Comment

Comment on Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan

DreamlandLividity@lemmy.world ⁨1⁩ ⁨week⁩ ago

At which step should it turn illegal? You accessing publicly available website? If I put PII on my website and send you a link, should you go to jail for opening the link? Or how do you make the distinction, when there is literally no security and its made publicly available?

source

Sort:hotnew top

JackbyDev@programming.dev ⁨1⁩ ⁨week⁩ ago
The thing is we don’t need to come up with some absolute definition of what should and shouldn’t be illegal to talk about this case specifically. They didn’t accidentally stumble on this. They doxxed the users instead of responsibly disclosing the problem. This is extremely cut and dry.

If the story here was “I mistyped something and got to a page I shouldn’t have access to, I disclosed it to the company, didn’t dox anyone by sharing the problem, and now the FBI is after me” it would be different.

source
- DreamlandLividity@lemmy.world ⁨1⁩ ⁨week⁩ ago
  They were looking through publicly accessible buckets on firebase. They literally did stumble upon this by accident while going through public data. Should they have disclosed it once they realized what it was instead of spreading it? Sure, morally speaking. But I don’t see how you could write a law to make this illegal without just trampling on free speech.
  
  source
  - JackbyDev@programming.dev ⁨1⁩ ⁨week⁩ ago
    
    And then just told other people about what they found.
    
    That’s a weird way to say they doxxed people instead of ethically disclosing what they found. Hiding that detail is why I have a problem with defending this.
    
    If someone steals something they didn’t know belonged to someone (say through an unlocked door), should we prosecute them? I don’t know. What did they do next after they found out they shouldn’t be there? Did they give it back and tell the building owners “hey, you have an unlocked door” or did they yell to the street “hey everyone, come get free stuff!” How did they behave once they knew they did something wrong.
    
    source
    DreamlandLividity@lemmy.world ⁨1⁩ ⁨week⁩ ago
    From what I have seen, they initial guys shared a link to the database, not any content. The equivalent of telling people: “Look at this unlocked door I found.” They did not “steal” anything as far as I know.
    
    Also, the analogy doesn’t work either. What if it really was intended to be public? Making a copy is not analogous to stealing something, it’s analogous to taking a picture.
    
    source
    -> View More Comments