if that’s truly how the leak happened then these people, in any reasonable jurisdiction, would be considered criminally negligent, at the least.
yay compsci ethics courses :D
boo courts failing to uphold the law >:(
Comment on Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan
sp3ctr4l@lemmy.dbzer0.com 8 months ago
Wow that was fast.
I did not even know this app existed untill about 8 hours ago.
Already comprimised.
jwmgregory@lemmy.dbzer0.com 8 months ago
sp3ctr4l@lemmy.dbzer0.com 8 months ago
Hooray two tiered legal system, huzzah!
/s/s/s
JackbyDev@programming.dev 8 months ago
While I agree in principle, I think we should still call it a hack. As in “to gain illegal access to (a computer network, system, etc.)” as Merriam-Webster puts it. It shouldn’t be legal to do do this just because the website had horrible (non-existent) security. You shouldn’t be allowed to rob a house just because the door wasn’t locked.
db2@lemmy.world 8 months ago
This is more like the door was left open and the lights were on, and you took pictures of the artwork on the entryway walls and then left.
JackbyDev@programming.dev 8 months ago
Except it wasn’t artwork, it was driver’s licenses. You know, things you obviously shouldn’t have access to.
DreamlandLividity@lemmy.world 8 months ago
At which step should it turn illegal? You accessing publicly available website? If I put PII on my website and send you a link, should you go to jail for opening the link? Or how do you make the distinction, when there is literally no security and its made publicly available?
JackbyDev@programming.dev 8 months ago
The thing is we don’t need to come up with some absolute definition of what should and shouldn’t be illegal to talk about this case specifically. They didn’t accidentally stumble on this. They doxxed the users instead of responsibly disclosing the problem. This is extremely cut and dry.
If the story here was “I mistyped something and got to a page I shouldn’t have access to, I disclosed it to the company, didn’t dox anyone by sharing the problem, and now the FBI is after me” it would be different.
DreamlandLividity@lemmy.world 8 months ago
They were looking through publicly accessible buckets on firebase. They literally did stumble upon this by accident while going through public data. Should they have disclosed it once they realized what it was instead of spreading it? Sure, morally speaking. But I don’t see how you could write a law to make this illegal without just trampling on free speech.