this post was submitted on 25 Jul 2025
637 points (98.0% liked)

Technology

73379 readers
4723 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media.

top 50 comments
sorted by: hot top controversial new old
[–] JackbyDev@programming.dev 99 points 3 days ago (5 children)

I can't open the article, but I think I read that this was hosted on an unprotected bucket. Assuming that's correct I wouldn't say this was a breach. A better headline would be "Women dating safety app 'Tea' exposed women's PII".

To be 100% clear, I'm not excusing the hackers. I don't believe it's morally correct to publicize something because it is exposed. For folks curious about that you can look into how to ethically disclose vulnerabilities. I still view this as doxxing. I still believe what the hackers did should be a criminal offense, it's just that I also believe the app holds a ton of the blame as well. How can you proclaim to be about keeping women safe while putting them at risk? That should be punished as well.

Like if the storage facility you trusted to hold your stuff never had locks on the doors, shouldn't they take a lot of the blame as well as the thief who found out a door was unlocked?

[–] hopesdead@startrek.website 44 points 3 days ago (4 children)

The bigger problem is trying to get the mainstream that would read an article like that to understand the technical difference between hacking and accessing unsecured data.

[–] JackbyDev@programming.dev 26 points 3 days ago (6 children)

One of the definitions of hacking is illegally gaining access to a computer system. It doesn't need to involve any sort of exploit. Stealing from an unlocked home is still stealing. Gaining access to a system by phishing is still hacking. Leaking data that is technically publicly accessible that isn't meant to be publicly accessible is still hacking.

Not that I suspect anything good from 4chan but the proper thing to do would be to disclose to Tea that their data is public and allow them to fix the problem. The ethics of vulnerability disclosure still apply when the vulnerability is "hey you literally didn't secure this at all."

load more comments (6 replies)
load more comments (3 replies)
load more comments (4 replies)
[–] Zephorah@discuss.online 39 points 3 days ago (2 children)

Reading these incredible comments has revealed a large piece of what was named as the reason for lemm.ee shutting down.

load more comments (2 replies)
[–] dandelion@lemmy.blahaj.zone 82 points 3 days ago* (last edited 3 days ago) (37 children)

The replies in this thread are disturbing, giving me a sense that Lemmy has a misogyny problem; maybe I was naïve, but I expected outrage about 4chan doxxing women trying to protect one another, instead I see lots of revenge enjoyment as if being doxxed on 4chan is justice for ... warning one another about dangerous men they encounter when dating?

The inability to empathize and take seriously the threats posed to women or to understand their motivation to protect one another is alarming.

There is no good faith extended, but also no evidence presented that instead of safety the app was just for gossip, it's just taken as assumed that women are wrong for using Tea and they all deserve to be doxxed.

[–] SonOfAntenora@lemmy.world 15 points 2 days ago (2 children)

Apparently the platform operated as some sort of gossipping/reporting system where unaware men and guys could be posted, so they could basicallly do the same thing that happened to them, all on one if the most unsafe system possible.

Honestly I see this as a consequence of their own actions mostly the database was unprotected. Their purpose was to document men behind their back. Turns out it backfired.

load more comments (2 replies)
[–] zarkanian@sh.itjust.works 45 points 3 days ago (5 children)

It isn't the women who are wrong; it's the app developer and 4chan. But setting aside the data breach, creating a Yelp for dating is a ticking time bomb. They were going to get sued out the ass, data breach or no data breach. I don't know how many times this needs to happen, but I guess web developers have the memory of goldfish. There have been several attempts at something similar that got shut down for the obvious reasons. Making a website that rates human beings is always going to be a legal minefield.

load more comments (5 replies)
[–] DrSteveBrule@mander.xyz 51 points 3 days ago (10 children)

I'm all for groups of safe spaces for women. Especially when it's designed to keep them safe while dating. I have my doubts that Tea was that. Even if it was advertised as such, "tea" is slang for the word gossip. I've heard stories from several sources that it was used to dox people as well. Not saying what happened to the users is right. I think some users here are just feeling smug that this might cause the app to fail or shut down.

[–] zarkanian@sh.itjust.works 15 points 3 days ago

Yeah, naming it "Tea" is really the cherry on top. I'd love to know more about the people behind this. It's hard to believe that anybody would be this oblivious. I guess the same kind of people who wouldn't secure their database.

load more comments (9 replies)
[–] Gemini24601@lemmy.world 33 points 3 days ago (1 children)

The Tea app is agnostic. While its purpose and main use case was made for the safety of women in the dating scene, it was inevitably used to spread exaggerated or misleading information about otherwise innocent men. Imagine being a privacy-conscious individual, and breaking up with a toxic woman. She could go on to spread lies about you and even upload pictures of you to the reverse image search/ai. So even if you were doing everything right from a privacy standpoint, you’d still end up in someone’s private database, subjected to ai training, shared with the government, or who knows what. While I do see the purpose of apps like these, they can effectively take away someone’s privacy/dignity without them even knowing about it. Now imagine being a 4channer, someone probably even more privacy-conscious than lemmings, and possibly experiencing mental disorders like paranoid schizophrenia or autism; of course they’re drawn to hacking an app that would destroy their privacy. They are not sane individuals, so this event really was inevitable.

[–] echodot@feddit.uk 10 points 2 days ago

Look at the screenshot in the article. That's what their website looks like, it absolutely looks like it's focusing on gossiping rather than women's safety on dates.

[–] Ilovethebomb@sh.itjust.works 23 points 3 days ago (1 children)

Lemmy is full of people with a lot of technical knowledge, who look down on anyone without it. Just look at their responses to someone complaining and an issue on Windows, it's just a hundred people telling you what Linux distro they use.

It's not so much mysogyny, they just can't pass up the opportunity to be smug about something.

load more comments (1 replies)
[–] joel_feila@lemmy.world 28 points 3 days ago (4 children)

Well lets be honest if someone made a gender inverse version ofctea many people would b concerned about what is being shared on the app. Honestly i find tesla disturbing and the 4 chan doxing dangerous. Both sides can be bad.

load more comments (4 replies)
[–] SoftestSapphic@lemmy.world 30 points 3 days ago

I think you are misunderstanding why people are upset.

It's horrible that these women were doxxed.

It's also horrible that a subset of women were doxxing men, which is what brought this negative attention to the site.

Misogyny is real in our society, misandry is real.

Saying things happen for sexist reasons when it was for a logical reason does a disservice to movements that seek equality.

The internet also cheered on the 4chan PII leak that happened recently, not becauase it's a male dominant space, but because they do shitty things like dox people.

[–] LePoisson@lemmy.world 28 points 3 days ago (4 children)

Your comment was on top for me in my app, so I was like "oh how bad could it be.". Holy shit you're not wrong, there's some disgusting comments that are getting voted up.

I'm low-key disappointed and appalled by these community members who believe these women "deserve" it for ... Trying to help each other be safer?

load more comments (4 replies)
load more comments (29 replies)
[–] thatradomguy@lemmy.world 6 points 2 days ago* (last edited 2 days ago) (2 children)

Another example of why people shouldn't be uploading/sharing nudes on any platform when the pretense is that it will only be between 2 people. That just isn't realistic anymore. Never was, really. I still don't get how people can hear and know about all the hacks happening now but they can't see that sending nudes is somehow unsafe? Why does society work this way?

[–] Electricd@lemmybefree.net 6 points 2 days ago

Send nudes on Signal!

load more comments (1 replies)
[–] M0oP0o@mander.xyz 6 points 2 days ago

One would have hoped the lesson here would be about the dangers of commoditfiying everything as a fucking "app", but no, it looks like its not the increadably irresponsible company at fault (as is tradition).

[–] BackgrndNoize@lemmy.world 45 points 3 days ago (3 children)

This is why there should be a nationwide rule that PII data should be deleted after the users identity has been verified

[–] mang0@lemmy.zip 5 points 2 days ago (1 children)

Truly impressive how little america cares about its citizens.

load more comments (1 replies)
load more comments (2 replies)
[–] SoftestSapphic@lemmy.world 36 points 3 days ago (2 children)

Never upload PII to social media

Your privacy is not legally protected.

load more comments (2 replies)
[–] gnu@lemmy.zip 155 points 4 days ago (6 children)

People sign up to app intended to share personal information about others without their permission, end up having their own personal information shared without permission - the irony is impressive.

[–] surewhynotlem@lemmy.world 110 points 4 days ago (26 children)

At first I was going to call bullshit because I thought you were exaggerating and being ridiculous.

Nope. That's the app. "Anonymous" sharing of pictures and info of other people. Presumably without their permission. That's fucked up.

load more comments (26 replies)
load more comments (5 replies)
[–] sunglocto@lemmy.dbzer0.com 214 points 4 days ago (28 children)

This is what happens when you decide to vibecode a service with zero attention to safety or web development. This is why you don't immediately jump onto a new service without it being vetted properly. Now one of the worst communities on the Internet is in possession of over a hundred thousand women's driving licenses and faces. This is going to be an absolute disaster.

[–] Darrell_Winfield@lemmy.world 162 points 4 days ago (4 children)

This is ALSO why no service should ever require or get my driver's license information. Fuck that. Also, yet another Constance to those who can't afford a car or want to improve the environment by living car free.

load more comments (4 replies)
load more comments (27 replies)
[–] UncleGrandPa@lemmy.world 32 points 3 days ago (1 children)

What are the chances of this being the main reason for the app's existence?

[–] Hozerkiller@lemmy.ca 32 points 3 days ago

Seeing as the word hack is doing a lot of heavy lifting. They didn't bother to actually secure the data and then put it on the internet for anyone to access.

[–] simplejack@lemmy.world 25 points 3 days ago

Hungry data privacy lawyers when they learned about Tea this week:

[–] Longmactoppedup@aussie.zone 83 points 3 days ago (7 children)

Maybe I'm just getting old, but the idea of "verifying" my real identity to a faceless website or mobile app is abhorrent.

I guess it doesn't help that governments in some countries (UK, Australia that I know of) are encouraging this bullshit with Trojan horse laws claiming to protect children from adult websites / social media.

Can't help but think there is also an element of pot meet kettle here, when users of an app designed to dox and slander people without their knowledge are now the ones getting doxxed themselves.

load more comments (7 replies)
[–] sp3ctr4l@lemmy.dbzer0.com 104 points 4 days ago* (last edited 3 days ago) (16 children)

Wow that was fast.

I did not even know this app existed untill about 8 hours ago.

Already comprimised.

EDIT: Also, lol, this arguably is not even largely a hack.

These idiots just had everything stored in a fucking publically accesible firebase bucket... amazing.

They didn't delete anything they claimed to.

Either way you look at it, anywhere on the spectrum from:

A ] A bunch of women reasonably concerned for their safety

B ] A bunch of gossip mongers

... well, they've now all been doxxed, ironic from each angle.

What a fucking disaster.

load more comments (16 replies)
load more comments
view more: next ›