this post was submitted on 31 Jul 2025
436 points (99.3% liked)
Technology
73546 readers
3527 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The company should be sued into the ground. This is horrendous
In any other engineering discipline this would he negligence.
It is negligence, but information workers have very little regulation when it comes to handling personal data (outside of specific fields, like healthcare and finance).
I say this as an information worker who handles a lot of personal data. Worst case scenario, I get fired and can't use them as a reference. Unless I'm intentionally stealing data and using it for crimes there's no risk of criminal penalties.
We needed privacy laws 20 years ago but the tech bros assured everyone that it would be fine and for a long time they were mostly responsible with our data. But now we're well into the enshittification of the Internet and the lack of regulation is allowing these kinds of harms to become common.
Though, in a sane regulatory framework Tea wouldn't be allowed to exist in the first place. The entire point of the site is to doxx people and share personal details about them without their consent.
At least some of the negligence is on Google, for the atrocious default security settings in Firebase
The vulnerability is called hospital gown because they leave the back end wide open by design. It's not even a traditional vulnerability, since it's technically working as intended
In fairness if you leave Firebase in its default settings it won't shut up about it.
You get warnings on the website, and constant emails telling you that you're being a pillocked.
Both the company, for failing to protect its users; and a large majority of its users, for doxxing and libel.
Its unfortunate that it happened this way, but now the people who are being libeled against and doxxed have the ability to find out about it where they didn't before.
I'm not going to hold it against women for having a private group to tell on predatory dudes when this existed and nobody ever faced any consequences. What We Learned About the 70K-Person Telegram Channel on How to Rape Women
Arguing that tea was for "telling on predatory dudes" is like saying backdooring encryption is to catch people spreading CP.
That's what the creator of the site said it was for.
Would you believe me if I told you some systems are used for other things than what's intended?
Sure, if you have evidence. What do you think it was really being used for? And what's your evidence?
No need for evidence. The idea of anyone being able to claim anything about a person without proof is inherently flawed. Are you saying that the app has some magical feature which forces everyone to tell the truth? No disgruntled ex can make up things about their previous partner? I would love to see you prove that.
No, of course I'm not saying that. It's a profoundly stupid idea because it is so open to abuse. That doesn't mean that the majority of users are abusing it, though, which seems to be what you're claiming.
I can't think of any way to use the app that doesn't rely on posting pictures and personal information of people without their consent.
I guess if you think "This dude acts kinda rapey" qualifies as "personal information".
for "this dude" to have any meaning to anyone, there needs to be a name attached at the very least.
that alone is personal information.
personal information is any information that can be used to uniquely identify a natural person.
this app was nothing but personal information being deliberately spread without the persons consent.
man am i glad this sort of bullshit isn't even up for discussion in the EU...what an absolute nightmare for privacy...
Which dude? How are you going to identify them?
Their full name, pictures and location would be required or your information about his rapeyness is worthless.
You're not going to have that person's permission to post their information and so you're doing it without their consent.
Yeah, and the US Marshall's service said Operation Flagship was just a football sweepstakes.
The Uk said the OSA is to protect children. But people lie.
And that's what the people seeking to ban encryption claim it to be for, as well. Doesn't make it true.
What is the truth, then?
That this app was set up for libel and doxxing, and would be abhorrent if the demographics were switched at all.
You know the "pro features" included address and phone number? Never mind the unaccountable reviews the reviewed can't even see making targeted harassment campaigns easier, posting "address and phone number" is "bad."
You believe that women are more likely to lie about a man than tell the truth?
On that app*
Maybe.
This is some Grade-A whataboutism right here.
Of COURSE the people in that group chat deserve punishment, and probably the same 20 years that French(?) guy got depending on who all did what.
Just because that happened though doesn't excuse that this happened. The company did a horrendous thing by holding onto highly sensitive and private data it said it should have deleted and then failed to secure it in any way, AND the userbase was absolutely vile and abusive towards men.
All three things need to see justice brought to them, and you should not excuse one just because another happened and wasn't dealt with properly.
Just another story where victims go on to become absuers it seems.
Nah they were abusers all along
I mean, it's on brand. The doxxing app is successfully doxxing people...
You get 89 cents in the settlement. Do you prefer to get a direct deposit or a check?
Nah, they just go bankrupt.
1 week free access to the service that did it in the first place is my favorite class action outcome.
Nah, just stop using it. Sueing does nothing, it just benefits lawyers and not any of us.
But it may hurt the creators who
A) Made this abhorrent shit to begin with
B) Didn't secure a goddamn thing and lied to users about the leaked info being deleted
so whether or not I benefit monetarily, I benefit by it being shut down and those responsible being held at least a little accountable for their various misdeeds to both their users and humanity at large. Plus that may serve as a deterrent for the next libel app that thinks they've reinvented facebook 1.0 (which, they might have some advice about this exact scenario, actually.)
It sucks for those people, but everyone should expect anything they say online to be possibly tied back to them. Secrets and identification information don't mix. Especially online. The good news is that there is no evidence any of it is real, anyone can lie on the site saying whatever they want, so if doxed someone can just say they were bored and wanted to fit in and see what others were discussing or such. Hopefully for them it doesn't turn into people getting hurt for talking behind someone's back like it often does offline.
fuck off with that complacency
there's so much underlying rules for private communication between computer systems, this type of thing is pure neglect boardering on international.
there's no reason to think everything online should be open and available. we should all be allowed to be in private spaces, especially if it's advertised as a private space
People complaining here that security was to lax, people complaining in the next thread that the libre dev is the victim because security was to high.
Is it possible to get both balanced, yes. But it will never make everyone happy.
There are no private spaces online, your privacy is at the whim of whoever owns the servers and whatever government controls them.
Unless you're using end to end encrypted communication with people you know and trust you should assume that everything you do online has your actual name and face attached to it.
I do agree that it sucks.
There should be laws, with criminal consequences, that protect our privacy but essentially every government is of the opinion that actual privacy should never exist online because they think it's better to sacrifice everyone's privacy than to let a single criminal go undetected.
This is why you see all Western governments simultaneously running "think of the children" campaigns as they slowly manuver the Internet into requiring every device be identifiable and linked to a person.
This is why the end-to-end encrypted communication providers are also being pressured right now. Because with systems built using encryption to enforce the rules are actually private.
Governments know this, as they heavily rely on encrypted communication systems. They just don't want anybody else to have that privilege.
Which is it? It logically cant be both. I own at least a dozen servers.
There are no private spaces online, because your privacy is only protected by the people who own the servers. Your data isn't private to them, nor any governments who can compell them.
You cannot trust that any data you put on services, that you're not completely in control of, is going to remain private.
There are countless examples of services selling your data, hackets getting access to your data or governments compelling a service provider to produce your data on demand.
The exception to that are services where you can enforce your privacy through well implemented encryption.
For exsmple, I don't need to trust a cloud storage provider that is storing my data because it's encrypted on my machine using keys that only I control prior to being stored. My privacy doesn't require me to trust that Google will protect my data from insiders, hackers or hostile governments because they don't have the ability to produce it. My privacy is protected by the laws of mathematics regardless of how compromised the service provider is.
Yes, I know all that. I spent 25 years in tech, which is why I also know how to run secure services online. Hence my comment above.