Technology

73546 readers

2876 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

436

Tea App A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating (www.404media.co)

submitted 3 days ago* (last edited 2 days ago) by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world

111 comments fedilink hide all child comments

https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/

https://redlib.orangenet.cc/r/AskWomen/comments/1m9ydcn/what_iswas_the_tea_app_actually_like/

you are viewing a single comment's thread
view the rest of the comments

[+] zarkanian@sh.itjust.works -19 points 2 days ago (3 children)

This sounds like victim-blaming. This website didn't even secure their database with a password. Come on. I'm sure their privacy policy gave the standard promises about storing their private data in a secure way, which they did not do.

[–] DrSteveBrule@mander.xyz 33 points 2 days ago

Encouraging people to be safe and care about their privacy on the internet is not victim blaming.

I'm sure their privacy policy gave the standard promises about storing their private data in a secure way, which _they did not do. _

This is what people want to warn others of. The developers of Tea are hardly the only offenders. Definitely not an example of victim blaming.

[–] blitzen@lemmy.ca 19 points 2 days ago (1 children)

In the current environment, at-risk people (women, immigrants, etc) who might have “at-risk” activities (abortion, immigration, etc) don’t have the luxury of relying on a privacy policy. I am not blaming them, I am simply stating how it must be if they are to avoid adverse actions.

This particular instance involved poorly secured data; what happens when warrantless demands are made by the government?

The Tea debacle proves that sensitive data cannot be trusted once out of your hands.

[–] blargh513@sh.itjust.works 9 points 2 days ago

I agree. The reality is that nobody should be trusting these platforms with such sensitive data. As demonstrated, there is so much that can go wrong when you trust these companies. This is a LOT of risk for very little reward.
Whatever you put online you should think "what if this were made public and attributed to me" before you post it.

[–] mic_check_one_two@lemmy.dbzer0.com 4 points 2 days ago

I'm sure their privacy policy gave the standard promises about storing their private data in a secure way, which they did not do.

Their ToS can be found here. Section G of their Limitation of Liability tries to shield them from liability against data breaches. But if they were criminally negligent, the ToS won’t protect them. The Data Protection section basically just says “check our Privacy Policy for info on what we collect”, which is pretty standard fare for a ToS.

The Security section of their Privacy Policy is also extremely boilerplate. Here’s the entire thing:

Security of Your Personal Information
The security of your Personal Information is important to us. When you enter sensitive information (such as credit card number) on our Services, we encrypt that information using secure socket layer technology (SSL).Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable.If you use a password on the Services, you are responsible for keeping it confidential. Do not share it with any other person. If you believe your password has been misused, please notify us immediately.

This one particular sentence may end up burning them though:

Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction.

I think most people (and the courts) would agree that putting a password on your database is a reasonable security measure that would be expected per this Privacy Policy. Especially since their next sentence goes on to elucidate that users should keep their passwords confidential.