- cross-posted to:
- hackernews
- cross-posted to:
- hackernews
Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media.
You must log in or register to comment.
I had been under the impression that 4chan had also basically died due to their own site getting hacked
That which has no life can never truly die (or something)
No sympathy from me whatsoever. The app was designed to allow these women to anonymously post personal information about other people. Fuck 'em. Turnabout is fair play. As my kindergarten teacher used to say, “you get what you get and you don’t pitch a fit”.
Plus the whole moral aspect of such an app. While I agree that women have been mostly objectified their whole existence, this doesn’t help anyone.
We need to get rid of both superficial way of looking at each other ( women: seeking mostly young, beautiful, rich yes men, men: seeking perfect body, face, housewife stereotypes). Both mindsets are equally trash.
Agreed
Real
Maybe I’m just getting old, but the idea of “verifying” my real identity to a faceless website or mobile app is abhorrent.
I guess it doesn’t help that governments in some countries (UK, Australia that I know of) are encouraging this bullshit with Trojan horse laws claiming to protect children from adult websites / social media.
Can’t help but think there is also an element of pot meet kettle here, when users of an app designed to dox and slander people without their knowledge are now the ones getting doxxed themselves.
California, Utah, Texas all have laws now requiring age verification to use an app store
If you think that’s the same thing, you don’t understand at least on of those things, but safe money is both…
What if they take people’s biometric aka fingerprint and to view nsfw stuff you goota use the biometric and I am not talking about passkey
How does having my fingerprint prove my age.
The issue is, at some point, they have to connect your “digital you” to your self as a real person, after that they can track you, keep tabs on you. If that data was ever stolen, or a corrupt government rose to power, you’re really screwed.
What if they fucked right off and left parenting what kids do on their devices to their parents?
People sign up to app intended to share personal information about others without their permission, end up having their own personal information shared without permission - the irony is impressive.
At first I was going to call bullshit because I thought you were exaggerating and being ridiculous.
Nope. That’s the app. “Anonymous” sharing of pictures and info of other people. Presumably without their permission. That’s fucked up.
Yeah. I mean, I get it. The concept of the app makes sense. And I would be that, on average, it is/would be used for good.
On the other hand, as a guy, the idea that people are out there sharing reviews of me as a person on the open internet, and I have no way of knowing this, is deeply unsettling. Like, I haven’t done anything wrong - just the whole concept feels very gross.
Especially because the app is called “tea”, like the slang term for gossip. The letter of the intention may have been good but the whole thing is toxic.
You could ask someone you know to register and share the login, it’s a flawed concept. There’s probably a bunch of partners in there who didn’t even know their boyfriend used their info to create an account to check on themselves.
Protecting our users’ privacy and data is our highest priority. We are taking every necessary step to ensure the security of our platform
Since sensitive data was put on a public bucket, maybe they meant it was their lowest priority?
Wow that was fast.
I did not even know this app existed untill about 8 hours ago.
Already comprimised.
EDIT: Also, lol, this arguably is not even largely a hack.
These idiots just had everything stored in a fucking publically accesible firebase bucket… amazing.
They didn’t delete anything they claimed to.
Either way you look at it, anywhere on the spectrum from:
A ] A bunch of women reasonably concerned for their safety
B ] A bunch of gossip mongers
… well, they’ve now all been doxxed, ironic from each angle.
What a fucking disaster.
This is what happens when you decide to vibecode a service with zero attention to safety or web development. This is why you don’t immediately jump onto a new service without it being vetted properly. Now one of the worst communities on the Internet is in possession of over a hundred thousand women’s driving licenses and faces. This is going to be an absolute disaster.
Now now, I like to shit on vibecoders too but let’s not pretend this is some new problem.
Idiots leave databases on cloud servers exposed all the time rather than deal with their companies often arcane rules for generating certificates
This is ALSO why no service should ever require or get my driver’s license information. Fuck that. Also, yet another Constance to those who can’t afford a car or want to improve the environment by living car free.
My only exception to that are uber drivers. But then again we live in an age where somehow better help has become popular, even though they sell your data.
I disagree on even that. It should be enough to have some trusted “notary” tick a box that they have verified your driver’s license as valid. It should not be stored out sent anywhere at any time. Just showed to a human. Regularly, if needed.
To be fair, I’m not sure why firebase even has a public access option. That’s a recipe for issues.
Though if it’s anything like Google Cloud Store, they hopefully make it very clear that your bucket is public.
How is something “vetted properly” and how do I find out about that?
This is something I worry about all the time as well, especially since I’ve started to learn how to code and experienced how easy it is to mess up and send a list with all registered users to everyone opening a page. (This was in a test environment.)
As a user, there is no proper way I know of to verify an app’s security. Most apps are closed source, but even if you could view the code, what would you look for?
Both Apple and Google have a verification process for apps that are published in their app stores, but if these worked, we wouldn’t see this happening.
There are academic researchers working on apps and privacy as well, but it’s not like you can ask them for a report on an app you’re thinking of installing.
I think it basically comes down to trust. Check if a developer has messed up in the past and how they dealt with that, that sort of stuff. And for dating apps there is this interesting article: https://www.privacyguides.org/articles/2025/06/24/queer-dating-apps-beware-who-you-trust/#reducing-the-risks-when-using-dating-apps
It’s a long read (haven’t fully read it myself yet) and it paints a bleak picture, but that’s the world we live in today.
You wait a while until something like this happens.
I honestly don’t understand what op is talking about.
Leaks happen all the time, even in billion dollar companies.
Their comment is the equivalent like, “This is why you should lock your doors!” Like uh okay.
I love how people just jump on whatever they like, instead of actually thinking about the stuff they read/comment on/upvote. Exactly like on Reddit, no difference.
This was more like leaving all your valuables in a cardboard box on your front lawn. Anyone can just take it, if they care to look inside the complete unsecured box.
Someone just drove up and tossed the box in their truck. No lock involved.
This situation would have been easily preventable with basic understanding of what they’re doing is what OP is saying. This leak is not something highly complex, it is painfully stupid on the side of the developers.
There’s a difference between a hack, where data is exposed, compared to data exposure due to negligence or ignorance on the development side.
Again, how should the end use know anything about what is going on at their end? How does anyone “vett” that? It is a nonsense “argument” to put blame on the users.
“Vibe coded” you just made that up didn’t you, because you don’t like llms. I don’t see anything in the article about “Ai” and this service has been operating for 2 years.
Maybe I shouldn’t have used the term vibe coded. I apologize.
The og 4chan post brought up the vibe coding. Using it as an insult to quality is wider spread than just lemmy.
My thoughts as well. But hey, it’s lemmy! Just accuse someone of doing something we hate, good to go!
I would not under any circumstances give my drivers license to a for profit app. I don’t even like to give my email.
apparently there’s some law in the UK that mandates it now 🙄
Also California
Well UK, have the day you voted for I guess
Unfortunately this is the better of the two main parties. This isn’t republicans winning because dems didn’t vote. Labour won, and this still went through. The UK government as a whole has been on an anti porn brigade for decades. I can’t wait for the day labour and the Tories just die off.
Technically the act passed in 2023 under the Sunak government.
That said; I can’t seem to find a vote breakdown and I would not be at all surprised if labour also backed it.
I’m hoping enough public dissatisfaction leads to labour repealing it but I won’t hold my breath.
The next PM of this country will be the one who promises to bring back all the porn.
I’d like to blame the voting system for the lack of meaningful voting options.
Ed Davey, I can’t imagine Bad Enoch doing anything and Labour were the ones to implement this.
Thank fuck for VPNs, although it now wants to show me hot milfs in Brussels.
Something something Vegemite sandwich
And many republican US states.
Not sure if this is ironic that the users are now less safe after using the safety app. But I still feel bad for the users. Dating is hard enough without the fear of being harmed.
My friend came over and told me a story about this crazy date she was on. The guy love bombs her, sets her up with a massage, then in the morning, goes out and eats McDonalds alone and ghosts her. Then repeats every few weeks with love bombs.
I shared that with my discord group and someone said they know that guy too.
Im assuming that’s what Tea is for.
Wait what? How does one ghost and then repeat love bombing? Also why is eating breakfast alone remarkable? Tf is happening?
…eats McDonalds alone and ghosts her. Then repeats every few weeks with love bombs
Something something “cheat day”
You yadda yadda yadda’ed over the best part.
No, I mentioned the bisque.
And what part is that?
What did he order at McDonald’s?
sets her up with a massage, then in the morning,
What happened between the massage and him ditching her to eat breakfast?
You don’t have to go home but you can’t stay here: https://www.literotica.com/stories
I thought 4chan shut down permanently like 2 months ago?
They found someone to update the PHP version to one released this decade.
Nah they came back online after like 2 weeks I think?
Cancer can return after going into remission for a while.
Self proclaimed “5 star man” Dennis Reynolds is the top suspect
I made an account on this thing to lurk, bc obviously who wouldn’t be curious? I guess I’m screwed now. Rip.
Stay classy, 4chan. /facepalm
I can understand some people’s skepticism on how quickly an app like this can turn into a gossip and defamation tool, especially when those who might be defamed can’t access it… but god damn this isn’t how to show people that aspect of it.
Also, not to say I don’t see the value in apps like these: I absolutely do, they are there for women to protect themselves. I would suspect the number of women misusing it is in the minority and the majority use it appropriately.
Whereas a similar app for men? Those are almost instantly used for things like Revenge Porn. Men are not going to win this battle and prove they are better than women in this regard because the men who would misuse such an app are solidly in the majority. Basically the complete opposite. Events like this prove it.
Anyway, fuck 4chan misogynist freaks.
Men are not going to win this battle and prove they are better than women in this regard because the men who would misuse such an app are solidly in the majority.
I think there’s also a lot of confirmation bias, in the sense that you need to consider why people would seek out such an app. Why would women seek out a women-only app? And inversely, why would men seek out a men-only app? The answer to each will be fundamentally different, which means the user bases will be fundamentally different as well.
Basically, what types of women would go out of their way to engage with a women-only app? Chances are good that the average woman has probably had the thought before, and is doing so to try and stay safe. The active engagement is seen as a positive thing, and she’s willing to jump through a few hoops (like uploading a photo ID) to get there.
Now imagine the inverse. Most guys probably wouldn’t even think of using a men-only app for safety reasons. Like it’s not even on their radar, because safety while dating isn’t something they’re concerned with. Most men probably wouldn’t think of seeking out a men-only app at all. So the pool of men who would be willing to go out of their way to engage with a men-only app is going to look vastly different. The average user likely won’t reflect the average man, because the average man wouldn’t even think to seek out a men-only app. Or if he does, he doesn’t feel strongly enough about it to jump through any hoops to engage. It means the average user would most likely be one of the extremely toxic manosphere/men’s rights advocate/creep/etc stereotypes instead.
To be clear, this isn’t a “not all men” post. Because the reality is that it’s certainly enough men to be concerning. My point is simply that the confirmation bias will be a large factor in whether or not the user base actually reflects the average person.
It’s basically the same way the average Lemmy user doesn’t reflect the average person. If you looked at the average Lemmy user and tried to print that into society, you’d expect the average person to be a Linux-using communist programmer.
Funnily enough there was a men-only equivalent of this. It got removed from the appstore because it became a revenge porn hub.
Disclaimer: Please consider this a sort of fork of your discussion so far, I only mean to say anything about the parts of your comment I actually reference.
…
Why would women seek out a women-only app? And inversely, why would men seek out a men-only app? The answer to each will be fundamentally different, which means the user bases will be fundamentally different as well.
To a significant degree, yes, but I think you are overstating that degree.
Tea is imo more like a gossip app, ala Nextdoor, just specific to dating.
Tea isn’t a dating app, it is… I guess you could call it … dating-app-meta-review app, from a technically minded standpoint?
A supplement to a (or many) dating app(s).
But it doesn’t actually directly link to[(EDIT: whoops I accidentally a sentence there.)]
It is named ‘tea’, as in gossiping, the deets, the low down, the real story, etc.
Literally this is their own marketing:
https://www.teaforwomen.com/about
It is literally just a replacement for Facebook ‘Are we dating the same guy’ groups, but better, if you pay, because the Premium account allows you to run background / criminal / sex offender records.
…
So, a rough equivalent for guys would probably be named something like MPH, officially Miles Per Hour, unofficially, Miles Per Hoe, I dunno, something edgy for the manosphere crowd, where guys would gossip about cheating girls/women, and also be able to run background checks on them for a premium.
I can guarantee you that men would be broadly interested in such an app if it existed.
…
Now imagine the inverse. Most guys probably wouldn’t even think of using a men-only app for safety reasons. Like it’s not even on their radar, because safety while dating isn’t something they’re concerned with.
Maybe not as much in the safety sense of immediate physical danger, but absolutely in the sense of… is this person financially abusive, emotionally manipulative, do they have kids, or a massive amount of debt/bad spending habits, an STI, etc, that they don’t mention untill they’ve been dating you for some time, do they have a history of acting like they’re committed when they’ve in the past cheated whilst acting like they were monogamous?
These kinds of things apply to both men and women, and are far more common to occur in a dating/relationship than physical abuse.
Yes, women are more likely to be the victim of physical or sexual violence or stalking…
But its not like this doesn’t happen to men.
I can personally tell you that I, a guy, have been so lucky as to have had all three of those happen to me, done by women.
But lets not just use myself as an anecdote, here are the stats on that from the CDC, last updated before the Trump Admin got into power, doesn’t look like they’ve fucked with this page.
https://www.cdc.gov/intimate-partner-violence/about/index.html
IPV is common. It affects millions of people in the United States each year. Data from CDC’s National Intimate Partner and Sexual Violence Survey (NISVS) indicate:1
About 41% of women and 26% of men experienced contact sexual violence, physical violence, or stalking by an intimate partner during their lifetime and reported a related impact.
Over 61 million women and 53 million men have experienced psychological aggression by an intimate partner in their lifetime.
We could quibble about the exact stats of what sex/gender the partner was, and they do cite some studies directly, but uh, oversimplifying to pretend only heterosexuality exists…
About half as many men have been seriously, violently victimized or stalked as women, and I’d be willing to bet the psychological abuse numbers are at least a bit closer to equal if you account for men being unwilling to admit to being victimized in that way due to internalized machismo, ‘shut up and deal with it’, whatever you want to call it.
…
Point of me saying all this is to throw numbers toward countering your claim here:
Most men probably wouldn’t think of seeking out a men-only app at all. So the pool of men who would be willing to go out of their way to engage with a men-only app is going to look vastly different. The average user likely won’t reflect the average man, because the average man wouldn’t even think to seek out a men-only app.
I agree that it wouldn’t represent the average man, but we’ve got a potential user pool of 50+ million men in the US who’ve been through a bad relationship and would probably also not want to go through that again.
Again, yes it is absolutely true that women more often experience a more severe form of relationship than men, no argument there.
But I don’t think you can just say that a man version of tea would only appeal to blackpilled manosphere men.
Yes, that would likely be a large proportion of the user base, but there are tons of men who are not misogynists and also would like to avoid being played or abused.
…
Also, uh:
You say that,
The active engagement is seen as a positive thing, and she’s willing to jump through a few hoops (like uploading a photo ID) to get there.
But what I am seeing is:
To access Tea, women have to verify their gender by submitting a selfie, which is then verified by the app’s team.
The rest of that quote is that the picture is ‘verified by the Tea team’, but I think we both know that almost certainly means they just use an AI face scanning tool.
Anyway, point is: taking a selfie is a way, way lower bar to entry than taking a picture of your driver’s liscense… basically every dating app already does the former, this is totally normal now, whereas the latter is… so uncommon I cannot think of an example.
So…taking a selfie is not that much of a trifle, not a strong potential blocker, for a guy who’s already used a dating app in the last 5 ish years.
…
EDIT 2:
Occured to me on reviewing this:
… Yeah, an AI face recognition to verify gender?
How… does that work for trans folks, or even probably just non white women, and are women who are maybe bald or have more typically masculine coded shorter hair cuts, with less stereotypically/heuristically feminine facial features?
AI has fucked up this kinda shit in the past quite badly.
This is a valid take but also consider that the “average man” in the USA is more likely to be a Trump voter or non-voter than someone who would vote to protect women’s rights. Over half of men voters vote for Republican Presidental candidates consistently. On the flip side men supporting Democrat Presidential candidates mostly clocks in at just above 40%. When you account for the size of the USA, those differences are pretty big and put arguably awful men in the clear majority.
I’d love to see where you got your stats, because it looks like you may have cherry-picked a specific group of men for that 60/40 split. The overall split for men in 2024 was closer to 52/46 Republican/Democrat. 52% is still obviously above 50%, but a 6% split between the two is nowhere near the ~20% split you listed. Some specific demographics of men come close to that 60/40 split, but that says more about those specific demographics. For instance, married men swing harder right, but married women do too.
https://cawp.rutgers.edu/blog/gender-differences-2024-presidential-vote
This is for all men and women, not broken down by different factors.
When an average is taken of all the elections, men average 43.67% for Democrat and 50% for Republican for a 6.33% difference. I do also think it’s notable that in only one election since 2000 has the support for Republican candidates from men been under 50%, that’s 48% for McCain in 2008. I honestly think the voting patterns from the 90’s are gone and so while I included those in the averages, I think just touching on votes since 2000 gives a clearer picture with the average for men supporting the Democratic candidate at 44.14% and support for the Republican candidate at 52.58% for an 8.44% difference. That’s still a large spread when we’re talking the total number of men who vote at all. Somewhere around the size of the entire city of Los Angeles in terms of population.
I mean…
Looking at mic_check’s figures…
Lets say we are just talking straight, hetero people.
We got all straight men at 43:55 Dem to Rep, thats a 22% higher chance of a woman randomly picking a Rep instead of a Dem.
Meanwhile you can just, as a woman who is looking into dating a man…
Just pick a random, single, never married dude.
Bam!, now its 61:37 Dem to Rep, a 65% higher chance a random, never married dude will be a Dem than a Rep.
…
We are talking about these stats in the context of dating, right?
Where people like, talk, get to know each other?
Not just being randomly assigned partners from a slot machine?
Do dating apps not like, allow you to filter by something like this, or… talk/chat to a person, and ask them questions before you meet them…?
Its kind of silly to paint individual people with a broadly accurate brush… when the ostensible whole point is to get to know a person individually.
Sure, use broad stats to form a broadly accurate general worldview, but realize its limitations.
Are you projecting or what is this?
