35 comments

[ 3.4 ms ] story [ 86.6 ms ] thread
Wonder if Zoosk in light of this article will check their audit logs and see who accessed Roya's profile internally then cross reference with employee onboarding dates then fire the employee.
Wonder if a Zoosk employee will read this comment and proceed to doing just that because of it.
I wonder if Zoosk has audit logs.
Who's roya
> Who's roya

Roya Pakzad, the article's author. Her name is right at the top of the article we are discussing.

Tinder actually let's you verify with a phonenumber instead of a facebook profile now.

Or at least they claim to

How in the world is logging in using facebook more secure than email. People can create a facebook account people can create an email.

Author is fooled into false sense of security around facebook profiles. A facebook account can be just as fake as an email address.

The App company is piggybacking on Facebook's spam prevention algorithms instead of implementing or purchasing their own.
While that is correct, and I would also personally prefer that we continued to use e-mail based authentication for other reasons, Facebook does have measures in place now that make it more difficult to create loads of fake accounts.

Specifically, they now require a phone number to create an account. Getting a new phone number is more difficult than creating an e-mail address, so this will prevent at least some of the fakes.

its harder to create email accounts than it is facebook accounts, lately
Privacy practices of "Swipe Left: Privacy Practices of Online Dating Apps":

After clicking on this article, Google, Facebook and LinkedIn will know that you are interested in the privacy practices of online dating apps.

Privacy Policy and Terms of Use:

  Facebook collects user data to create profiles that...

  Google...

  LinkedIn...

Data Retention:

  Facebook...
  .
  .
--Sending HTTP requests to Facebook, Google, and LinkedIn results in the collection of this metadata and possibly data by your national and possibly foreign government surveillance organizations...

---Data retention by your national surveillance organization...:

How will Facebook know I viewed a page which has no FB tracking on it? I didn't see a Like button.
The website is sending out a request to connect.facebook.net

As a rough estimate, maybe 90% of the top 10,000 websites will send out (multiple) HTTP(S) requests to Google and Facebook from your browser.

I'm sure this is true, but what if you leverage something like PiHole and browser extensions like Privacy badger or uBlock? Surely, these offer some tangible protection against this kind of sharing?
"Did you see what their browser was wearing? No wonder."
Sigh, being paranoid bout this stuff makes it really hard to get laid :/

"Screw [dating app] lets meet with this cryptographically anonymous app instead" seems like a tough sell for most women tho.

> "Screw [dating app] lets meet with this cryptographically anonymous app instead" seems like a tough sell for most women tho.

"Sure, but please prepare a cryptographically signed recent lab report showing you've tested negative for all STDs. It would be best if the report was on blockchain."

think i heard a few yc applications just get filed
Our app has a somewhat Tinder-like feel, though it's paid (escorts). I don't want to go overboard plugging, so see my profile for details. For fun, here's how we score on the article's items:

1. No scammers. We require providers to be vetted in some way (references). Clients are going to need to provide screening to see providers.

2-A. We use our custom login system. Verifying your social media account is just a read-once thing we do; we don't ever have access to post. In fact, it is unlikely we'd even get approved for an API key on most platforms.

2-B. For launch we're pretty exclusionary :(. Focusing on cishet couplings, female provider. We're going to address that as soon as possible. Queer sex workers face additional challenges for sure.

3. Data safety. Due to our company's legal status (extrajurisdictional), we have to deeply hide all data. Our servers don't have persistent storage, RAM only. (At boot, it's a manual restore from something like Tarsnap.) Only a few people have root or raw DB access. This does not include most devops people - they go through a change approval process. Real access is limited to core members heavily vested in the company with a need-to-know. More at [1], please ignore the clickbait title.

Another key point: connectivity is heavily restricted. App servers only have inbound socket from their hidden service, plus outbound to the DB layer hidden service. DB layer only has that inbound socket. DB requests are rate limited globally plus per user.

4. We'll wipe your data shortly after deactivation if there are no abuse reports on your account. In which case we keep a photo ID and birthdate so you can't sign up again and get a clean record. This is needed to protect user's safety. But at least a photo is not so readily searchable. Maybe Facebook can do it, but if we were to somehow

1: https://medium.com/@PinkApp/pink-app-trading-latency-for-ano...

Uh- That is a really cool article you shared. Very impressive stuff.

Would love to read a write up on:

> Our servers don't have persistent storage, RAM only. (At boot, it's a manual restore from something like Tarsnap.)

We may write up more when we have things stably working after a while. But we are very cautious mentioning any specific tools, as that gives attackers a head-start. We won't mention OS, stack, DB, etc.

But think something like secure boot, serve up a basic image, download full image from provisioning servers, turn on DB, restore from backups.

"Extrajurisdictional" is an interesting euphemism for a criminal enterprise.
In some places, operating a driving school that caters to women is a criminal enterprise.
An escort service is not a driving school, generally.
Escorting might not be viewed as fundamental a right as driving, but yes, same idea. We put morality over legality.

Extrajurisdictional does not just mean criminal. It means that we operate in a way that no specific jurisdiction can apply itself to us. It isn't a wild card to just do whatever we want. We fully intend to pay taxes where possible. We want to be as transparent as possible to avoid money laundering. We have a strict no drugs policy. Strict age requirements, and, as far as possible, no coercion/trafficking/pimping. (If we see one device managing multiple accounts, we'll investigate/ban.)

From you link:

>"Servers use full disk encryption and the key must be manually entered at boot."

I am curious how do you handle key rotation and storage of encryption keys?

Only a few people have access to the keys, plus a set of third parties (think lawyers) that have a shard of an SSS setup. Changing the boot key can be done now and then.

But we think it is feasible to drop the disks entirely for the main servers. So the disk encryption is an issue for the systems holding our CI and imaging platforms.

I have to admit, combining prostitution, securities fraud, and blockchain technology in one single project is impressively ambitious even by normal startup standards.
(comment deleted)
Calling it securities fraud is rather unfair if you ask me. Why do you say fraud? Sure, we do not follow the SEC rules. In fact, the SEC opinion on ICOs is what galvanized us to go all out and insist on offering real equity to investors. It's far better than the nonsense ICOs come up with to tokenize themselves.

People like the Tezos group, asking for donations... it is disgusting that investors go for that. Demand equity. We always choose morality over legality. Following SEC rules technically, while ripping off investors ... I'd rather be in the clear ethically.

The blockchain part is for payments, so not that big of a deal. Though to raise money, we'd be better off finding a blockchain angle to the platform! Truthfully though, our app is not breaking new tech ground, apart from privacy and security (see the link in my original post).

We are ambitious though! I think we'll be the first blockchain-funded unicorn. Escorting is fragmented and high friction, and we're going to fix it. Our VP of Product is an active sex worker and very tuned in to the real issues facing workers and clients.

(comment deleted)
this is extremely basic, obvious, and probably below the technical level I'd expect from a HN fp item :(

it opens suggesting an insider's view, and then just list obvious trivia.

Very relevant paper: "Hardened dildo.io, A Cryptographically Secure, Usable Matchmaking Service"

https://courses.csail.mit.edu/6.857/2016/files/13.pdf

I've actually implemented this paper in a hackathon, but we never launched it. It's basically like tinder, but no central server has access to anyone's likes. Yet, by using homomorphic encryption and a calculation performed on the server (through which no information is revealed), you can know if someone you liked likes you back. It's pretty cool!