The tea of the “red flag” application for women is a nightmare of confidentiality

An application designed to help women spot the “red flags” of the men from which they came out accidentally put its users in danger. 404 media reported this tea was hacked by 4chan users Last week, causing selfies and driving licenses of its users for most women displayed at 4CHAN. An independent researcher for 404 media has since discovered That messages between users discussing infidelity, abortion and personal telephone numbers are also vulnerable to hackers.

The tea was founded by the SEAN Cook software developer, who said he was inspired to create an anonymous whisper network after attending the “terrifying” meetings of his own mother with men. He was also strongly influenced by the rise of “”Let’s go out with the same guy“Facebook groups and operates in a similar paradigm of ringing anecdotal alarms on men of men. Over 4 million active users.

On July 25, 72,000 images – including 13,000 selfies and driving license, as well as 59,000 other images, published on the application – were raped, with many downloads and published publicly on 4CHAN. 4Chan users initially published images of four driving licenses for women, exposing certain personal information, but the commentary storm in the wire suggested that thousands of images were downloaded before the company is aware of the breach. Tea told 404 media that he had launched “a complete investigation with the help of external cybersecurity companies” and that he worked with the police “to help” their investigation.

The tea stored sensitive information from its users on Firebase, a storage and calculation service of the Cloud Backend belonging to Google. Since 2023, tea has no longer required users to send photos of their IDs for verification purposes. While the company initially insisted that hacking only affected its “inherited” database and users who registered before February 2024, according to the independent researcher and data trove examined by 404 mediaTea remains dangerous, far beyond the scope of original hacking, and private messages sent until last week are accessible and vulnerable to a new exhibition.

Since the use of tea among women, she has attracted more exasperated criticism and anger among the so -called “human rights” groups online.

The men who discovered that they appeared on the application called him a “Toxic” network. Some become viral on Tiktok and X, saying that the affirmations made about them are defamatory And totally false. “The problem is that people (women in particular) will not see this as a problem as long as the male version of the application is created. I deserve to know the history of the MSTs of my date, the number of bodies, etc. comment On a thread in the Sbreddit R / Mensright. A reprisal application featuring women was created shortly after, called Teaborn, but it was quickly deleted after user reports Publishing revenge porn.

Several experts in cybersecurity and confidentiality of data have called the tea storage methods, which led to initial hacking, downright negligent.

“These data were initially stored in accordance with the requirements of the police linked to the prevention of cyber-infection 404 media.

Peter Dordal, professor of online networks and security at the University of Loyola in Chicago, said The penis That he thinks that the company’s declaration – that it was in accordance with the law – is “misleading” and that the company could have done more to prevent this nightmare of cybersecurity. “(The declaration) is misleading on two counts: first, the police do not set the requirements; it is the work of the Congress and the legislatures of the States. Tea did not quote the real legal requirement,” said Dordal. “Second, if there was a legitimate legal need to keep these images, they should not have been accessible online at all; they are clearly not necessary for the ordinary activity of the site.”

Dordal added that if user data is stored in the cloud, tea should have taken measures to ensure that it cannot be accessible by the public. Tea terms and conditions Also says that it deletes user data after verification, which it apparently did not do.

“Tea certainly had negligent security practices if the current report is true,” said Grant Ho, assistant professor at the University of Chicago who research IT security. “A company should never host private user data on a server accessible to the public and, at least, the data should have been stored encrypted.”

Andrew Guthrie Ferguson, professor of law at George Washington University and expert in megadata surveillance, points out that an internet whisper network is no longer saved as a real network of whispers when he operates offline. Your data is no longer under your control.

“What changes when it is digital and recoverable and economical and available is that you lose control,” said Ferguson. “You cannot keep it within the limits of the people you trust.”