how to secure said Firebase or S3 buckets with STARTTLS or SSL certificates? Shouldn't a company like this have some sort of compliance department?
I am not sure, but I read somewhere that the developer(s) used vibe coding to create the app so...
-
These alleged high standards women hold are largely imaginary. It's only kind of like that on dating apps, and that's because they're 80% male, so women HAVE to be picky.
I agree. High standards and common ideas of "right" are generally present among people insecure and easily gaslighted.
Such as those that would use this app. Point?
-
Honestly it seems like a weapon that can too easily be used for defamation
How dare you!
The misogyny! -
Wow just two days ago I see a post about how Lemmy is dominated by men and how that could become a problem, and today I see a comment section where all the incels come out of the woodwork.
"waaa somebody wants to solve a problem that has never affected me I'm the victim"
"omg what if people talk behind my back they might find out I'm an asshole? literally 1984"
"wadabout if this app was racist?!? checkmate"
I'm not saying this app is good or bad (I can definitely see the problems) but if an article about cybersecurity gets posted and this is our first reaction, makes me lose hope in Lemmy.
Edit: Responses have made very good points and I think I was off, thanks guys. I still think some of the early comments I encountered were rather reactionary
“waaa somebody wants to solve a problem that has never affected me I’m the victim”
Everyone has the problem that they'd want to discuss others behind their back. It's not accepted because it doesn't work to any good end.
“omg what if people talk behind my back they might find out I’m an asshole? literally 1984”
You won't find out anything from this. People sometimes lie, especially in such situations.
but if an article about cybersecurity gets posted and this is our first reaction, makes me lose hope in Lemmy.
Human adequacy is a big part of cybersecurity.
-
it seems its an app that helps women flag potential dating candidates as being dangerous or red flags.
there is the potential for doxxing that comes with that, but I can absolutely understand its use and need when not abused in that manner.
i wonder if there's the potential for a different app with more encryption and a way to prevent doxxing and abuse.
i wonder if there’s the potential for a different app with more encryption and a way to prevent doxxing and abuse.
Encryption, sure.
Preventing doxxing? I highly doubt it. But hey, it's women doing it so it's ok and anyone who criticizes that is an incel. -
Wow just two days ago I see a post about how Lemmy is dominated by men and how that could become a problem, and today I see a comment section where all the incels come out of the woodwork.
"waaa somebody wants to solve a problem that has never affected me I'm the victim"
"omg what if people talk behind my back they might find out I'm an asshole? literally 1984"
"wadabout if this app was racist?!? checkmate"
I'm not saying this app is good or bad (I can definitely see the problems) but if an article about cybersecurity gets posted and this is our first reaction, makes me lose hope in Lemmy.
Edit: Responses have made very good points and I think I was off, thanks guys. I still think some of the early comments I encountered were rather reactionary
i mean...an app directly copying a black mirror episode (but almost exclusively targeting a specific demographic) does ring some very, VERY loud alarm bells...
like, this is literally the plot of nosedive.
it's a social credit system.
and none of the people even know they HAVE a score, so it's somehow even worse than the fictional scenario.
this will, absolutely, hurt innocents and it will do so by design.
"fuck them innocents!"...just because they happen to be men?
how is that anything other than misandrist?
how is that defensible?
how is doxxing, mass libel, and targeted harassment a solution to sexism and rape culture?
I'd be really interested in hearing anything about how this is supposed to help women, because i struggle to see how sowing massive, unearned distrust between men and women is going to make anyone any safer...
I'm really, REALLY glad that the GDPR would nuke this sort of nonsense from orbit...uploading pictures of strangers, for the explicit purpose of gossiping about them behind their backs, spreading awful rumors?
what. the. actual. fuck. is wrong with you people?
and i don't mean women, or men: i mean americans and their total disregard for privacy and digital safety. what the hell...
-
There's definitely a use case, but there's an inherent power imbalance to these products that makes sure they will always be misused. The submitters are anonymous, and it's up to the person being reported on to prove the accusations are false.
Or, they're supposed to be anonymous.
it’s up to the person being reported on to prove the accusations are false.
The person doesn't even know they're mentioned in the app.
-
Wow just two days ago I see a post about how Lemmy is dominated by men and how that could become a problem, and today I see a comment section where all the incels come out of the woodwork.
"waaa somebody wants to solve a problem that has never affected me I'm the victim"
"omg what if people talk behind my back they might find out I'm an asshole? literally 1984"
"wadabout if this app was racist?!? checkmate"
I'm not saying this app is good or bad (I can definitely see the problems) but if an article about cybersecurity gets posted and this is our first reaction, makes me lose hope in Lemmy.
Edit: Responses have made very good points and I think I was off, thanks guys. I still think some of the early comments I encountered were rather reactionary
You make a valid point, this platform absolutely shits on anyone without technical knowledge, just look at the hundred or so smug replies telling you what flavor of Linux they run if you mention a problem with Windows. So, no surprise everyone is focusing on that, and not the human aspect here.
Having said that, there is a power imbalance to this that I really don't like, the accuser gets to hide behind a veil of anonymity, and the accused has their name published, and is forced to defend themselves.
-
it’s up to the person being reported on to prove the accusations are false.
The person doesn't even know they're mentioned in the app.
Which is even worse, because unless someone tells them, they're blissfully unaware.
With most forms of Libel, at least the victim will see it in a timely manner.
-
You make a valid point, this platform absolutely shits on anyone without technical knowledge, just look at the hundred or so smug replies telling you what flavor of Linux they run if you mention a problem with Windows. So, no surprise everyone is focusing on that, and not the human aspect here.
Having said that, there is a power imbalance to this that I really don't like, the accuser gets to hide behind a veil of anonymity, and the accused has their name published, and is forced to defend themselves.
So, no surprise everyone is focusing on that, and not the human aspect here.
This is a technology community and the article is specifically about a security breach that exposed massive amounts of sensitive user data.
-
Change the target to any other group and the outrage would be 100-10000 fold bigger.
Try it out, instead of Women rating men, try subbing in various minority groups or races.
Bonus points for the most offensive combinations.....
e.g. Russians rating Ukrainians in your area....it can get pretty bad...I can think of many worse combos.
I'm sorry but I'll just say it out right: new feminists are the absolute worst
Don't get me wrong, I'm all for equality where possible. Where isn't equality possible? Well I'd like to conceive a child, but the plumbing isn't exactly useful for that. That sort of thing. Beyond that, were all the same, and IDGAF about your skin color, sexual preferences or whatever. I live by live and Let live, don't be an asshole, it's not that hard to be respectful
New feminists though are the ones coming up with ideas like this website. On the surface, anyone could say that it's not a bad thing to have a place for women to talk about how to protect themselves. In reality though, it's a place where men, innocent or not, get doxxed and made to be rapists.
There are some subs here on Lemmy as well that were very sad to see this shitshow of a website go, lamenting the fact that now they need a different place to dex people. Try not to tell them that doxxing is bad, it gets you banned.
-
This post did not contain any content.
Lots of men in this thread real upset about this app pointing out how the majority men are shit
-
Lots of men in this thread real upset about this app pointing out how the majority men are shit
Defaming people without giving them a chance to defend themselves, talk about shit people...
-
i wonder if there’s the potential for a different app with more encryption and a way to prevent doxxing and abuse.
Encryption, sure.
Preventing doxxing? I highly doubt it. But hey, it's women doing it so it's ok and anyone who criticizes that is an incel.wha? i didn't say anything about incels. or that doxxing is ok.
-
Hey Nima, I heard you like have to sex with dogs.
Good luck proving you dont.
uh hello! ok? not sure what your fetishes have to do with the conversation that was taking place. maybe you're from the UK and you're missing porn?
But I wish you the best of luck in your search for whatever porn you like.
-
I'm certainly no web security expert, but shouldn't Tea's junior network/backend/security developers, let alone seniors, know how to secure said Firebase or S3 buckets with STARTTLS or SSL certificates? Shouldn't a company like this have some sort of compliance department?
It's a little more complex than that. If you want the app on the user device to be able to dump data directly into your online database, you have to give it access in some way. Encrypting the transmission doesn't do much if every app installation contains access credentials that can be extracted or sniffed.
Obviously there are ways around this too, but it's not just "use TLS".
-
Honestly it seems like a weapon that can too easily be used for defamation
I mean, yes, but does that take priority over women who are worried about their safety? There's been women doing this over local Facebook groups for a long time. Defamation of this sort is not a new issue.
-
It's a little more complex than that. If you want the app on the user device to be able to dump data directly into your online database, you have to give it access in some way. Encrypting the transmission doesn't do much if every app installation contains access credentials that can be extracted or sniffed.
Obviously there are ways around this too, but it's not just "use TLS".
Encrypting the transmission doesn't do much if every app installation contains access credentials that can be extracted or sniffed.
Encrypt the credentials then? Or OAUTH pipeline, perhaps? Automated temporary private key generation for each upload (that sounds unrealistic, to be fair)? Can credentialing be used for intermediary storage that encrypts the data on that server and then decrypted on the database host?
Clearly my utter "noobishness" is showing, but at least it's triggering a slight urge to casually peruse modern WebSec production workflows. I am a DNN researcher. Thus, I am far removed from customer-facing production environments, and it shows.
Any recommendations on literature or articles on how engineers solve these problems in a "best practices" way that you can recommend? I suppose I could just look it up, but I thought I'd ask.
Edit: I don't know why I'm down-voted. My questions were sincere.
-
Lots of men in this thread real upset about this app pointing out how the majority men are shit
It's an antisocial surveillance system for antisocial people, and creates a(n even more) antagonistic relationship between men and women.
Dating apps have been a disaster for dating, and this is perhaps the worst among them.
-
It's a little more complex than that. If you want the app on the user device to be able to dump data directly into your online database, you have to give it access in some way. Encrypting the transmission doesn't do much if every app installation contains access credentials that can be extracted or sniffed.
Obviously there are ways around this too, but it's not just "use TLS".
Wouldn't some sort of proxy in between the bucket and the client app solve this problem? I feel like you could even set up an endpoint on your backend that manages the upload. In other words, why is it necessary for the client app to connect directly with the bucket?
Maybe I'm not understanding the gist of the problem
