Remember the UK new safety law.
4channer try not be bigoted for 1 nanosecond challenge (IMPOSSIBLE) (GONE SEXUAL)
"Tea cup" app - user database leaked today (incl. drivers license & IDs). Daily reminder not to give your ID to online services [THEY DO NOT PROTECT YOUR INFORMATION]
Submitted 1 day ago by themachinestops@lemmy.dbzer0.com to technology@lemmy.world
https://lemmy.dbzer0.com/pictrs/image/82b85434-7879-471f-b645-e6a7281e3baf.webp
Comments
RobotZap10000@feddit.nl 1 day ago
skisnow@lemmy.ca 23 hours ago
Yeah there was absolutely no need to include unfounded racist shit about “DEI hires” but it seems to be some sort of rule in 4chan that you have to be a bigoted fucknut in order to post
traches@sh.itjust.works 1 day ago
Damn, if they had PII in a public bucket like that it’s criminally negligent. Well, at least it should be but I’m no lawyer
zwerg@feddit.org 1 day ago
It’s at least a hefty fine in the EU - enough to kill a business.
ohulancutash@feddit.uk 1 day ago
The higher of €20m or 4% of global annual turnover.
scytale@piefed.zip 1 day ago
Ah publicly exposed bucket. Tale as old as time.
orclev@lemmy.world 1 day ago
Uh… What’s the tea app?
Melvin_Ferd@lemmy.world 1 day ago
“talk”
They try to get a pass on this by saying it’s about “safety” and reporting creeps. But it’s filled with women posting dudes and gossip. It gives me the same vibes as those sites back in the day that were shut down because they were essentially Tennent revenge porn sites. Same shit different form.
valtia@lemmy.world 19 hours ago
Yes, trying to warn other women about a man you dated who abused you or gave off weird vibes is definitely the same as getting your nudes or porn video of yourself leaked against your will onto the public internet for everyone to see
lolola@lemmy.blahaj.zone 1 day ago
Found this article after a quick web search: forbes.com/…/what-is-tea-the-viral-women-only-app…
It’s an app where women upload photos of men they’re dating to get “the tea” on them (red flags, catfishing, etc.). I always wondered if something like this existed. Sucks that it has to, sucks even more if their users are being targeted like this.
Sprocketfree@sh.itjust.works 1 day ago
Talk about adding to the toxic nature of the world. Anyone thinking we should have a digital record of social reputation isn’t thinking it through.
echodot@feddit.uk 21 hours ago
The reason that up until now an app like that hasn’t existed is because it is an absolutely awful idea if you spend more than 10 seconds thinking about it.
It’s ripe for abuse in fact I would be surprised if even half of the reports are legitimate. Isn’t absolutely god awful system and whoever thought this up is an absolute prat, who seriously needs to get outside and actually experience real life and real people.
TassieTosser@aussie.zone 18 hours ago
The original incarnation on Facebook got sued for posting libel and shut down. There’s no judge of truth on these apps it’s all she said and no he said.
damnedfurry@lemmy.world 1 day ago
Sucks that it has to
It doesn’t have to.
Armand1@lemmy.world 1 day ago
The drivers license thing is likely due to a law passed by the UK a few days ago requires all mature content to be behind an age check. And not a “Are you 18: Yes / No”, more like “we will check using ID and photos of you”.
It’s the most hated piece of legislation in a while, with already 100 000 petition votes in 3 days to repeal it.
ipkpjersi@lemmy.ml 2 hours ago
Almost 250k petition votes now, 150k more votes in the past day alone.
rmuk@feddit.uk 1 day ago
None of the driver licenses shown in the screenshot are UK style.
echodot@feddit.uk 21 hours ago
Oh yes the famous state of Colorado UK.
UK driving licences do not look like that, they don’t have US states on them (major clue), at green, and if the person in the photo actually looks like a living human and not corpse, it gets sent back as unacceptable.
Godric@lemmy.world 21 hours ago
Oh, so they started requiring that in the last couple days?
valtia@lemmy.world 19 hours ago
The app ostensibly required ID uploads to verify that you were a woman signing up, men were not allowed to join for obvious reasons
communism@lemmy.ml 13 hours ago
Aside from the fact that it was stored in a public database, there’s no need to store photos of the IDs at all. The account can just be marked as verified and move on.
Also I doubt that measure would keep a man out if he really wanted to join…
hiramfromthechi@lemmy.world 22 hours ago
Gives me no pleasure to add it to idcaboutprivacy
Free and open source—feel free to contribute.
Allero@lemmy.today 19 hours ago
Nice site you got there! Made from scratch or using some service/app?
hiramfromthechi@lemmy.world 11 hours ago
Thanks. Built from scratch.
refract@lemmy.dbzer0.com 10 hours ago
I understand the reasoning for the public intent of the app and would generally support it within reason cause society right now amirite… but its not so subtle real world application has now leaked a DB of catty women for whom the majority ALSO show massive red flags. This isn’t a sexist men vs women critique, if there was an app for men to rate women and dox them I’d feel the same way. Love it when shitty people bamboozle themselves.
ipkpjersi@lemmy.ml 2 hours ago
I mean it’s even in the app name that it’s not about protecting women and keeping them safe, it’s literally about “spilling the tea” aka gossip. It’s pretty gross and can be used for nonconsenual sharing of images and even slander too since there’s no way to know if what someone is writing on there about someone is true or not.
kibiz0r@midwest.social 1 day ago
So like, when do we get a government-run service to issue zero-knowledge proofs about us so companies have no reason to store stuff like this in the first place?
Godric@lemmy.world 21 hours ago
Oh aye, I am the #1 government truster, they should “not record” where I visit and should be trusted to ignore my internet history
Appoxo@lemmy.dbzer0.com 20 hours ago
If I had to choose between a government and a private entity to store my personal governmental records (e.g. age and name), I’d 100% choose the government first.
kibiz0r@midwest.social 15 hours ago
They wouldn’t see what sites you give the tokens to — unless those sites choose to phone home, for some reason.
- You log in to the government site
- You ask for a token to prove your age/gender/whatever
- You copy the token
- You go to the age/gender-restricted site
- You provide the token
- The restricted site asks the government site how to verify any arbitrary token (but doesn’t mention your specific token)
- The restricted site verifies the token
fluffykittycat@slrpnk.net 1 day ago
It either doesn’t work or means that they have your ID info anyways. There’s no 3rd option
offspec@lemmy.world 23 hours ago
??? This is just textbook sso/openid but backed by the government. There’s nothing intrinsically insecure about having third parties send you directly to a trusted government site for authorization.
iglou@programming.dev 16 hours ago
The only entity able to connect you in this case is the identity verification third party. The premise is that a government-backed identification system is more secure than a rando private company.
Private company asks government “hey is this user real and unique”, government replies “yes”. Private webiste does not need to know your ID. No identifying element needs to be transmitted by the government.
Of course some private companies will need more, and in that case the user, you, can grant them access to data, much like the current authentication systems using Google accounts & co.
In which case the flow would be:
- Rando insecure company asks government "is this user real and unique? I need their name"
- Government website asks you "this rando company wants to know your name"
- You accept
- Goverbment replies to rando insecure conpany “yes, user real, name is X”
That’s how it should be.
subarctictundra@lemmy.world 2 hours ago
What use is American personal info to a German anon?
HexesofVexes@lemmy.world 17 hours ago
I can’t wait till I read a similar article about porn sites; especially one where the doxxed individuals are politicians.
Invertedouroboros@lemmy.world 4 hours ago
I mean, we kinda already ended up there with the Ashley Madison hack in 2015. Problems with that site aside, I feel like it’s kinda the blueprint for everything wrong with companies that retain personally identifable info on folks. If a company collects details like your driver’s license, it’s not a question of if it gets out but when. There’s just no way to collect that sort of data and truly keep it safe.
But, it seems like we’ve kinda forgotten how to learn lessons in the modern day, so I’m sure this was an isolated issue and we’ll never see it’s like again.
(/s on that last part, just in case that wasn’t blindingly obvious.)
ada@piefed.blahaj.zone 1 day ago
Someone spilt the tea...
Vinstaal0@feddit.nl 18 hours ago
Friendly reminder that some services do need your ID otherwise they cannot help you or at least they need to very you (accountants, notaries, etc)
Zomg@piefed.world 14 hours ago
Iirc, it's so that only women can join the app.
DrSteveBrule@mander.xyz 14 hours ago
Which is not a good reason to upload photos of drivers licenses.
gigachad@sh.itjust.works 17 hours ago
also fucking AirBnB
iAvicenna@lemmy.world 14 hours ago
Horrible practices by this app yes still can’t help but feel anon seems to think he is a hacker for writing a python script to scrape a public database. Also scold app devs for not dealing with sensitive information carefully, release them in the most vile online platform possible so you can boast about your average python scripting skills?
Knoxvomica@lemmy.ca 14 hours ago
This is a super weird point to focus on from that whoooole situation.
iAvicenna@lemmy.world 13 hours ago
Not to me, yes the app sucks, yes the use case of the app also sucks, yes devs are either super green or even mostly AI (these have been discussed extensively and I agree with all).
But can’t commend public release of such sensitive data in such a place. You can still bury this app and the company without compromising people’s sensitive data. Makes for less of a show and less opportunity to boast but yea.
Taldan@lemmy.world 13 hours ago
That’s exactly what hacking is.
'90s hacking movies may have given you a different idea of what cybersecurity looks like, but this is what the real world is like
Also, Google deserves a scolding here. Firebase’s default configuration is absolutely atrocious. One of the few critical vulnerabilities I’ve seen where the system is working as intended. Dubbed the hospital gown vuknerability because they leave the backend wide open by default
surewhynotlem@lemmy.world 12 hours ago
Firebase’s default configuration
I’m going to get on my grumpy old man soapbox. I understand making things idiot proof for end users. End users are idiots. But do we have to make things super safe for developers now too? Do we want to add a warning to rm so we don’t accidentally remove the wrong directory?
Any developer who doesn’t know to check permissions and accessibility on their database deserves to have their AI vibe coding bot taken away.
iAvicenna@lemmy.world 13 hours ago
I mean this is just writing a script to access a public database, this is not even exploiting a code vulnerability. So there is an area between digital numberfalls on the screen and accessing a public database which I would consider more of hacking.
mrgoosmoos@lemmy.ca 1 day ago
well isn’t that just ironic
Arkhive@piefed.blahaj.zone 1 day ago
Woah, I just got an ad for this today, and was intrigued enough to see what their monetization model was (in app purchases/subscriptions for “pro” features) and took a big pass on it.
Zezzoz@lemmy.world 20 hours ago
Whoopsie. What goes around comes around.
Zealousideal_Fox_900@lemmy.dbzer0.com 1 hour ago
It was literally just a gossip site. Glad it got what it deserved, even if 4channers suck. The male version of this got shut down too.