Oh I see the absurdly, negligently insecure Tea app is now getting the "hackers hacked" treatment, so that it can comfortably deflect blame to some unspecified scary hackers?
Cool, cool.
*takes out a bullhorn*
📢 Tea kept drivers license photos of thousands of women in an unprotected Google Firebase storage bucket.
📢 Centering "hackers" means helping let those responsible for the horrendous negligence at Tea off the hook.
👏 There is no "hack", only other people's negligence.
Darth Tiktaalik 🏳️⚧️ likes this.
reshared this
"This guy planted a bunch of catnip in his ally and this happened 😵💫"
DON'T FORGET TO PICKUP YOUR PETS
Happy #Caturday
via The Smokin Grasshopper 🦗🍃
@smokingrasshopper.bsky.social
Darth Tiktaalik 🏳️⚧️ likes this.
reshared this
‘This is not a warning.
Famine has already arrived in Gaza. It is not a metaphor, nor is it a prediction. It is daily.
…
Noor, my eldest sister Tasneem’s daughter, is three; she was born on May 11, 2021. My sister’s son, Ezz Aldin, was born on December 25, 2023 – in the early months of the war.
One morning, Tasneem walked into our space carrying them in her arms. I looked at her and asked the question that wouldn’t leave my mind: “Tasneem, do Noor and Ezz Aldin understand hunger? Do they know we’re in a famine?”
“Yes,” she said immediately. “Even Ezz, who’s only known war and ruins, understands. He’s never seen real food in his life. He doesn’t know what ‘options’ are. The only thing he ever asks for is bread.”
She imitated his baby voice: “Obz! Obza! Obza!” – his way of saying “khobza” (a piece of bread).
She had to tell him, “There’s no flour, darling. Your dad went out to look for some.”’
aljazeera.com/features/2025/7/…
#israel #genocide #ethnicCleansing #apartheid #settlerColonialism #famine #starvation #StopIsrael #StopFundingGenocide #Palestine #Gaza #WestBank #FreePalestine
‘Did you eat today?’: Voices of Gaza speak of starvation and survival
‘We are starved by the Israeli occupation,’ says Taqwa al-Wawi in Gaza, where all she thinks about is how hungry she is.Taqwa Ahmed Al-Wawi (Al Jazeera)
reshared this
Emergency Preparedness Tip:
Put your local fire department and police department dispatch numbers (non-911) into your phone.
Lots of 911 outages recently; if you have phone service still and need to call for help, it's useful to have them in your phone. (won't help you if your cell towers/etc. go down of course)
Darth Tiktaalik 🏳️⚧️ likes this.
reshared this
Texas Observer: The San Antonio Flood of 1921 Held Lessons We Refuse to Learn
There is nothing unknown about what triggered the brutal Hill Country flood of 2025 and so many others dating back to the nineteenth century.
"...There was little to no public memory. People did not die solely because of forgetfulness but because this amnesia allowed succeeding generations to erase the past and their responsibilities to the future. When they could have enacted post-flood, life-saving interventions, they chose not to act on their progeny’s behalf...."
Darth Tiktaalik 🏳️⚧️ likes this.
reshared this
Outbreak of Salmonella Typhimurium Infections Linked to Commercially Distributed Raw Milk — California and Four Other States, September 2023–March 2024
cdc.gov/mmwr/volumes/74/wr/mm7…
#RawMilk #UnpasteurizedMilk #SalmonellaOutbreak #PublicHealth
“A Shameful Chapter”: How Anti-Trans Disinformation Drowned Out Science and Gripped the Mainstream
assignedmedia.org/breaking-new…
“A Shameful Chapter”: How Anti-Trans Disinformation Drowned Out Science and Gripped the Mainstream
A pipeline of pseudoscience funded by powerful right-wing hate groups has undermined medical truths with the help of big media.Assigned
erik eva reshared this.
#Fread 1.4.5 has been released.
1. Support multiple accounts to log in to a single platform
2. Solved some known issues
play.google.com/store/apps/det…
#Mastodon #fediverse #Opensource #RSS #FOSS #Freesoftware #fdroid
Fread - Mastodon Bluesky RSS - Apps on Google Play
Built for Mastodon, Bluesky and RSS—simple, powerful, and beautifully crafted.play.google.com
Darth Tiktaalik 🏳️⚧️ likes this.
Darth Tiktaalik 🏳️⚧️ reshared this.
if you believe that trans people doing their gender in a way you disagree with makes them accomplices of the patriarchy, you are not a safe person for trans people to be around.
this goes double for people who are themselves trans. work on your internalized transphobia and misogyny.
Darth Tiktaalik 🏳️⚧️ reshared this.
Obs, I don't know the full context here. But I feel how any of us do gender is highly influenced by the patriarchy. This doesn't mean we shouldn't do these things though. Personally, I do things to help manage my body issues which are highly influenced or set by western patriarchal norms of femininity, but I do so with that acknowledgement. We swim in patriarchy, so we can't avoid it. Anyone who critiques another's expression of their gender should also bear this fact in mind.
Feminism has long argued that the Personal is Political. How we fall into or express our gender is highly personalized, and thus political. Yet, any discussions around this should invoke a desire for understanding long before criticism should be laid. If anything else, feminism teaches us to listen to one another. To suggest that any one of us (individually) is responsible for our own oppression or the patriarchy is ridiculous. However, we should all be ready to cast a critical eye to our own actions and understandings to help ensure we are not prescribing or furthering oppressive norms as much as possible.
Darth Tiktaalik 🏳️⚧️ reshared this.
Darth Tiktaalik 🏳️⚧️ reshared this.
The National welcomes Donut tRump to Scotland in true Scottish style.
Oddly enough, The National seems to be selling in unusually large numbers today, this was almost the last copy left at my corner shop... and I only bought it to take a photo of the headline 😂
reshared this
Ugh, I hate how that headline leaves out such important context.
He was found civilly liable for the sexual assault and (repeated) defamation of E. Jean Carroll. Ordered to pay around $500 million, I believe.
He was convicted of 34 criminal felonies for business fraud related to his 2016 coverup of an affair with porn star Stormy Daniels.
I believe a couple of law dictionaries are updating their definition of "Moral Turpitude" to just be a picture of Donald Trump.
Darth Tiktaalik 🏳️⚧️ likes this.
reshared this
Hello#RFKjr also a Jeffrey Epstein client
newrepublic.com/post/198416/rf…
RFK Jr. Captured in Old Photos Partying With Jeffrey Epstein
It’s not just Donald Trump. Those in his inner circle were in the same orbit as Epstein too.The New Republic
🕹️ Title: OpenHV
🦊️ What's: A libre 90s-inspired Sci-Fi RTS game
🏡️ openhv.net/
🐣️ github.com/OpenHV
🦉️ mastodon.social/@MatthiasMaila…
🔖 #LinuxGaming #ShareYourGames #Strategy #RTS
📦️ #Libre #Arch #Flatpak #AppIm #Snap
📕️ lebottinlinux.vps.a-lec.org/LO…
🥁️ Update: 20250627/28
⚗️ Minor vers. 🐁️🐞️🐞️📑️💎
📌️ Changes: github.com/OpenHV/OpenHV/relea…
🦣️ From: mastodon.social/@holarse/11476…
🦝️ youtube.com/embed/7pe8s_ujwXA
🎲️👥️ youtube.com/embed/SCgmMs0_Itw
🎲️👤️youtube.com/embed/Go0v-yzrRxA
💥️🐧video.hardlimit.com/videos/emb…
reshared this
Hello and a good meowing g everyone! 
Have a most wonderful day and stay safe! 😸❤️
Darth Tiktaalik 🏳️⚧️ likes this.
Darth Tiktaalik 🏳️⚧️ reshared this.
Oh, you thought it was going to stop with trans people?
#bigotry #terfs #fascism #TakeAFuckingBowJKRowling disabled.social/@MikeImBack/11…
reshared this
“My parents very clearly do not love me”: Children of Bayswater Speak Out
"In July last year, we exposed Bayswater Support Group’s private Discord for The Bureau of Investigative Journalism, revealing evidence of child abuse and political lobbying. Bayswater describes itself as offering “parents whose children have a transgender identity somewhere to talk, share and be understood”. But posts from their private Discord forum revealed that parents exchanged conversion therapy tips, and fostered relationships with MPs to push anti-trans policies."
transsafety.network/posts/my-p…
#Transgender #LGBTQ #ConversionTherapy #TransYouth #TransKids #Transphobia #Transphobes #TransChildren #GenderCritical #Terfs
"To say the very least, Trump folks online are not happy. Many of them love South Park because of its ruthless mockery of 'woke' culture, and suddenly, here’s their Daddy being called a fascist little bitch by the creators of the show."
charlotteclymer.substack.com/p…
South Park Thinks Trump is a Little Fascist Bitch
The best satire in years.Charlotte Clymer (Charlotte's Web Thoughts)
Darth Tiktaalik 🏳️⚧️ likes this.
reshared this
This new piece by @billiejsweeney.bsky.social has everything. A conspiracy to pervert science, a prominent spokes-doctor with a perennially lapsing medical license, and a curiously close relationship between the ADF and the New York Times.
How Anti-Trans Disinformation ...
“A Shameful Chapter”: How Anti-Trans Disinformation Drowned Out Science and Gripped the Mainstream
A pipeline of pseudoscience funded by powerful right-wing hate groups has undermined medical truths with the help of big media.Assigned
Darth Tiktaalik 🏳️⚧️ likes this.
reshared this
Gaza doctors ‘becoming too weak to treat patients’ as hunger crisis deepens
Malnourished medical staff say they are struggling to provide care to injured civilians, while recovery rates are also hit byAnnie Kelly (The Guardian)
reshared this
nicole mikołajczyk likes this.
reshared this
Belgian court rules transgender cyclist’s exclusion was discriminatory
belganewsagency.eu/belgian-cou…
#transgender #trans #LGBTQ #LGBTQIA
Belgian court rules transgender cyclist’s exclusion was discriminatory
A court in Brussels has ruled that the exclusion of a transgender female cyclist from women’s competitions was discriminatory and lacked...belganewsagency.eu
🌴 Seph 💭 👾 likes this.
Darth Tiktaalik 🏳️⚧️ reshared this.
Darth Tiktaalik 🏳️⚧️ likes this.
reshared this
Study Ordered by Utah Republicans Finds Gender-Affirming Care Benefits Trans Youth
them.us/story/utah-gender-affi…
"Rate of regret after Gender-affirming surgery is approximately 1%. Other life decisions, such as having children and getting a tattoo have regret rates of 7% and 16.2%, respectively."
americanjournalofsurgery.com/a…
Trans women and fairness in sports
Transgender Athletes Could Be At A Physical Disadvantage, Research Shows
forbes.com/sites/lindseyedarvi…
Specific claims of unfairness are self debunking if the source is at all honest about the situation.
For example trans marathon runner Glenique Frank finished 6,159th in the female category but you would get an entirely different impression if you didn't read past the headlines in the daily mail: archive.ph/udkN7
Similarly, Riley Gaines's fairness grievance was literally a tie for fifth place.
Nobody's placement changes if Lia Thomas didn't compete and again, the complaint was that a trans women dared to perform equally to a cis women athlete.
Then there's the chess controversy which is so ridiculous and misogynist that I don't need to dignify it with a debunking. It's just sexism dressed up as concern for cis women.
Miscellaneous
Critically appraising the cass report: methodological flaws and unsupported claims
doi.org/10.1186/s12874-025-025…
Further citations to research on the subject of transgender healthcare thanks to this archived reddit comment by tgjer web.archive.org/web/2019082319…
#transgender #transRights #TransAthletes #LGBTQ #GenderAffirmingCare #GenderAffirmingSurgery #trans #TransWomen
Critically appraising the cass report: methodological flaws and unsupported claims - BMC Medical Research Methodology
Background The Cass Review aimed to provide recommendations for the delivery of services for gender diverse children and young people in England.BioMed Central
Transgender people over four times more likely than cisgender people to be victims of violent crime
"Trans-inclusive bathroom policies are linked to lower assault rates against transgender students."
"Trans-inclusive bathroom policies are not linked to higher rates of assault against cisgender people."
#altText4you photo of Dan Barker standing at a lectern, with text:
Asking
If there is no God, what's the purpose of life?
is like asking
If there is no master, whose slave will I be?
Darth Tiktaalik 🏳️⚧️ likes this.
Doctor who with a better take on morality than any Christian on debate forums:
"Goodness is not goodness that seeks advantage. Good is good in the final hour, in the deepest pit without hope, without witness, without reward. Virtue is only virtue in extremis."
season 10 episode 6
Sensitive content
Darth Tiktaalik 🏳️⚧️ likes this.
Darth Tiktaalik 🏳️⚧️ reshared this.
nemo™ 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •I've been on this soapbox for years and I ain't stepping down off of it:
rys.io/en/155.html
This kind of "hackers hacked" bullshit is why we have shit cybersecurity laws that end up penalizing reverse engineering and security researchers instead of negligent companies putting out insecure products and services.
Remember the Polish trains DRM scandal? When experts showed that Newag's trains had illegal DRM, Newag explicitly used their self-identifying as "hackers" to smear them in media.
How (not) to talk about hackers in media
Songs on the Security of Networksreshared this
Esther Payne, Charlie Stross, Runes, Jonathan Beverley, Florian Schmidt and Alex@rtnVFRmedia Suffolk UK reshared this.
nemo™ 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •You need a headline for the story about the Tea app leak?
How about:
👉 Negligence at Tea Puts 13.000 Women in Danger
👉 Tea App Put Drivers License Photos of 13.000 Women Publicly on the Internet
👉 Tea Failed to Secure Drivers License Photos of 13.000 Women
It's *that easy* not to help deflect blame from whoever is actually responsible for 13.000 women now having to deal with their personal details and photos being pored over by the last people they'd like to have access to them.
reshared this
Roy, Esther Payne, Lysdexic, Florian Schmidt, der.hans, GailWaldby@bsky.social❌👑, Alex@rtnVFRmedia Suffolk UK and David Chartier reshared this.
Doug Webb
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •marius
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •> Negligence at Tea Puts 13.000 Women in Danger
@rysiek totally agree, but the people that released the information are definitely guilty of a lot more than just being incompetent, they're actively and unequivocally assholes... please let's try not to lionize them due to some misguided sense of pedantry about what hackers are or do.
There is such a thing as responsible disclosure after all.
Michał "rysiek" Woźniak · 🇺🇦
in reply to marius • • •nobody is saying the dweebs that found the Firebase storage bucket and then leaked the data on 4chan are in any way positive characters here. They are definitely, unequivocally not.
But at the center of this leak lies negligence on part of Tea. That's where the focus needs to be.
And my "misguided sense of pedantry" comes from decades of watching this kind of BS happen, while actual security researchers get blamed for corporate negligence they expose.
Michał "rysiek" Woźniak · 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •this "misguided sense of pedantry" also comes from my being a part of the hacker community, and my watching that hacker community do amazing, wonderful things (like producing 50.000 face shields for doctors and nurses in Poland during COVID, distributing them for free), and yet constantly being stereotyped as some creeps in a hoodie.
And I am not going to stand for any of that.
I know what hackers are and do. Nobody gets to tell me I am "misguided" about my community, thanks.
Esther Payne reshared this.
marius
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •> That's where the focus needs to be.
@rysiek I disagree.
In all of this situation there is only _one_ act of maliciousness, and it's not on the part of those idiots - until proven otherwise.
I agree that they need to be made legally responsible, and hopefully someone will do that one way or another, but they are not the moral culprits of this story so far.
Michał "rysiek" Woźniak · 🇺🇦
in reply to marius • • •@mariusor they absolutely are among the moral culprits of that story.
They explicitly marketed themselves as an app to "keep women safe". They failed to do the absolute basic stuff to make good on that promise to women who trusted them.
If I opened a bank and marketed it as "the safe place for your money", but kept your money in an unlocked closet somewhere, I would definitely be a moral culprit if that money got stolen.
Any sufficiently advanced negligence is indistinguishable from malice.
Lysdexic reshared this.
Michał "rysiek" Woźniak · 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •@mariusor and even if you want to make that kind of a point, dragging "hackers" into this is BS.
It's as if in my bank example media was then churning out headlines like:
Drivers Robbed a Bank
…just because a car was probably used in the heist. Or:
Metalheads Robbed a Bank
…just because somebody heard heavy metal playing from the getaway car.
You want to go that way, go for it, but then avoid stereotyping a community needlessly.
Doug
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •marius
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •I think you should apply this logic but in reverse.
Just because those people call themselves "hackers" - or media calls them that - doesn't mean that you, also a hacker, should be personally offended to the degree that you willingly or unwillingly try to diminish their culpability and shift the blame to the idiots that made it possible in the first place.
Again, there's only _one_ reprehensible act in all of this, and you're dancing around how bad it is with pedantry.
I'm sure you're aware of the fallacy that begins with "not all men...", and that's how you sound to me right now.
Michał "rysiek" Woźniak · 🇺🇦
in reply to marius • • •@mariusor
> Again, there's only _one_ reprehensible act in all of this, and you're dancing around how bad it is with pedantry.
Again, there's multiple reprehensible acts here. And I agreed with you explicitly that the dweebs who leaked it are reprehensible. No dancing around that from my side.
> doesn't mean that you, also a hacker, should be personally offended
Again, this is not about me being offended. It's about minimizing and deflecting blame on the part of the company behind Tea.
Michał "rysiek" Woźniak · 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •> I'm sure you're aware of the fallacy that begins with "not all men...", and that's how you sound to me right now.
Yeah sure, you are really trying to paint me as if I were in any way justifying what 4chan dweebs did. Which for the third time: I am not, it was malicious and reprehensible.
But since you keep trying to paint me with this, regardless of how many times I make that clear, I think we best end this conversation.
Have a good weekend.
marius
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •I'm not trying to paint you as an apologist for the leakers, but when you post this type of rant, you must take your distance very explicitly if you must make a stand.
Focusing on the smaller issue - which might be warranted from your point of view - should not detract from the greater message of who's actually to blame.
So, apologies, I am fully aware of what you mean with this thread and I'll acknowledge that it is not in support for those assholes.
My intent was to point out - to you, and maybe others - that you inadvertently divert the attention from the real problem. Peace.
Michał "rysiek" Woźniak · 🇺🇦
in reply to marius • • •I appreciate that.
But I will still push back against your implicit characterization of what the "real problem" is.
Driver licenses and photos of thousands of women ended up leaked.
The main cause of that state of affairs is negligence on the part of people behind the Tea app, who failed to implement the most basic security around how they stored the data.
Yes, petty Internet trolls did the leaking. But we're not talking about APT-level attack. This is basic shit.
Michał "rysiek" Woźniak · 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •@mariusor and most importantly, this is the most *actionable* part of the whole fuckup.
Saying "there are Internet trolls, they leak shit when they find it, this is bad and they are reprehensible" is true, trivial, and doesn't get us anywhere closer to making these leaks happen less.
Focusing on the truly absurd level of negligence of people behind Tea app in this case does.
Because the next time a middle manager or corporate exec decides to cut corners, they might consider the consequences.
Hypolite Petovan likes this.
silverwizard reshared this.
NosirrahSec 🏴☠️ guillotine enthusiast
in reply to marius • • •@mariusor not protecting sensitive data is not "a smaller issue."
It's a "you don't understand this enough to comment."
Michał "rysiek" Woźniak · 🇺🇦
in reply to NosirrahSec 🏴☠️ guillotine enthusiast • • •Tekniquelly correct
in reply to marius • • •lunchy
in reply to Tekniquelly correct • • •@tek @mariusor don't assume malice what can adequately be explained by stupidity
firebase is soooooo easy to misconfigure, it's completely insecure by default, im not at all surprised this would have happened
Michał "rysiek" Woźniak · 🇺🇦
in reply to lunchy • • •@lunch I said it before and I'll say it again:
Any sufficiently advanced negligence is indistinguishable from malice.
I don't think it was strictly malice on Tea app's side. But it was negligence of the level that is indistinguishable from actual malice.
@tek
Tekniquelly correct
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •AnneH
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •forbin42
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Howard Cohen
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Howard Cohen • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Some people seem to need a bit of clarification, so here it is:
The petty Internet trolls who found this open Google Firebase storage bucket and publicized the data contained within are reprehensible. They acted maliciously. They are responsible for what they did.
But this is not an APT-level attack. This is some Internet rando stumbling into a trove of personal data left publicly exposed by the negligent company responsible for its safe-keeping.
Focusing on the rando ignores the core issue.
"Musty Bits" McGee
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to "Musty Bits" McGee • • •Martin Seeger
in reply to "Musty Bits" McGee • • •@arichtman Remark: I do responsible disclosure for open buckets a lot. I never publicize them before they are closed.
But informing the company who leaks the data is an exercise in futility. You get ignored 9/10 times. You nearly always need to find a way to pressure them, but just publicizing stuff is plain wrong.
There is no proper way to report this. Microsoft ignores it, AWS ignores it, Google ignores it, CERTs ignore it, and so on.
P.S. There are leaks that are unbelievably worse that remain open for month even after reporting them.
reshared this
Alex@rtnVFRmedia Suffolk UK reshared this.
Adam Shostack
in reply to Martin Seeger • • •@masek @arichtman Do you maintain a list or a database once they're resolved?
I ask because through DEF CON Franklin, I'm looking to highlight how responsible many researchers are, and contrast that with irresponsible companies.
The Turtle
in reply to Martin Seeger • • •Martin Seeger
in reply to The Turtle • • •@the_turtle @arichtman No need, if the bucket is writeable, you'll find tons of malware in it already.
Example of communication with AWS:
And while the answers from AWS are a shame for every service provider, at least they answer. Microsoft is all hear nothing, see nothing, say nothing in such cases.
rozodru
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Bingo and I'd bet damn good money they weren't the first to get access to the docs. they were just the first to say they got access. I mean literally all you had to was just get the project-id for the firebase bucket. and you could quite literally get that from the app itself without doing any "hacking" whatsoever.
AI only provides the most basic of configs if that for security stuff. a prompt monkey just hit shift+tab then browsed reddit while claude code built the thing.
the founder of Tea should be arrested.
Craig Stewart
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Craig Stewart • • •Craig Stewart
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •it's almost as if people are capable of holding complex nuanced opinions about the state of the world around them!
But that's not really really terribly good as a hot take in the world of clickbait and attention farming.
Alex
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Chamomile 🐑
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Kevin Granade has moved
in reply to Chamomile 🐑 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Kevin Granade has moved • • •Kevin Granade has moved
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Setting the record straight and direct action are all that's left.
Michał "rysiek" Woźniak · 🇺🇦
in reply to Kevin Granade has moved • • •Tito Swineflu
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •letterbeen
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •- If this horrific rando hadn't done it, the issue was serious enough that some other rando was bound to come along and do the same thing later
- If Tea had secured their stuff better, and/or NOT stored such sensitive data, there would have been a much lower chance of this happening
Phosphenes
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •The media did exactly this back with the Melissa virus. Microsoft created a giant embarrassing security hole, which a depressed guy exploited to stage an email popcorn fight (when he could have done much worse but chose not to).
Instead of owning their reckless blunder, MS framed the culprit as some evil genius hacker, so the only possible solution was to throw him in jail for years. Not THEIR fault. 🙄
Michał "rysiek" Woźniak · 🇺🇦
in reply to Phosphenes • • •Paweł Szczur
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •this is a thing that companies should be seriously fined. The level of ignorance hard to even think about.
Even in the dev environments I setup myself I’m using password, so I can see if all the password mechanics works as expected ;)
Michał "rysiek" Woźniak · 🇺🇦
in reply to Paweł Szczur • • •@pawelszczur this is something that should get someone who made that decision some prison time.
Fines are indistinguishable from taxes to rich enough companies. This needs to be personal responsibility of whoever made the call.
And I am going to bet there is internal communication at Tea that shows some techie somewhere opposing this bullshit, and some middle manager overriding them because cost or time or whatever.
arceuthobium
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Q.H. Stone
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Gabbo the wafrn guy
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •I would had shared a reddit link. but the fuckers were "hahaha ironic right these people deserve it"
what the actual fuck. seriously.
Michał "rysiek" Woźniak · 🇺🇦
in reply to Gabbo the wafrn guy • • •stux⚡
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Btw, the site claims woman can check things on guys like criminal record, sex offender etc
But the thing is..
They do not verify this info! It's in their terms: they do NOT check any given info
Jonah Aragon
in reply to stux⚡ • • •@stux I mean, two things can be true:
1. Tea is grossly negligent
2. Tea is grossly unethical
Three things even, since some people get confused about the second, lol:
3. 4chan still isn’t remotely justified to irresponsibly leak information, even if it’s the information of users from an unethical app. Tea users are still victims themselves.
Michał "rysiek" Woźniak · 🇺🇦 reshared this.
forbin42
in reply to Jonah Aragon • • •Darth Tiktaalik 🏳️⚧️ likes this.
Jonah Aragon
in reply to forbin42 • • •@stux @rysiek
forbin42
in reply to Jonah Aragon • • •Jonah Aragon
in reply to forbin42 • • •@stux @rysiek
forbin42
in reply to Jonah Aragon • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to forbin42 • • •@eric@mammut.ericmitch.com I am a philosophy drop-out, so that should be good enough: no, ethics is not a zero-sum game.
The "ends" do not "cancel each other out" because there are thousands of women that are in harm's way because of this leak.
Also, "maybe people just need to think twice about…" in the context of this kind of leak is victim blaming. That's really crap.
And *plenty* of people here acknowledge that a lot of tech companies follow an immoral business model (surveillance capitalism).
@jonah @stux
forbin42
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •FOZIE🐬
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •Cosvak
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Yo two things, who the fuck trusts any app to scan your driver's license, shit I refuse to get booze delivered cause I'm like, fuck you door dash you ain't getting that.
Second thing, the f is the tea app and what scam are they saying their app does?
Dieu
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Three plus or minus five
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Three plus or minus five • • •nicole mikołajczyk likes this.
Haroith
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •The Waveform Conglomerate
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •So let us get this right.. Tea forced people to upload personally identifiable information to prove they were "real women"???
Reminds us of that notoriously transphobic dating app, Giggle, which also used "AI" to "work out" if you were a "real woman"...
Michał "rysiek" Woźniak · 🇺🇦
in reply to The Waveform Conglomerate • • •The Agender Kiwi
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •there is absolutely zero reason to store insecure, unencrypted, information in a bucket, s3 or otherwise.
Corporations/Institutions need to start being held accountable when PII is leaked due to shoddy and insufficient security practices are being implemented
If they can't secure their data infrastructure, then they shouldn't be asking for such sensitive information.
#DataPrivacy #EncryptEverything #BestPractices
Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •@Lydie @solitha do we *know* it was vibe-coded? Is there any link you can share?
Don't get me wrong, I would not be surprised, but I also want to make sure this was the case first.
ℒӱḏɩę 💾
Unknown parent • • •Solitha
Unknown parent • • •Alex@rtnVFRmedia Suffolk UK
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •MarjorieR
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to MarjorieR • • •Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •@Lydie right. So:
> People over the internet assume that the app's storage mechanism was "vibe-coded" but that's just pun-intended for now.
Seems like this is just based on the rumor mill and nothing more…
If you do see something that substantiates this in any way, I'm all ears!
@solitha
Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •Skylar Caulfield
Unknown parent • • •Chuck
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •eri
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Starry
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Thanks for posting this, it makes me sad every time I see a leak like this. And it's only going to be happening more frequently as age verification gets normalized
If anyone's looking for a direct link on the Tea hack, here's an article
nbcnews.com/tech/social-media/…
archive.is/H5XM8
Tea app hacked: 13,000 photos leaked after 4chan call to action
Kevin Collier (NBC News)Michał "rysiek" Woźniak · 🇺🇦
in reply to Starry • • •decrypt.co/331961/tea-app-clai…
Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail
Jose Antonio Lanz (Decrypt)Starry
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Jargoggles
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Goddamn, I need all the people who are completely missing the point to think of it this way:
Imagine your bank leaves everything unlocked at night and doesn't even post a guard. Anyone can walk in and take whatever they want after hours.
When, not if, someone stole everything, do you think the appropriate headline would be, "Daring bank robbers clean out vault?" Or would you want the story to be about how your bank was criminally negligent with your stuff?
Yes, the people who did the stealing are bad and they should be punished, but is that really the top story there?
eblu
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Earthshine
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •Stanley Jones
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •I have no special information about Tea other than what I've read but it does seem that this is less than 1% of all users and no one who's joined in over a year. If accidentally misconfiguring permissions on a legacy object store is "absurdly negligent" that applies to pretty much every tech startup.
But if you wanted to say that yes the entire industry is absurdly negligent I wouldn't fight you. 😆
Michał "rysiek" Woźniak · 🇺🇦
in reply to Stanley Jones • • •@stanley storing any kind of PII, especially photos of official IDs, on a publicly-reachable unprotected storage bucket is absurdly negligent, yes.
It wasn't "accidentally misconfiguring permissions", it was "not configuring any kind of access controls in the first place." It wasn't an honest mistake navigating complex access control system, it was not even considering to put any kind of access control system in front of this.
And this is an app that was supposed to "keep women safe", no less.
thedoh 🇨🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •