20 comments

[ 0.26 ms ] story [ 40.2 ms ] thread
It was a bad idea to create an app like that in the first place, it is a bad idea to have the corresponding man-version of the same thing
Part of me wonders if this was deliberate.
I'm wondering who would fall for this after what happened to the original tea app!? Terrible apps anyway.
What in the world is a "rival tea app for men?"
RateMyProfessor for dating (DateMyProfessor?). Yelp for Tinder. Amazon Reviews for Match.

It helps the argument that anyone you’d want to meet is not on a dating app.

Gender war can't be a sign of a healthy society.
Clearly vibecoding is the future.
> TechCrunch has found

Interesting that they've gone from reporting about flaws others found to hunting and hacking themselves.

Headline should be "Tea app spills the tea on users"
It's concerning that these type of leaks keep happening. Outside of the damage from leaking personal information, they also lower public confidence in trying out new apps. Vibe coding is making it more difficult for app makers in general when users can't trust that their personal information is protected.
> Images of these driver’s licenses are publicly accessible web addresses, allowing anyone with the links to access them using their web browser.

> TechCrunch also identified a potential second security issue, in which an email address and plaintext password belonging to the app’s creator, Lampkin, was left exposed on the server

> While the app requests IDs and selfies from its users to verify their identities — a process that is not automatic — users can access a “guest” view of the app without signing in.

Is this just bad development? Are these just things could be missed by any developer or team?

I'm curious as someone who would like to create side projects with users (albiet not dubious ones these like apps) but I'm always afraid of a glaring security flaw that would be basic 101 of web development.

Aren't they worried about getting sued/pulled from the app store for appearing to be affiliated with Tea, as a trademark issue?
Anybody who'd use an app like that is in a poor position to complain about any privacy problems. I mean, fuck those people.

Of course, it's also probably leaking information about the victims of the gossip as well. Shame about that.

Has anybody tried a GDPR request against either this app or tea? My name, or any personally identifiable data is PII by definition, and GDPR gives me an absolute right to view anything they've got associated with my PII, which would include any posts
Both of these apps are awful so seeing them both leak their user data seems like ironic justice.
How about just not creating doxxing as a service apps?
(comment deleted)
I mean ... it is a competitor ...