19 comments

[ 1.9 ms ] story [ 46.3 ms ] thread
Do they officially sell user data or show ads to users?
It said Secret _sharing_ app. I guess people should pay attention.
The dataset also revealed the location data for each post, which could be easily used to identify individuals. Did the service stated in the EULA that location data is also going to be public? If so, did they notify this to the users in a clear, straightforward manner?
They could have made so much on Empire with that.

Actually, does anyone use Empire anymore with its reliability issues? Dark.fail is like the darknet downforeveryoneorjustme.com and seems like other marketplaces are up a lot more lately.

Such carelessness needs to be heavily punished. I didn't check the details, but I'm guessing it was some No-SQL database left open with default settings. But that's irrelevant: the company that does such a thing needs to be shut down.
>I didn't check the details

It's in the first line of the third paragraph of the article. If you're not bothered reading about the topic being posted, why are you weighing in on it?

>But that's irrelevant: the company that does such a thing needs to be shut down.

People who post their dirty laundry on an app in a time when we know everything online is recorded, tracked, sold off to others, hacked and stolen or archived in a government database and then have the gall to complain about that dirty laundry getting out should have their internet access removed from them. Parents who let their children put themselves in this situation should be monitored by CPS.

Ignorance is no longer an excuse.

> Ignorance is no longer an excuse.

Nor is it justification for the leak. It may be unwise to share sensitive data online but people aren't going to stop doing it just because it's not a good idea; it needs real consequences for companies who let that happen.

>it needs real consequences for companies who let that happen.

Companies are ran by business people who often aren't technically literate, or are at a high level, or have become detached from it, and so they hire and pay people who lay claim to expertise knowledge to create these systems.

Why stop at the companies?

Engineers ultimately allowed this, and other such breaches, to happen. We've seen auto engineers in Germany being taken to task over fudging numbers for emissions tests, what if we held software engineers to the same level of liability when their creations result in people's data being stolen?

>If you're not bothered reading about the topic being posted, why are you weighing in on it?

This appears to be an issue for what seems like well more than half of all HN comments. It's common on reddit, too, but seems more common here, for some reason. So many people just respond to the HN title and don't click the link.

>People who post their dirty laundry on an app in a time when we know everything online is recorded, tracked, sold off to others, hacked and stolen or archived in a government database and then have the gall to complain about that dirty laundry getting out should have their internet access removed from them. Parents who let their children put themselves in this situation should be monitored by CPS.

This is completely absurd. People expect public social media information to be public and anonymous secret-sharing app information to be anonymous and private. And the information does seem to have been treated as private by the company, with the issue being this unintentionally exposed database.

There was no agreement they signed saying their secrets weren't actually secret. They were under the impression this information wasn't public. The company is 100% at fault and users are 0% at fault.

Parents also shouldn't be responsible for every single thing their children say to their friends and classmates. You think parents should be monitored by CPS if they don't tyrannically ensure their children aren't using any sort of messaging apps? That's insane. Education around potential security issues with services is important, but the fault here is still entirely on MediaLab.

They don't "have the gall" to complain; it's people like you who have the gall to blame customers for entrusting private information to an application designed for private information. Blaming victims and parents and saying they should be blocked from using the internet, or having kids, is one of the worst takes I've ever heard.

And there are plenty of things that are (almost certainly) not in fact recorded, tracked, sold, hacked, or archived by governments. If you just want to give up on anything on the internet possibly being usable or trustworthy whatsoever, why are you still using it? You should be removing your own access to it.

> People who post their dirty laundry on an app in a time when we know everything online is recorded, tracked, sold off to others, hacked and stolen or archived in a government database and then have the gall to complain about that dirty laundry getting out should have their internet access removed from them.

It's almost entirely teenagers who don't know better. The parents don't even know about it. And if they do, they don't know any better either.

The problem here is not people. The problem is this bit:

? ...a time when we know everything online is recorded, tracked, sold off to others, hacked and stolen or archived in a government database...

You can say ignorance is no excuse, but you’re a hacker news user. Have you talked to regular people about computer security? They very much are ignorant of what you and I would consider basic knowledge. This app took advantage of people and promised to keep their data secret while failing to do so. Regular people have other things going on in their life and can’t follow everything you and I follow. Don’t be so quick to shame the victims here.
That line you mention says:

> The records were viewable on a non-password-protected database open to the public Web.

Of course I read that. But it does not identify which database it was; and (which is where my guess came in), I'm guessing it was some NoSQL DB like Mongo.

Next time please try not to assume incompetence on other people's part.

Can we stop posting all the paywalled links? So frustrating. I would never subscribe to one of these sites.
FWIW: No WaPo paywall here on Firefox w/ ublock, noscript, privacy badger etc.
Limiting ourselves to only ad-based news sources is not an upgrade.

Also, it's about time you learn how to bypass paywalls.

1. Most of these sites have workarounds (eg posted above)

2. If you don't want to pay for a subscription, that's fine but it's a little silly to demand others don't share content from a news site they subscribe to especially if it is reasonably popular