Reading these incredible comments has revealed a large piece of what was named as the reason for lemm.ee shutting down.
this post was submitted on 25 Jul 2025
567 points (98.3% liked)
Technology
73232 readers
4264 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
I can't open the article, but I think I read that this was hosted on an unprotected bucket. Assuming that's correct I wouldn't say this was a breach. A better headline would be "Women dating safety app 'Tea' exposed women's PII".
To be 100% clear, I'm not excusing the hackers. I don't believe it's morally correct to publicize something because it is exposed. For folks curious about that you can look into how to ethically disclose vulnerabilities. I still view this as doxxing. I still believe what the hackers did should be a criminal offense, it's just that I also believe the app holds a ton of the blame as well. How can you proclaim to be about keeping women safe while putting them at risk? That should be punished as well.
Like if the storage facility you trusted to hold your stuff never had locks on the doors, shouldn't they take a lot of the blame as well as the thief who found out a door was unlocked?
The bigger problem is trying to get the mainstream that would read an article like that to understand the technical difference between hacking and accessing unsecured data.
One of the definitions of hacking is illegally gaining access to a computer system. It doesn't need to involve any sort of exploit. Stealing from an unlocked home is still stealing. Gaining access to a system by phishing is still hacking. Leaking data that is technically publicly accessible that isn't meant to be publicly accessible is still hacking.
Not that I suspect anything good from 4chan but the proper thing to do would be to disclose to Tea that their data is public and allow them to fix the problem. The ethics of vulnerability disclosure still apply when the vulnerability is "hey you literally didn't secure this at all."
This reminded me of an anecdote from maybe 6 years ago. I was setting up and testing a small network and a couple devices to install for a customer, let's say the subnet was 192.168.2.0/24.
Weird things were happening, I was being lazy and wasn't directly connected to the network, may have setup a VPN between devices somewhere; can't really remember. But pings would sometimes drop or blow out to 100's ms.
I eventually ended up disconnecting that network entirely, then the pings continued and got more stable?? WTF! I need we didn't have that subnet in use, even checked before setting it up. In the time between checking and the issues happening, someone in Sydney somewhere had stuffed up on their router and exposed there LAN to the internet without any Firewalls, just available.
Scanned and found all the IPs in use and in them found a printer. Connected to it and printed a page saying I'm from company XYZ and found all these devices available, and to either contact their IT and resolve it ASAP or my company to help. About an hour later it seemed to be resolved.
It was an interesting day.
Uh... you can't just "expose a LAN network to the Internet" in this manner. Local subnets aren't routable over the Internet, so you can't just enter 192.168.2.3 and end up on somebody else's private LAN.
https://www.geeksforgeeks.org/computer-networks/non-routable-address-space/
They would have needed to either have all their internal devices being assigned public IP's or had NAT+firewall rules explicitly routing ports from their outside address(es) to the inside ones. The former is unlikely as normally ISPs don't allocate that many to a given client, or at least not by DHCP. the latter would require a specific configuration mapping the outside addresses/ports to inside devices, likely on a per device+port basis.
Either your story is missing key details or you've misunderstood/made-up something.
The storage facility concept is kinda close, if you count it as "a storage facility beside a major intersection in a big facility, with the locker doors left open despite meant the warning at the front desk not to do so"
Never upload PII to social media
Your privacy is not legally protected.
This is why there should be a nationwide rule that PII data should be deleted after the users identity has been verified
Hungry data privacy lawyers when they learned about Tea this week:
The replies in this thread are disturbing, giving me a sense that Lemmy has a misogyny problem; maybe I was naïve, but I expected outrage about 4chan doxxing women trying to protect one another, instead I see lots of revenge enjoyment as if being doxxed on 4chan is justice for ... warning one another about dangerous men they encounter when dating?
The inability to empathize and take seriously the threats posed to women or to understand their motivation to protect one another is alarming.
There is no good faith extended, but also no evidence presented that instead of safety the app was just for gossip, it's just taken as assumed that women are wrong for using Tea and they all deserve to be doxxed.
Lemmy is full of people with a lot of technical knowledge, who look down on anyone without it. Just look at their responses to someone complaining and an issue on Windows, it's just a hundred people telling you what Linux distro they use.
It's not so much mysogyny, they just can't pass up the opportunity to be smug about something.
It isn't the women who are wrong; it's the app developer and 4chan. But setting aside the data breach, creating a Yelp for dating is a ticking time bomb. They were going to get sued out the ass, data breach or no data breach. I don't know how many times this needs to happen, but I guess web developers have the memory of goldfish. There have been several attempts at something similar that got shut down for the obvious reasons. Making a website that rates human beings is always going to be a legal minefield.
Well lets be honest if someone made a gender inverse version ofctea many people would b concerned about what is being shared on the app. Honestly i find tesla disturbing and the 4 chan doxing dangerous. Both sides can be bad.
load more comments
(4 replies)
The Tea app is agnostic. While its purpose and main use case was made for the safety of women in the dating scene, it was inevitably used to spread exaggerated or misleading information about otherwise innocent men. Imagine being a privacy-conscious individual, and breaking up with a toxic woman. She could go on to spread lies about you and even upload pictures of you to the reverse image search/ai. So even if you were doing everything right from a privacy standpoint, you’d still end up in someone’s private database, subjected to ai training, shared with the government, or who knows what. While I do see the purpose of apps like these, they can effectively take away someone’s privacy/dignity without them even knowing about it. Now imagine being a 4channer, someone probably even more privacy-conscious than lemmings, and possibly experiencing mental disorders like paranoid schizophrenia or autism; of course they’re drawn to hacking an app that would destroy their privacy. They are not sane individuals, so this event really was inevitable.
I think you are misunderstanding why people are upset.
It's horrible that these women were doxxed.
It's also horrible that a subset of women were doxxing men, which is what brought this negative attention to the site.
Misogyny is real in our society, misandry is real.
Saying things happen for sexist reasons when it was for a logical reason does a disservice to movements that seek equality.
The internet also cheered on the 4chan PII leak that happened recently, not becauase it's a male dominant space, but because they do shitty things like dox people.
I'm all for groups of safe spaces for women. Especially when it's designed to keep them safe while dating. I have my doubts that Tea was that. Even if it was advertised as such, "tea" is slang for the word gossip. I've heard stories from several sources that it was used to dox people as well. Not saying what happened to the users is right. I think some users here are just feeling smug that this might cause the app to fail or shut down.
Yeah, naming it "Tea" is really the cherry on top. I'd love to know more about the people behind this. It's hard to believe that anybody would be this oblivious. I guess the same kind of people who wouldn't secure their database.
load more comments
(7 replies)
load more comments
(16 replies)
What are the chances of this being the main reason for the app's existence?
Seeing as the word hack is doing a lot of heavy lifting. They didn't bother to actually secure the data and then put it on the internet for anyone to access.
view more: next ›