The more than one million messages obtained by 404 Media are as recent as last week, discuss incredibly sensitive topics, and make it trivial to unmask some anonymous Tea users.
Everyone is talking about the poor security practices, which is fair. Or they are talking about the appropriateness of such an app existing, which is also fair.
But the immediate take away should be, especially in today’s political environment, that we cannot and should not trust sensitive data that leaves our device, particularly if you are of any kind of non privileged group.
This has been the case for a long time, so suddenly you have apps like Tea that encourage you to upload info of other people. So now even the few that take care not to upload their info can be nicely monitored. And the Gestapo does not even need to pay their informants for it.
And here’s your daily reminder that the OSA was introduced, championed and passed by the Tories in 2023 despite outcry. Sunak even said at the time it was a problem for the “next Parliament” to deal with. Now they’re trying to blame Labour.
Well the point of the app was to identify the small percentage of men who do most raoe Nd stuff, and even if the law wouldnt stop them, help potential victims avoid them, so as to not have to be guarded around every man one meets like hes a potential vicious rape monster, because some just are.
Im saying all men are garbage, and the fundamental oremise that you can under any conditions act like any number of men are human is foolish and likely to get you hurt. Which i think this situation show.
This sounds like victim-blaming. This website didn’t even secure their database with a password. Come on. I’m sure their privacy policy gave the standard promises about storing their private data in a secure way, which they did not do.
In the current environment, at-risk people (women, immigrants, etc) who might have “at-risk” activities (abortion, immigration, etc) don’t have the luxury of relying on a privacy policy. I am not blaming them, I am simply stating how it must be if they are to avoid adverse actions.
This particular instance involved poorly secured data; what happens when warrantless demands are made by the government?
The Tea debacle proves that sensitive data cannot be trusted once out of your hands.
I agree. The reality is that nobody should be trusting these platforms with such sensitive data. As demonstrated, there is so much that can go wrong when you trust these companies. This is a LOT of risk for very little reward.
Whatever you put online you should think “what if this were made public and attributed to me” before you post it.
I’m sure their privacy policy gave the standard promises about storing their private data in a secure way, which they did not do.
Their ToS can be found here. Section G of their Limitation of Liability tries to shield them from liability against data breaches. But if they were criminally negligent, the ToS won’t protect them. The Data Protection section basically just says “check our Privacy Policy for info on what we collect”, which is pretty standard fare for a ToS.
The Security section of their Privacy Policy is also extremely boilerplate. Here’s the entire thing:
Security of Your Personal Information
The security of your Personal Information is important to us. When you enter sensitive information (such as credit card number) on our Services, we encrypt that information using secure socket layer technology (SSL).Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable.If you use a password on the Services, you are responsible for keeping it confidential. Do not share it with any other person. If you believe your password has been misused, please notify us immediately.
This one particular sentence may end up burning them though:
Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction.
I think most people (and the courts) would agree that putting a password on your database is a reasonable security measure that would be expected per this Privacy Policy. Especially since their next sentence goes on to elucidate that users should keep their passwords confidential.
Everyone is talking about the poor security practices, which is fair. Or they are talking about the appropriateness of such an app existing, which is also fair.
But the immediate take away should be, especially in today’s political environment, that we cannot and should not trust sensitive data that leaves our device, particularly if you are of any kind of non privileged group.
This has been the case for a long time, so suddenly you have apps like Tea that encourage you to upload info of other people. So now even the few that take care not to upload their info can be nicely monitored. And the Gestapo does not even need to pay their informants for it.
the entire UK government disliked this comment
The UK government can shove it up their fucking arse.
Sincerely, A UK citizen.
And here’s your daily reminder that the OSA was introduced, championed and passed by the Tories in 2023 despite outcry. Sunak even said at the time it was a problem for the “next Parliament” to deal with. Now they’re trying to blame Labour.
Here is your reminder that Labour supported it.
And also men are vicious trash goblins.
You’re not adding much to the “this app is appropriate” argument.
Well the point of the app was to identify the small percentage of men who do most raoe Nd stuff, and even if the law wouldnt stop them, help potential victims avoid them, so as to not have to be guarded around every man one meets like hes a potential vicious rape monster, because some just are.
Im saying all men are garbage, and the fundamental oremise that you can under any conditions act like any number of men are human is foolish and likely to get you hurt. Which i think this situation show.
I don’t think anyone questions the “point” of the app. But the devil, as they say, is in the details.
Yeah. That all men are trash; avoiding the bad ones just leaves you with fred rogers and probably a second one at some point idk.
No no, you can’t walk that back now, Fred Rogers is trash too. You can’t even have one.
What gender do you identify as btw? Because from now on I’m going to assume all of that gender is just as garbage as your dumb ass.
This sounds like victim-blaming. This website didn’t even secure their database with a password. Come on. I’m sure their privacy policy gave the standard promises about storing their private data in a secure way, which they did not do.
Encouraging people to be safe and care about their privacy on the internet is not victim blaming.
This is what people want to warn others of. The developers of Tea are hardly the only offenders. Definitely not an example of victim blaming.
In the current environment, at-risk people (women, immigrants, etc) who might have “at-risk” activities (abortion, immigration, etc) don’t have the luxury of relying on a privacy policy. I am not blaming them, I am simply stating how it must be if they are to avoid adverse actions.
This particular instance involved poorly secured data; what happens when warrantless demands are made by the government?
The Tea debacle proves that sensitive data cannot be trusted once out of your hands.
I agree. The reality is that nobody should be trusting these platforms with such sensitive data. As demonstrated, there is so much that can go wrong when you trust these companies. This is a LOT of risk for very little reward.
Whatever you put online you should think “what if this were made public and attributed to me” before you post it.
Their ToS can be found here. Section G of their Limitation of Liability tries to shield them from liability against data breaches. But if they were criminally negligent, the ToS won’t protect them. The Data Protection section basically just says “check our Privacy Policy for info on what we collect”, which is pretty standard fare for a ToS.
The Security section of their Privacy Policy is also extremely boilerplate. Here’s the entire thing:
This one particular sentence may end up burning them though:
I think most people (and the courts) would agree that putting a password on your database is a reasonable security measure that would be expected per this Privacy Policy. Especially since their next sentence goes on to elucidate that users should keep their passwords confidential.