Ask HN: Why is "Tea" still on the App Store after so many data breaches?
Furthermore, it’s being promoted in the “Top Charts” while the “App Privacy” card says they only collect email addresses.
Furthermore, it’s being promoted in the “Top Charts” while the “App Privacy” card says they only collect email addresses.
Because Apple carefully vets all apps and that's why it must be allowed to maintain its App Store monopoly!
To be fair the app itself wasn't compromised, heck even the server wasn't breached, it was just a database open for everyone!
Thats true of the first hack, the photos. But I dont believe that is true for the 2nd, the messages.
Everything works as it has been designed. I wonder which companies will start using this excuse after being hacked.
> it was just a database open for everyone!
All good then!
Related: Tea app leak worsens with second database exposing user chats (bleepingcomputer.com) | 120 points by akyuu 1 day ago | 145 comments | https://news.ycombinator.com/item?id=44716529
> “A legacy data storage system was compromised”
I am always amused by corporate jargon used to cover up ineptitude.
In this case legacy data storage system = publicly accessible bucket
It is amazing how quickly anything relatively modern gets designated “legacy” when the business needs to blame it for their mistakes and/or incompetence.
It's like when B737 Max crashed and Boeing blamed a "software glitch". It's about dressing the failure up as something that could randomly happen to anyone.
There was also a website posted on 4chan where you could rate member's photos against each other in terms of attractiveness.
The app provides doxxing as a service, not sure why Apple would start worrying about data breaches for such an App.
I wonder if they will approve my new apps: “Ezzy” and “Cray” where people can rate dates for how easy it was to get them into bed and how crazy they were during and/or after.
I'm somewhat opposed to the idea of having a walled garden App Store as Apple does, which is why I don't use Apple.
But Apple insists they do have a walled garden, and people buy Apple with that expectation, so I certainly hope and expect that Apple doesn't approve apps like these. Any app that does doxxing as a service should not be on Apple's app store IMO.
I see many breaches and people still use the products. Even tech stuff: people knowingly using tech/dev products of people who are either sloppy, plain incompetent or both. I don't get it but here we are.
In the 80s and 90s I was positive that customers would revolt over the constant security issues and generally poor quality of Microsoft software. I don’t need to tell you that it did not happen.
True. Well, we as a company left them (in the 90s). Thats 500 people. So nothing. Still happy we did.
hard to revolt against a monopoly. the only alternative is expensive Apple gear, or (for most of the 90s-2000s) learning a deep set of skills to use the nascent linux desktop options.
We didn't revolt when tobacco companies screwed generations of people, and this is just an example of the many screwing happened in the past from big companies, I'm not positive on the fact people will revolt for privacy breaches such this one
I don't know, but I don't want Apple exercising even more draconian control over what apps I have on my Apple devices.
If I want to use an app with a horrendous security track record, I should be able to. See also: the plethora of other popular apps with horrendous security track records.
So, be careful what you ask for.
Privacy is a fundamental human right.*
*Unless your app has an IAP and is wildly popular, then we don’t mind
Privacy is a fundamental capitalist product.
Theres something that changes in the brain when it learns that everything can be translated to cash value.
It's possible, although I have zero proof, that some of the people responsible for removing apps from the App Store, agree with it. The moderation has always been bull crap and recourse is little if any.
Doxxing as a service is OK for Google/Apple if you market it as safety for their favored audiences against disfavored audiences.
[flagged]
The same reason that Microsoft products are still in the App Store after so many breaches. Because having a security breach is not part of the App Store equation.
Couldn't one ask the same question about Facebook?
Because Apple's stance on protecting users only covers cases supporting the App Store walled garden or such that make you buy a new phone. If anything, it's good to keep it on the store - so many people are searching for it, seeing and clicking ads.
Rules are made up, and only apply to regular people.
[flagged]
According to Wikipedia this is misattributed.
Still resonates though.
https://en.m.wikipedia.org/wiki/Francis_M._Wilhoit
Misattributed to the wrong Frank Wilhoit, so it's still Wilhoit's law.
What does this "law" have to do with conservatism? Seems completely irrelevant and to related to the ideology at all. (Aside from being a skewed and straw-manned view of it)
[flagged]
It’s a shame that this guy is still around despite breaking the rules a thousand times just because he’s friends with Dan Gackle.
inb4 he looks at my comment history and insults me and doesn’t get banned for it.
[flagged]
Great quote. I wouldn't ascribe it to conservatism, though.
Corruption is part of human nature, it's present wherever there are humans.
[flagged]
Your brain may have been broken by internet politics if you go from an app created to dox men to blaming conservatives.
Just a fyi, but it is not available in eu
Was it available at some point?
Because there is no punishment for handling data with so much carelesness. If there was a law which seriously punished them, the app would be long gone. That's what you get when the tech bros dictate how the legislation should work
Tech Bros don't dictate how legislation should work. And Tea is not in Europe because under GDPR an app which does doxxing as a service is not legal.
Tbh this is possible only in software. No matter what you do - epic incompetence, leak user data, doxx users, basically allow their identities to be stolen etc - zero consequences.
Kinda crazy. In any other industry they would not even allow you in the door without showing some king of understanding what you do.
You can't even sell hotdogs without food license. But in software - wild west.
The general public has come to accept that computers are magic. Sometimes the magic does good things, sometimes it does bad things. If there's a person with a public profile who is seen to be controlling the computers, governments might do something to punish that person, but if they remain invisible, no one dares tamper with the magic.
Well, finance and banking can do even worse and be bailed out with public money.
Not quite true, see Banking.
Or medical devices. Or aviation/spaceflight. Or automotive.
It turns out there's actually quite a bit of precedent for doing actual Software Engineering, versus what most of the software world seem to be doing (presumably rotating a database by 90 degrees, duct taping it to another database, and sticking a front-end on it?)
As long as Apple collects their cut of popular apps through in app purchases,
They don't care, and nobody cares.
But they should.
Tea will just update the app / force update the app to fix these issues.
They did care enough to repeatedly pull apps when they did the same thing but in the opposite direction.
They didn't even instrument the apps during review for the longest time. I think they recently started using an HTTP proxy to watch the connections they make.
People put way more trust in the review process and app store gate keeping than it deserves.
Thr irony that i had apps rejected for asking for personal information only stored in the app.
But having drivers license stolen is fine.
because Apple doesn't care.
As a man who's always considered himself a strong feminist, I think that tea's issue are way more profound that just some data breach.
Women were convinced to trust the app as a safe space, but it never was for various reasons. First, as proven by the breach, privacy was not guaranteed. Second, I do not see how a women-only app made to complain on men can help any men get better in their behavior, instead of balcanizing society even more, creating camps and hatred. This is not safe in itself. It won't further women's condition in their relationship with men. It alienates men even more, gives arguments to the Jordan Peterson-style toxic masculinity influencers, and inevitably fosters toxic behavior in women too.
It's an app capitalizing on fear and sexism.
I appreciate that you managed to reenforce and give weight to those same fears and sexist talking points, though. I guess there is a market for both.
The app wasn't made for men to get better. It wasn't made for men at all, believe it or not. It was made, very poorly, for women to protect themselves because women face realities men do not.
And yet it turned into girl's version of Kiwi farms.
I don't think that Jordan Peterson is toxic. Although I haven't watched any of his videos for years now, so that might have changed. What makes him toxic in your opinion?
On the other hand I believe what you wrote can be summarized as toxic feminism.
[flagged]
If it’s bad for Kiwifarms to dox, it is also bad for Tea to dox.
Data privacy needs to be a thing so that Tea and Kiwifarms cannot exist.
Not sure what your point is, it's pretty clear the target is the self labelled feminist and the post is more a defence the idea of Tea as platform rather than suggesting it's okay for Tea be technically incompetent.
My point is that data privacy should be enough of a thing that whispering/doxxing campaigns that can’t be a thing, no matter who.
I find this comment hateful. Typical hatred fueled comment. Blatant misandry. Why is this tolerated here on HN?
The comment has been flagged and killed by other users. Though it makes valid points, it contains inflammatory rhetoric of the kind we just don't want to see at all on HN, as do many other comments on all sides of the debate in these threads. We'd be better off without any of it. Please don't feed it.
I apologize for the tone but not the sentiment.
It's difficult to treat every subject with the detached and clinical air that Hacker News insists upon when you actually care about something beyond the distraction of intellectual exercise and debate.
On the other hand, arguing about things on the internet is futile, regardless of the house rules.
[flagged]
[flagged]
squints is that what we’re calling libel/slander now?
[flagged]
There really seams to be two kind of "feminists": The first claim it's all about equality and the second which is some weird, kind of reverse sexist, ideology. But they are not distributed equally. The latter seams to be what actually defines feminism, is very vocal and is the one that comes up whenever you hear about feminism, while the former seams to only come up when you start to argue against the latter kind.
I also don't get what the former kind is getting from calling themself feminists, when they really only seam to promote common sense.
> The latter seams to be what actually defines feminism, is very vocal and is the one that comes up whenever you hear about feminism, while the former seams to only come up when you start to argue against the latter kind.
This linguistic game is basically the core defining feature of progressivism as practiced: one can hold a term in linguistic ambiguity and choose, post-hoc, whichever one is most convenient for them to assume at the time (which may be a completely different definition from the one they operated under yesterday).
This way you can have your cake and eat it too by advancing radical feminist ideology at the bailey before retreating to the motte of what you call common sense.
[0] https://en.wikipedia.org/wiki/Motte-and-bailey_fallacy
Yes, let's use blanket statements to justify our preconceived notions. I'm not sure what the conclusion you're trying to push here -- feminism is about women having rights. Including the right to complain.
If you edit a comment after another community member has replied, please disclose it with an "EDIT: ..." statement at the end.
It's unfair to change the context of someone's reply after they've posted it, and confusing to other readers.
But didn't you just do exactly that by calling the parent's thoughts preconceived notions?
Edit: parent changed his/her comment after I posted my criticism. Originally it was much shorter and only wrote that the parent's comments are preconceived notions. No context, no nothing.
We really need a see history feature on HN
can't tax two people if only one is in the workforce.
[dead]
Tea is too big too fail, that's why Apple doesn't pull the plug otherwise they would anger a good portion of their angry female user base.
And that angry user base will do what, exactly? Switch to Android? One can dream.