this post was submitted on 25 Jul 2025
557 points (97.8% liked)
Technology
73254 readers
3846 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is what happens when you decide to vibecode a service with zero attention to safety or web development. This is why you don't immediately jump onto a new service without it being vetted properly. Now one of the worst communities on the Internet is in possession of over a hundred thousand women's driving licenses and faces. This is going to be an absolute disaster.
This is ALSO why no service should ever require or get my driver's license information. Fuck that. Also, yet another Constance to those who can't afford a car or want to improve the environment by living car free.
My only exception to that are uber drivers. But then again we live in an age where somehow better help has become popular, even though they sell your data.
I disagree on even that. It should be enough to have some trusted "notary" tick a box that they have verified your driver's license as valid. It should not be stored out sent anywhere at any time. Just showed to a human. Regularly, if needed.
Instead, just prove you have a credit card by submitting the details. Also totally safe. Be sure to include the CVV, please!
The only site I ever felt comfortable scanning shit like that into was a site that sold things only to military/medics/fire fighters so I had to upload my medic license and my FF cert.
Anything beyond that is a no go from me.
Now now, I like to shit on vibecoders too but let’s not pretend this is some new problem.
Idiots leave databases on cloud servers exposed all the time rather than deal with their companies often arcane rules for generating certificates
Remember when the government published SSNs in HTML? https://www.zdnet.com/article/missouri-will-not-prosecute-hacker-reporter-for-daring-to-view-state-website-html/
Where do you think the AI learned it?
Like, I get that competent coders do it too, but now any skiddie with an idea can cosplay as a developer so this is going to be so much more prevelant
That's not new, either.
To be fair, I’m not sure why firebase even has a public access option. That’s a recipe for issues.
Though if it’s anything like Google Cloud Store, they hopefully make it very clear that your bucket is public.
How is something "vetted properly" and how do I find out about that?
You wait a while until something like this happens.
This is something I worry about all the time as well, especially since I've started to learn how to code and experienced how easy it is to mess up and send a list with all registered users to everyone opening a page. (This was in a test environment.)
As a user, there is no proper way I know of to verify an app's security. Most apps are closed source, but even if you could view the code, what would you look for?
Both Apple and Google have a verification process for apps that are published in their app stores, but if these worked, we wouldn't see this happening.
There are academic researchers working on apps and privacy as well, but it's not like you can ask them for a report on an app you're thinking of installing.
I think it basically comes down to trust. Check if a developer has messed up in the past and how they dealt with that, that sort of stuff. And for dating apps there is this interesting article: https://www.privacyguides.org/articles/2025/06/24/queer-dating-apps-beware-who-you-trust/#reducing-the-risks-when-using-dating-apps
It's a long read (haven't fully read it myself yet) and it paints a bleak picture, but that's the world we live in today.
You can pay for a 3rd party to penetration test your app, it's good practice to do this before you launch an app, after any significant changes, and annually at a minimum.
There are also a growing number of companies offering continuous penetration testing - basically, automated pen tests - but these are expensive and it's difficult to convince companies that the cost is worth it
I honestly don't understand what op is talking about.
Leaks happen all the time, even in billion dollar companies.
Their comment is the equivalent like, "This is why you should lock your doors!" Like uh okay.
This situation would have been easily preventable with basic understanding of what they're doing is what OP is saying. This leak is not something highly complex, it is painfully stupid on the side of the developers.
There's a difference between a hack, where data is exposed, compared to data exposure due to negligence or ignorance on the development side.
Again, how should the end use know anything about what is going on at their end? How does anyone "vett" that? It is a nonsense "argument" to put blame on the users.
Where I'm from there's certificates a company can get, that confirm a certain level of process and IT security. Also a company existing for at least 5-10 years without incidents is a "vetted" company in my books. At least anything that managed to produce a working IT system before 2021 when AI came around.
I also believe there's a bit of bad wording going on with the original comment. Take it up with that guy, lol.
This was more like leaving all your valuables in a cardboard box on your front lawn. Anyone can just take it, if they care to look inside the complete unsecured box.
Someone just drove up and tossed the box in their truck. No lock involved.
https://de.wikipedia.org/wiki/Datenvermeidung_und_Datensparsamkeit
I love how people just jump on whatever they like, instead of actually thinking about the stuff they read/comment on/upvote. Exactly like on Reddit, no difference.
How strange that a site designed exactly like reddit behaves like reddit.
The thing is that many here think they are better, they look down on Reddit. There is a certain shift in what demographic switched over but generally it is the same.
I thought they were looking down on the owners of reddit, not the user base.
Anybody oblivious enough to create something like this isn't someone you should trust your most private data with. This service had red flags from the concept phase, never mind the execution.
This is not to say, of course, that the victims deserved it. It just really sucks that they had to learn this lesson this way.
"Vibe coded" you just made that up didn't you, because you don't like llms. I don't see anything in the article about "Ai" and this service has been operating for 2 years.
My thoughts as well. But hey, it's lemmy! Just accuse someone of doing something we hate, good to go!
The og 4chan post brought up the vibe coding. Using it as an insult to quality is wider spread than just lemmy.
Maybe I shouldn't have used the term vibe coded. I apologize.