The more than one million messages obtained by 404 Media are as recent as last week, discuss incredibly sensitive topics, and make it trivial to unmask some anonymous Tea users.
It is negligence, but information workers have very little regulation when it comes to handling personal data (outside of specific fields, like healthcare and finance).
I say this as an information worker who handles a lot of personal data. Worst case scenario, I get fired and can’t use them as a reference. Unless I’m intentionally stealing data and using it for crimes there’s no risk of criminal penalties.
We needed privacy laws 20 years ago but the tech bros assured everyone that it would be fine and for a long time they were mostly responsible with our data. But now we’re well into the enshittification of the Internet and the lack of regulation is allowing these kinds of harms to become common.
Though, in a sane regulatory framework Tea wouldn’t be allowed to exist in the first place. The entire point of the site is to doxx people and share personal details about them without their consent.
At least some of the negligence is on Google, for the atrocious default security settings in Firebase
The vulnerability is called hospital gown because they leave the back end wide open by design. It’s not even a traditional vulnerability, since it’s technically working as intended
Both the company, for failing to protect its users; and a large majority of its users, for doxxing and libel.
Its unfortunate that it happened this way, but now the people who are being libeled against and doxxed have the ability to find out about it where they didn’t before.
No need for evidence. The idea of anyone being able to claim anything about a person without proof is inherently flawed. Are you saying that the app has some magical feature which forces everyone to tell the truth? No disgruntled ex can make up things about their previous partner? I would love to see you prove that.
It sucks for those people, but everyone should expect anything they say online to be possibly tied back to them. Secrets and identification information don’t mix. Especially online. The good news is that there is no evidence any of it is real, anyone can lie on the site saying whatever they want, so if doxed someone can just say they were bored and wanted to fit in and see what others were discussing or such. Hopefully for them it doesn’t turn into people getting hurt for talking behind someone’s back like it often does offline.
there’s so much underlying rules for private communication between computer systems, this type of thing is pure neglect boardering on international.
there’s no reason to think everything online should be open and available. we should all be allowed to be in private spaces, especially if it’s advertised as a private space
The company should be sued into the ground. This is horrendous
In any other engineering discipline this would he negligence.
It is negligence, but information workers have very little regulation when it comes to handling personal data (outside of specific fields, like healthcare and finance).
I say this as an information worker who handles a lot of personal data. Worst case scenario, I get fired and can’t use them as a reference. Unless I’m intentionally stealing data and using it for crimes there’s no risk of criminal penalties.
We needed privacy laws 20 years ago but the tech bros assured everyone that it would be fine and for a long time they were mostly responsible with our data. But now we’re well into the enshittification of the Internet and the lack of regulation is allowing these kinds of harms to become common.
Though, in a sane regulatory framework Tea wouldn’t be allowed to exist in the first place. The entire point of the site is to doxx people and share personal details about them without their consent.
At least some of the negligence is on Google, for the atrocious default security settings in Firebase
The vulnerability is called hospital gown because they leave the back end wide open by design. It’s not even a traditional vulnerability, since it’s technically working as intended
I mean, it’s on brand. The doxxing app is successfully doxxing people…
You get 89 cents in the settlement. Do you prefer to get a direct deposit or a check?
Both the company, for failing to protect its users; and a large majority of its users, for doxxing and libel.
Its unfortunate that it happened this way, but now the people who are being libeled against and doxxed have the ability to find out about it where they didn’t before.
I’m not going to hold it against women for having a private group to tell on predatory dudes when this existed and nobody ever faced any consequences. What We Learned About the 70K-Person Telegram Channel on How to Rape Women
Arguing that tea was for “telling on predatory dudes” is like saying backdooring encryption is to catch people spreading CP.
That’s what the creator of the site said it was for.
Would you believe me if I told you some systems are used for other things than what’s intended?
Sure, if you have evidence. What do you think it was really being used for? And what’s your evidence?
No need for evidence. The idea of anyone being able to claim anything about a person without proof is inherently flawed. Are you saying that the app has some magical feature which forces everyone to tell the truth? No disgruntled ex can make up things about their previous partner? I would love to see you prove that.
It sucks for those people, but everyone should expect anything they say online to be possibly tied back to them. Secrets and identification information don’t mix. Especially online. The good news is that there is no evidence any of it is real, anyone can lie on the site saying whatever they want, so if doxed someone can just say they were bored and wanted to fit in and see what others were discussing or such. Hopefully for them it doesn’t turn into people getting hurt for talking behind someone’s back like it often does offline.
fuck off with that complacency
there’s so much underlying rules for private communication between computer systems, this type of thing is pure neglect boardering on international.
there’s no reason to think everything online should be open and available. we should all be allowed to be in private spaces, especially if it’s advertised as a private space
People complaining here that security was to lax, people complaining in the next thread that the libre dev is the victim because security was to high.
Is it possible to get both balanced, yes. But it will never make everyone happy.