Tea was storing its users’ sensitive information on Firebase, a Google-owned backend cloud storage and computing service.
Every time. With startups, it's always an unsecured Firebase or S3 bucket.
this post was submitted on 28 Jul 2025
328 points (97.4% liked)
Technology
73465 readers
4247 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
I'm certainly no web security expert, but shouldn't Tea's junior network/backend/security developers, let alone seniors, know how to secure said Firebase or S3 buckets with STARTTLS or SSL certificates? Shouldn't a company like this have some sort of compliance department?
It's a little more complex than that. If you want the app on the user device to be able to dump data directly into your online database, you have to give it access in some way. Encrypting the transmission doesn't do much if every app installation contains access credentials that can be extracted or sniffed.
Obviously there are ways around this too, but it's not just "use TLS".
load more comments
(3 replies)
I am not sure, but I read somewhere that the developer(s) used vibe coding to create the app so...
load more comments
(2 replies)
load more comments
(5 replies)
Honestly it seems like a weapon that can too easily be used for defamation
load more comments
(7 replies)
Ah nice.
Time to implement a social score. Those who rate highly have better access to social areas.
Those who rate lower are fucked for the rest of their life.
This sounds like such an amazing idea that has no shortcomings whatsoever!
Edit: /s
Change the target to any other group and the outrage would be 100-10000 fold bigger.
Try it out, instead of Women rating men, try subbing in various minority groups or races.
Bonus points for the most offensive combinations.....
e.g. Russians rating Ukrainians in your area....it can get pretty bad...I can think of many worse combos.
I think the key reason this was seen as not being terribly offensive was the fact that women are disproportionately more likely than men to be on the receiving end of tons of different negative consequences when dating, thus to a degree justifying them having more of a safe space where their comfort and safety is prioritized.
However I think a lot of people are also recognizing now that such an app has lots of downsides that come as a result of that kind of structure, like false allegations being given too much legitimacy, high amounts of sensitive data storage, negative interactions being blown out of proportion, etc. I also think that this is yet another signature case of "private market solution to systemic problem" that only kind of addresses the symptoms, but not the actual causes of these issues that are rooted more in our societal standards and expectations of the genders, upbringing, depictions in media, etc.
I’m always reminded of the fact that women on dating sites rate 80% of the men as below average….
And the dating advisors who have written numerous articles about how women don’t really know or aren’t really honest with themselves about what they are looking for in a partner….
That was ONE OKCupid survey from years ago, and it also showed that women were more likely than men to message people they didn't rate as attractive.
In reality, women and men rate male facial attractiveness about the same. https://datepsychology.com/can-women-identify-an-average-face/
I was making the point, that despite the fact that this is mildly ok. The test for anything that gives one group power over another, is to switch the groups.
If it's still reasonable, than it is probably OK to keep it. If however it seems wrong after the switch, the bar to keep the power imbalance should be very high.
load more comments
(2 replies)
load more comments
(3 replies)
I'm sorry but I'll just say it out right: new feminists are the absolute worst
Don't get me wrong, I'm all for equality where possible. Where isn't equality possible? Well I'd like to conceive a child, but the plumbing isn't exactly useful for that. That sort of thing. Beyond that, were all the same, and IDGAF about your skin color, sexual preferences or whatever. I live by live and Let live, don't be an asshole, it's not that hard to be respectful
New feminists though are the ones coming up with ideas like this website. On the surface, anyone could say that it's not a bad thing to have a place for women to talk about how to protect themselves. In reality though, it's a place where men, innocent or not, get doxxed and made to be rapists.
There are some subs here on Lemmy as well that were very sad to see this shitshow of a website go, lamenting the fact that now they need a different place to dex people. Try not to tell them that doxxing is bad, it gets you banned.
load more comments
(4 replies)
How does this app even work?
You sign up and then a while later, your personal information gets leaked to the public. Not sure what its other purpose is.
That's corporate social media/apps in general. Does this thing basically let people list crappy things that happened to them by specific humans?
It's basically a slander app, from what I can tell.
it seems its an app that helps women flag potential dating candidates as being dangerous or red flags.
there is the potential for doxxing that comes with that, but I can absolutely understand its use and need when not abused in that manner.
i wonder if there's the potential for a different app with more encryption and a way to prevent doxxing and abuse.
There's definitely a use case, but there's an inherent power imbalance to these products that makes sure they will always be misused. The submitters are anonymous, and it's up to the person being reported on to prove the accusations are false.
Or, they're supposed to be anonymous.
it’s up to the person being reported on to prove the accusations are false.
The person doesn't even know they're mentioned in the app.
load more comments
(1 replies)
How do you warn people about a potential dating candidate being dangerous without doxxing the potential dating candidate? "Hey, watch out for [anonymous person]" doesn't sound very useful.
load more comments
(9 replies)
load more comments
(3 replies)
load more comments
(13 replies)
load more comments
(1 replies)
S2 Underground has a great video about this. It's basically a spy app with national security implications.
People using their military IDs for account verification and location data found in their pictures lays the argument that this data could be used for blackmail.
I feel that the app filled a need of women we should not ignore. But the app, both this specific app and also the overall concept, is just too rife with downsides to be workable.
So we, as men and as society need to reevaluate why women feel the need for such an app, and reinvest in the criminal justice system to hold victimizers more accountable.
It’s okay to call this app and similar Facebook groups unacceptable. But that’s not enough, we must also call for stronger protections for victims of criminal behavior.
load more comments
(6 replies)
Why did the app had the government IDs and credit card data to begin with? The app looks like an obvious phishing scam/ Honeypot situation.
load more comments
(1 replies)
view more: next ›