this post was submitted on 25 Jul 2025
584 points (98.2% liked)
Technology
73232 readers
4191 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Wow that was fast.
I did not even know this app existed untill about 8 hours ago.
Already comprimised.
EDIT: Also, lol, this arguably is not even largely a hack.
These idiots just had everything stored in a fucking publically accesible firebase bucket... amazing.
They didn't delete anything they claimed to.
Either way you look at it, anywhere on the spectrum from:
A ] A bunch of women reasonably concerned for their safety
B ] A bunch of gossip mongers
... well, they've now all been doxxed, ironic from each angle.
What a fucking disaster.
if that’s truly how the leak happened then these people, in any reasonable jurisdiction, would be considered criminally negligent, at the least.
yay compsci ethics courses :D
boo courts failing to uphold the law >:(
Hooray two tiered legal system, huzzah!
/s/s/s
While I agree in principle, I think we should still call it a hack. As in "to gain illegal access to (a computer network, system, etc.)" as Merriam-Webster puts it. It shouldn't be legal to do do this just because the website had horrible (non-existent) security. You shouldn't be allowed to rob a house just because the door wasn't locked.
This is more like the door was left open and the lights were on, and you took pictures of the artwork on the entryway walls and then left.
At which step should it turn illegal? You accessing publicly available website? How exactly are you to know if it is supposed to be public or not, if there is not even an attempt at security?
The thing is we don't need to come up with some absolute definition of what should and shouldn't be illegal to talk about this case specifically. They didn't accidentally stumble on this. They doxxed the users instead of responsibly disclosing the problem. This is extremely cut and dry.
If the story here was "I mistyped something and got to a page I shouldn't have access to, I disclosed it to the company, didn't dox anyone by sharing the problem, and now the FBI is after me" it would be different.
They were looking through publicly accessible buckets on firebase. They literally did stumble upon this by accident while going through public data. And then just told other people about what they found. Should they have disclosed it once they realized what it was instead of spreading it? Sure, morally speaking. But I don't see how you could write a law to make this illegal without just trampling on free speech.
That's a weird way to say they doxxed people instead of ethically disclosing what they found. Hiding that detail is why I have a problem with defending this.
If someone steals something they didn't know belonged to someone (say through an unlocked door), should we prosecute them? I don't know. What did they do next after they found out they shouldn't be there? Did they give it back and tell the building owners "hey, you have an unlocked door" or did they yell to the street "hey everyone, come get free stuff!" How did they behave once they knew they did something wrong.
From what I have seen, they initial guys shared a link to the database, not any content. The equivalent of telling people: "Look at this unlocked door I found." They did not "steal" anything as far as I know.
Also, the analogy doesn't work either. What if it really was intended to be public? Making a copy is not analogous to stealing something, it's analogous to taking a picture.
PS: Maybe to make it clearer what I am thinking of. A real court case that happened: A person found a bunch of documents on a government website, just sitting there. He decided to share them. Turns out they were not supposed to be public. The government tried to prosecute the guy who had no idea the files were not public. They thankfully lost.
How can it be the responsibility of a person to try to figure out if these files are supposed to be public or are public on accident? Yes, these guys had a good guess that this was an accident, but so what. We don't prosecute people for having good guesses.
Damn, do you think this link I found that has a ton of women's drivers licenses is supposed to be public? Better share it to 4chan. They'll know what to do.
So it's just about the drivers licenses? We should make a law to ban sharing drivers licenses? Or is it posting to 4chan that should be illegal?
What do you believe should be the law here? You just keep arguing this specific case should be illegal, but based on what? Which specific part?