A public S3 bucket? Whoever used the app should start a class action lawsuit, this is beyond misconduct.
Imagine the other gaping security holes in this thing if storing all the data on a public s3 bucket flew under the radar until after release.
It was literally just a gossip site. Glad it got what it deserved, even if 4channers suck. The male version of this got shut down too.
Gossip sites suck, but nobody deserves to get their data leaked.
Saying 4channers suck is very similar to saying Lemmy users suck. Depends on board and instance respectively.
Just curious, what was the male version?
I understand the reasoning for the public intent of the app and would generally support it within reason cause society right now amirite… but its not so subtle real world application has now leaked a DB of catty women for whom the majority ALSO show massive red flags. This isn’t a sexist men vs women critique, if there was an app for men to rate women and dox them I’d feel the same way. Love it when shitty people bamboozle themselves.
I mean it’s even in the app name that it’s not about protecting women and keeping them safe, it’s literally about “spilling the tea” aka gossip. It’s pretty gross and can be used for nonconsenual sharing of images and even slander too since there’s no way to know if what someone is writing on there about someone is true or not.
Gives me no pleasure to add it to idcaboutprivacy
Free and open source—feel free to contribute.
Nice site you got there! Made from scratch or using some service/app?
Thanks. Built from scratch.
I can’t wait till I read a similar article about porn sites; especially one where the doxxed individuals are politicians.
I mean, we kinda already ended up there with the Ashley Madison hack in 2015. Problems with that site aside, I feel like it’s kinda the blueprint for everything wrong with companies that retain personally identifable info on folks. If a company collects details like your driver’s license, it’s not a question of if it gets out but when. There’s just no way to collect that sort of data and truly keep it safe.
But, it seems like we’ve kinda forgotten how to learn lessons in the modern day, so I’m sure this was an isolated issue and we’ll never see it’s like again.
(/s on that last part, just in case that wasn’t blindingly obvious.)
4channer try not be bigoted for 1 nanosecond challenge (IMPOSSIBLE) (GONE SEXUAL)
Yeah there was absolutely no need to include unfounded racist shit about “DEI hires” but it seems to be some sort of rule in 4chan that you have to be a bigoted fucknut in order to post
Damn, if they had PII in a public bucket like that it’s criminally negligent. Well, at least it should be but I’m no lawyer
It’s at least a hefty fine in the EU - enough to kill a business.
The higher of €20m or 4% of global annual turnover.
Indeed, and the kicker is that 4% is on turnover, not profit. That can really hurt.
Yeah it has to be that way otherwise all these venture capital funded businesses that never actually make a profit could just do whatever they want, and considering that’s basically every startup it would essentially neuter to the law.
Thatsthepoint.jpg
Ah publicly exposed bucket. Tale as old as time.
So like, when do we get a government-run service to issue zero-knowledge proofs about us so companies have no reason to store stuff like this in the first place?
Oh aye, I am the #1 government truster, they should “not record” where I visit and should be trusted to ignore my internet history
They wouldn’t see what sites you give the tokens to — unless those sites choose to phone home, for some reason.
- You log in to the government site
- You ask for a token to prove your age/gender/whatever
- You copy the token
- You go to the age/gender-restricted site
- You provide the token
- The restricted site asks the government site how to verify any arbitrary token (but doesn’t mention your specific token)
- The restricted site verifies the token
If I had to choose between a government and a private entity to store my personal governmental records (e.g. age and name), I’d 100% choose the government first.
In turkey, the government stores data words than the company. I can be doxxed just by giving you hints of which city I live in. It’s bad
easy to say, but that depends entirely on the government and company doesn’t it?
Any government already has all of that information, so, no.
By giving it to a company, you just increase the risks of info leakage.
I assume OP actually meant the additional info the government can get from where I authenticate with my goverment ID to a company.
Hypothecial situation: You wanna buy a sex toy.
If the goverment does store where and what you buy, they could punish you by withholding services.
And they might not say why and give a bs excuse or send you on a goose hunt to do more paperwork.
You can suspect that but probably never proof that it was the case.
As always life is complicated.
I am talking about my personal situation.^(Do I really need to put a disclaimer to all posts, that mentions all comments are from my own view and might no apply to every situation in every country?)
It either doesn’t work or means that they have your ID info anyways. There’s no 3rd option
??? This is just textbook sso/openid but backed by the government. There’s nothing intrinsically insecure about having third parties send you directly to a trusted government site for authorization.
And how does that prevent hacks that reveal the connection between ID and user account ?
What connection do you think a third party is saving when using openid? Generally speaking the only thing the third party needs is your identifier which in most cases is just an email. It’s no more devastating for the user base for that information to be leaked than it is when they’re handling authorization themselves. I personally think using a government backed authorization platform is a terrible idea and something completely liable to be abused by those in power, but it would objectively be better than trying to have every single service store your personally identifiable information themselves.
The only entity able to connect you in this case is the identity verification third party. The premise is that a government-backed identification system is more secure than a rando private company.
Private company asks government “hey is this user real and unique”, government replies “yes”. Private webiste does not need to know your ID. No identifying element needs to be transmitted by the government.
Of course some private companies will need more, and in that case the user, you, can grant them access to data, much like the current authentication systems using Google accounts & co.
In which case the flow would be:
- Rando insecure company asks government “is this user real and unique? I need their name”
- Government website asks you “this rando company wants to know your name”
- You accept
- Goverbment replies to rando insecure conpany “yes, user real, name is X”
That’s how it should be.
Uh… What’s the tea app?
Edit: from what I can gather based on the last link attached to this post it seems to be some kind of app for women to talk about men they’ve dated. Why that needs drivers license uploads is a whole other question and definitely should have raised some massive red flags for anyone thinking about using it.
“talk”
They try to get a pass on this by saying it’s about “safety” and reporting creeps. But it’s filled with women posting dudes and gossip. It gives me the same vibes as those sites back in the day that were shut down because they were essentially revenge porn sites. Same shit different form.
Yes, trying to warn other women about a man you dated who abused you or gave off weird vibes is definitely the same as getting your nudes or porn video of yourself leaked against your will onto the public internet for everyone to see
Yea cause that’s what these sites totally were doing.
Everyone knows what these places were. 4chan are fucking scumbags but so are the people using these gossip sites. They’re both cut from the same cloth
Oh hey look, the straw man is waving at you
Found this article after a quick web search: https://www.forbes.com/sites/kateoflahertyuk/2025/07/24/what-is-tea-the-viral-women-only-app-with-1-million-downloads/
It’s an app where women upload photos of men they’re dating to get “the tea” on them (red flags, catfishing, etc.). I always wondered if something like this existed. Sucks that it has to, sucks even more if their users are being targeted like this.
The reason that up until now an app like that hasn’t existed is because it is an absolutely awful idea if you spend more than 10 seconds thinking about it.
It’s ripe for abuse in fact I would be surprised if even half of the reports are legitimate. Isn’t absolutely god awful system and whoever thought this up is an absolute prat, who seriously needs to get outside and actually experience real life and real people.
The original incarnation on Facebook got sued for posting libel and shut down. There’s no judge of truth on these apps it’s all she said and no he said.
Talk about adding to the toxic nature of the world. Anyone thinking we should have a digital record of social reputation isn’t thinking it through.
It’s a reaction to the toxic nature of the world, what it adds is a drop in the bucket in exchange for avoiding abusers
But are they abusers? You sure they ain’t just getting revenge on an ex, making them undateable. How do you even validate this information?
If this was an app where men post photos of women without their permission, you would he losing your mind over how gross it is.
Women aren’t routinely abusing men with dating apps so yeah I would be weirded out lmao
Women aren’t routinely abusing men with dating apps
Lmao
Jesus you definitely need to get out more.
I mean. A social database I feel is toxic in of itself. It’s makes forgiveness harder, it makes changing yourself harder. What’s the point in changing if people are gonna look you up in a database like this and perhaps forevermore treat you as if you are like that in the present day, forever. It assumes that humans are unchanging, that once a shitty person always a shitty person.
Strong disagree. Just creating another bully culture.
What’s the alternative to warning strangers about predators?
I hear that, I just don’t think this is the way to go about it. Digital reputation system that lives on some corporate dataset is just ripe for terrible problems. It’s terrible for everyone’s privacy when we normalize this shit.
What about people who don’t use this app, do they not deserve to be protected, do they deserve to suffer because they didn’t use this app?
Let’s be real, this app is about gossip, it’s not about protecting women and keeping them safe, it’s literally in the name it’s about “spilling the tea” aka gossip.
Contacting police?
As usual on Lemmy, the answer is just for women to shut up and listen to what the men want
Just goes to show how lost you are in your feminist supremacy bubble, that even leftist spaces like lemmy think this thing is creepy.
This already happened in my country, Secret was an app that got huge while I was finishing high school, an anonymous platform for people to confess private stuff, it rapidly became bully culture and libel central.
It’s gossip and toxic. Have you not seen what these places are on Facebook?
Sucks that it has to
It doesn’t have to.
The app required ID uploads ostensibly to verify that you were a woman signing up, men were not allowed to join for obvious reasons
Aside from the fact that it was stored in a public database, there’s no need to store photos of the IDs at all. The account can just be marked as verified and move on.
Also I doubt that measure would keep a man out if he really wanted to join…
The drivers license thing is likely due to a law passed by the UK a few days ago requires all mature content to be behind an age check. And not a “Are you 18: Yes / No”, more like “we will check using ID and photos of you”.
It’s the most hated piece of legislation in a while, with already 100 000 petition votes in 3 days to repeal it.
Almost 250k petition votes now, 150k more votes in the past day alone.
Oh yes the famous state of Colorado UK.
UK driving licences do not look like that, they don’t have US states on them (major clue), are green, and if the person in the photo actually looks like a living human and not corpse, it gets sent back as unacceptable.
Actually UK licenses are pink. Provisionals are green
None of the driver licenses shown in the screenshot are UK style.
No idea why they were collecting identification then.
Even worse, since the hackers got a bunch of the data at once, the company must have held onto those pictures long after they registered people to their service, which they likely didn’t need to do.
Oh, so they started requiring that in the last couple days?
Friendly reminder that some services do need your ID otherwise they cannot help you or at least they need to very you (accountants, notaries, etc)
edit: I can´t do your tax report if I 1 don´t identify you and 2 I don’t have the social security for which I need to do the report
also fucking AirBnB
They generally don´t need it though
Iirc, it’s so that only women can join the app.
Which is not a good reason to upload photos of drivers licenses.
Oh, agreed, it’s just some gatekeeping process for sure.
Someone spilt the tea…
Whoopsie. What goes around comes around.
well isn’t that just ironic
Woah, I just got an ad for this today, and was intrigued enough to see what their monetization model was (in app purchases/subscriptions for “pro” features) and took a big pass on it.
What use is American personal info to a German anon?
Congrats, dumbest take you could have on this.
!["Tea" app - user database leaked today (incl. drivers license & IDs). Daily reminder not to give your ID to online services [THEY DO NOT PROTECT YOUR INFORMATION]](https://lemmy.dbzer0.com/pictrs/image/82b85434-7879-471f-b645-e6a7281e3baf.webp){kind=link}