Well im a man. And most men i interact with are casually misandrist, ableist and homophobic. I can't imagine they behave any better when they're trying to fuck you

Lots of misandrists in this thread framing security failures as sexism against men

Lots of misandrists in this thread framing security failures as sexism against men

No one is saying THAT'S misogynistic. We're saying there are a bunch of stupid misogynistic comments in this thread, not that the app is cool.

S2 Underground has a great video about this. It's basically a spy app with national security implications.

People using their military IDs for account verification and location data found in their pictures lays the argument that this data could be used for blackmail.

Considering even the mere accusation can ruin someone's life? Yes.

The problem isn't women don't deserve to be safe, the problem is we cannot just give people powerful weapons with no oversight or burden of proof to be deployed simply because a date didn't go well.

Facebook or App, the danger is too great

For what it is worth. I am a woman and I still think this app is wrong.

It can be both.

So many problems are caused because society assumes cisgender women are always victims and anything that looks like a man if you look at it long enough is an abuser.

SSL is not the tool you need in this case, although you should obviously already be running exclusively on encrypted traffic.

The problem here is one of access rights - you should not make files default-available for anyone that can figure out the file name to the particular file in the bucket. At the very least, you need to be using signed URLs with a reasonably short expiration, and default all other access to be blocked.

My hey we’re probably using Firestore as their database without authenticating their api calls to firebase functions. Basically leaving their api endpoints open to the public Internet.

They could have connected service account and used some kind of auth handshake between that and generate a temporary login token based on user credentials and the service account oauth credentials to access the api. but they probably just had everything set to unauthenticated

You could easily convince me that it was a brilliantly executed honeypot. It's just too damn poetic.

"It's a women's safety app" No it wasn't. This app was about women's safety as much as the recent payment processor porn game censorship bullshit was about child safety. This was about slandering men for fun because women love gossip. The app's name was "Tea."

Not a single woman who signed up for this app stopped to think, "Here's a brand new app, just came out, has no track record, no reputation. I don't know who runs this. I don't know how they secure their database. I know what they're asking, they want a picture of my government-issued ID. We've spent the last two decades reading news headlines of the pattern "tech company was hacked, 2.2 million users compromised including emails, home addresses and SSNs" on a weekly basis. There hasn't been a week gone by since Dubya was president that hasn't happened."

The women who uploaded pictures of their IDs to some app really had their own safety in mind. Turns out you can short circuit that whole process with hilarious ease if you say things like "women only" and "slander your exes."

I don't think I could have constructed a better example as to why all the recent "prove your identity" shit is comprehensively retarded.

It's just original Facebook but for women to rate and bully men instead of Mark and his scum bros using it to rate and bully women.

As I mentioned in other comments, I am a noob when it comes to web-sec; please forgive what may be dumb questions.

Is it really just permission rights "over-exposure" issue? Or does one need to also encrypt and then decrypt the data itself that must be sent to a database?

Also, if you have time, recommend any links to web/cloud/SaaS security best practices "for dummies"?

I'm a man too and I haven't interacted with someone like that since what, university? Maybe the problem is in who you choose to spend time with?

We didn't like it when Mark did it, why would we like it now?

I feel that the app filled a need of women we should not ignore. But the app, both this specific app and also the overall concept, is just too rife with downsides to be workable.

So we, as men and as society need to reevaluate why women feel the need for such an app, and reinvest in the criminal justice system to hold victimizers more accountable.

It’s okay to call this app and similar Facebook groups unacceptable. But that’s not enough, we must also call for stronger protections for victims of criminal behavior.

I have the solution. Nobody's gonna like it, everybody here is gonna scream at me about it, but I have the solution.

Stop dating strangers on the internet.

The entire personals site/dating app experiment we've been running for the last quarter century is obviously a categorical failure. Humans just don't work like this.

Things have gotten so much worse since I was in high school. When I was in high school, the community of girls available to me to ask out were pretty much all girls I'd known since we were 5. A lot of them, I didn't have to wonder about their character, their intentions, their capacity to do harm, I was there when all that was written. I remember how much of a bully Chelsea was in middle school, I remember how nice Ashley was to everyone, I remember how Justine seemed weirdly infatuated with me in the 4th grade. They'd all remember stuff about me and the other boys. We graduated high school, I never saw 80% of them ever again, and within 5 years that figure climbed to at least 95%. Four years of college with mostly abject strangers who you're weirdly fast to form and break deceptively deep bonds with, all of whom I've also lost track of, and then the adult world in which everyone including you is an NPC.

I happen to be the exact age where, I got out of college in 2007, I disappeared into work, like I went to the airport and I went home for two years. In 2009, I looked back up and everything had CHANGED. Instant messaging was on smart phones now, and you WERE NOT TO approach women in person, only through phone-based dating apps and you had BETTER FUCKING NOT already be acquainted.

Don't talk to women at the grocery store. Don't talk to women at the gym. Don't talk to women at the library. Don't talk to women at your work. Don't talk to women at their work. Don't talk to women at the coffee shop. Don't talk to women at the bar. Don't talk to women at the club. Don't talk to women. No woman, only app.

How do you meet more women? Oh that's categorically the wrong question because having the goal of meeting women in the first place is creepy. Stop wanting to meet women and instead organically decide you want to do things that women happen to like, and then accidentally meet women in the course of doing those things. You know, at those meetups that are always happening on a recurring basis, that aren't advertised to happen at a place and time and then no one shows up and the listing is never re-posted. Probably just install more apps.

It's been women driving this, men vastly prefer asking women out from within their social circle. The pressure to make the first move is still on men, and he'd rather ask out women he already thinks he might like. Women on the other hand vastly prefer to be cold approached by a charming stranger.

I think it's gone far enough when we've got women saying dumb shit like "Systematically doxxing and libeling men is a risk we're just going to have to take."

Well, we know what to bait a honeypot with. "Gossip about/slander men right here! To prove you're a woman, insert your photo ID, bank details, credit card information, finger prints and retinal scans."

It would be interesting to see something similar that required accusations to be backed up with evidence. Police reports, court proceedings and results, news articles etc.

It would also be a lot safer, legally speaking, for the service provider.

I think of the "bad" dates I would want to be able to warn other women of that didn't rise to the level of calling the cops. The guy who ordered triple the food and drinks I did and skipped out on the bill. The guy who flat out lied about multiple things and then got irate when I politely excused myself from the date. The MAGA weirdo who went on an unhinged rant about how I needed to submit to him because God said so. I imagine some men have comparable experiences with some anti-social women. The experiences coming to mind were not illegal, but were absolutely things I want to spare my fellow humans from.

I would prefer the dating apps themselves have some mechanism for disincentivizing anti-social behaviors. It would have to be more than a simple 5-star rating.

I wonder how it would work IRL to offer the ability to write a few sentences in response to prompts about a date. The written review is not published as-is, but is used in grouping of many reviews to give a summary about a person. Like the summary product reviews on Amazon now. "Bill's dates found he was prompt and polite. Some dates expressed discomfort at some of his political views" and "Bob's dates warn he is often late and is quick to use foul language to describe women. Multiple dates report no intention to communicate with Bob further". "Ben's dates report he has skipped out on the bill repeatedly, and sends unsolicited dick pics. Multiple dates have blocked him".

The group summary gives a buffer so the person reviewed doesn't know which specific date said what. And ensures the summary doesn't include negative comments about a person unless multiple dates of theirs independently report similar experiences.

Of course a bad actor could ditch their dating profile and start fresh any time they build up enough negative reviews to make their summary look bad. And of course the reviews and the summaries would have to be secured tighter than "Tea" is.