Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media.
This is what happens when you decide to vibecode a service with zero attention to safety or web development. This is why you don’t immediately jump onto a new service without it being vetted properly. Now one of the worst communities on the Internet is in possession of over a hundred thousand women’s driving licenses and faces. This is going to be an absolute disaster.
This is ALSO why no service should ever require or get my driver’s license information. Fuck that. Also, yet another Constance to those who can’t afford a car or want to improve the environment by living car free.
My only exception to that are uber drivers. But then again we live in an age where somehow better help has become popular, even though they sell your data.
I disagree on even that. It should be enough to have some trusted “notary” tick a box that they have verified your driver’s license as valid. It should not be stored out sent anywhere at any time. Just showed to a human. Regularly, if needed.
The only site I ever felt comfortable scanning shit like that into was a site that sold things only to military/medics/fire fighters so I had to upload my medic license and my FF cert.
Anything beyond that is a no go from me.
Now now, I like to shit on vibecoders too but let’s not pretend this is some new problem.
Idiots leave databases on cloud servers exposed all the time rather than deal with their companies often arcane rules for generating certificates
Where do you think the AI learned it?
Like, I get that competent coders do it too, but now any skiddie with an idea can cosplay as a developer so this is going to be so much more prevelant
That’s not new, either.
To be fair, I’m not sure why firebase even has a public access option. That’s a recipe for issues.
Though if it’s anything like Google Cloud Store, they hopefully make it very clear that your bucket is public.
“Vibe coded” you just made that up didn’t you, because you don’t like llms. I don’t see anything in the article about “Ai” and this service has been operating for 2 years.
My thoughts as well. But hey, it’s lemmy! Just accuse someone of doing something we hate, good to go!
The og 4chan post brought up the vibe coding. Using it as an insult to quality is wider spread than just lemmy.
Maybe I shouldn’t have used the term vibe coded. I apologize.
Anybody oblivious enough to create something like this isn’t someone you should trust your most private data with. This service had red flags from the concept phase, never mind the execution.
This is not to say, of course, that the victims deserved it. It just really sucks that they had to learn this lesson this way.
People sign up to app intended to share personal information about others without their permission, end up having their own personal information shared without permission - the irony is impressive.
At first I was going to call bullshit because I thought you were exaggerating and being ridiculous.
Nope. That’s the app. “Anonymous” sharing of pictures and info of other people. Presumably without their permission. That’s fucked up.
I think it depends on people’s intent and purpose for using this service. I’m overall not a fan of someone taking and sharing pictures of me without my consent, or making claims that can’t be defended…
The group of women legitimately using it for safety is fine, in a general sense.
The group of women using it as gossip and entertainment is not.
Considering that “tea” is common slang for gossip I’m not convinced there was many of the
latterformer.Given that the app name is slang for gossip, you’re not convinced there were many women using it for gossip?
Thanks I fixed it
It makes sense using it for safety, but I would worry about whether all the information on there is accurate. Most of the feedback on the app is probably negative, I doubt anyone would really post anything on Tea that’s positive about their former partner. But people like to believe they are in the right. Someone who got in a fight with their partner might post something on Tea that isn’t accurate, but makes them feel better since they can spin the story how they want, and make the other person at fault. However, unlike regular social media, the person being attacked by their partner on Tea has no idea that it happened, and no way to refute what was said. It promotes the opposite of any type of communication between partners after a fight or breakup. It promotes safety, but at the same time it promotes some toxicity in relationships. What would you think if you knew that if your got into a disagreement with your partner that you could end up posted on this app, without any way of arguing back?
The replies in this thread are disturbing, giving me a sense that Lemmy has a misogyny problem; maybe I was naïve, but I expected outrage about 4chan doxxing women trying to protect one another, instead I see lots of revenge enjoyment as if being doxxed on 4chan is justice for … <checks notes> warning one another about dangerous men they encounter when dating?
The inability to empathize and take seriously the threats posed to women or to understand their motivation to protect one another is alarming.
There is no good faith extended, but also no evidence presented that instead of safety the app was just for gossip, it’s just taken as assumed that women are wrong for using Tea and they all deserve to be doxxed.
I’m all for groups of safe spaces for women. Especially when it’s designed to keep them safe while dating. I have my doubts that Tea was that. Even if it was advertised as such, “tea” is slang for the word gossip. I’ve heard stories from several sources that it was used to dox people as well. Not saying what happened to the users is right. I think some users here are just feeling smug that this might cause the app to fail or shut down.
The app enables the photos to be run through a reverse image search, enabling them to run a basic background check, check against public sex offender databases, and check for photos that might get flagged as being used in “catfishing” — misrepresenting one’s identity online.
The app also features a “Tea Party Group Chat,” which allows users to directly share information about men, and has a rating function, which allows users to share their experiences with Yelp-style reviews, awarding men a “green flag” or a “red flag.”
https://www.cnn.com/2025/07/25/us/tea-app-dating-privacy-cec
It’s a bit like Rate My Professor, but for dating.
Honestly I cyncially expect this kind of app might inevitably exist for rating people of all genders (or that dating apps might incorporate this Uber-style rating system), but the reason this app exists has directly to do with the violence women face from intimate partners.
The point is that men who are enjoying the doxxing of women who have used this app are ignoring the context, or even have a warped sense of the context, as if this is narrowly about (legitimate) privacy concerns and the harms caused by the app.
Even if the concerns about the app are justified, the revenge enjoyment betrays a view much harder to defend, that all the women who used the app are equally cupable, or that doxxing women using the app is equivalent to women doxxing abusive men through the app.
Men are not all equally privileged, but there is a broad inequality both to how violence is distributed and how that plays out in dating situations. Women are not wrong to fear men. One in three women have experienced sexual or physical violence, most of that violence being perpetuated by men.
Since this is the context for the use of this app, it’s not neutral to doxx its users or to claim it’s fair because men feel (legitimate) concerns about the app’s privacy violations.
I agree 100% that women face many more dangers especially in the dating scene than men. I’m all for having resources available for them to remain as safe as possible.
I don’t see how a Rate My Professor type app would work well for dates. I feel like people would only spend the time to rate poor dates. If you had a really good date with someone, you would presumably start dating them so why would you let everyone else know they are a good person to go out with? I have no doubt there are some awful people out there that others should be warned about, but this type of app is a bit too risky to justify that in my opinion.
The background check feature sounds much more legit, but I don’t think a group chat feature needs to exist along side it.
All that being said, anyone enjoying the doxxing of others is just an asshole. There’s definitely nothing fair about it from either side.
yeah, the app has obvious flaws, and the Rate My Professor style approach succeeds or fails depending on the quality of the users and moderators, and could easily be useless or become toxic - either way, I’m not defending this aspect of the app, it’s clearly problematic.
Regardless I understand why women would want a resource like this, and that doesn’t seem true for those in the comments who see the doxxing as deserved for using this app.
Nevermind the rest of the context, like 4chan being a bastion of right-wing, misogynist trolls who would target an app like this for political reasons.
Lemmy users approving 4chan doxxing women is a major red flag … it might have something to do with how many Lemmy users come here due to being banned for their behavior on Reddit. Reddit isn’t sending their best and brightest, and it shows. (This is just my speculation, though.)
Sure does sound pretty toxic.
Yeah, naming it “Tea” is really the cherry on top. I’d love to know more about the people behind this. It’s hard to believe that anybody would be this oblivious. I guess the same kind of people who wouldn’t secure their database.
Could you share said sources? It’s irrelevant though because justifying this doxxing SHOULD mean that the entirety of 4chan is a justifiable dox target. If you don’t believe that, then you should be against it happening against Tea users. They’re at the very least guilty of the same thing (in this case. 4chan is guilty of much more heinous things than just this).
I 100% agree that it isn’t relevant to the doxxing. I dont think the doxxing is warranted at all from either side. Most of what I saw about the app is just from various social media users as well as the Google PlayStore reviews. Personally I find it hard to believe the app wasn’t made with the purpose to dox people just based on the name alone. The ads make it seem like a safespace for women and if that’s all it was meant to be then it for sure had a very unfortunate name.
What does the name have to do with doxing? I know “tea” is slang for “gossip”, but gossip ain’t doxing.
A group of people with the intention of privately sharing details of people in order to track their behavior is definitely going to lead to doxxing. Maybe I’m getting the wrong idea, but it sounds like they are sharing the names of people they went on dates with. I assume that would include the city or town the date occurred which would infer where abouts they live. Given enough “reviews” of a single person I’m sure there would be sufficient info to call it doxxing.
It isn’t the women who are wrong; it’s the app developer and 4chan. But setting aside the data breach, creating a Yelp for dating is a ticking time bomb. They were going to get sued out the ass, data breach or no data breach. I don’t know how many times this needs to happen, but I guess web developers have the memory of goldfish. There have been several attempts at something similar that got shut down for the obvious reasons. Making a website that rates human beings is always going to be a legal minefield.
Don’t trust dating apps ever. Literally better off dating someone you meet at a park.
Less chance an algorithm set you up to fail.
How is this relevant to anything I said? We aren’t even talking about a dating app here.
Good advice actually. Dating apps have been monopolized and enshittified by the same two or three parent companies in recent years.
Your comment was on top for me in my app, so I was like “oh how bad could it be.”. Holy shit you’re not wrong, there’s some disgusting comments that are getting voted up.
I’m low-key disappointed and appalled by these community members who believe these women “deserve” it for … Trying to help each other be safer?
deleted by creator
Let’s say a vile, manipulative, entitled woman went on a Tinder date with a guy. He insists on splitting the bill rather than paying for her food. She feels insulted.
She then takes to Tea and her local Are We Dating The Same Guy Facebook group, slanders him with false accusations that he tried to sexually assault her, then posts his Tinder, Facebook, Instagram and LinkedIn profiles online. Suddenly he’s being ostracized, receiving nasty messages and even loses his job from women bombarding his employer with negative phone calls, emails and comments about him.
Men have had their lives ruined by false allegations posted to AWDTSG communities before. But opposing the existence of these platforms is “misogyny”, apparently.
deleted by creator
The app is literally called Tea, as in “spilling the tea.”
I think you are misunderstanding why people are upset.
It’s horrible that these women were doxxed.
It’s also horrible that a subset of women were doxxing men, which is what brought this negative attention to the site.
Misogyny is real in our society, misandry is real.
Saying things happen for sexist reasons when it was for a logical reason does a disservice to movements that seek equality.
The internet also cheered on the 4chan PII leak that happened recently, not becauase it’s a male dominant space, but because they do shitty things like dox people.
The Tea app is agnostic. While its purpose and main use case was made for the safety of women in the dating scene, it was inevitably used to spread exaggerated or misleading information about otherwise innocent men. Imagine being a privacy-conscious individual, and breaking up with a toxic woman. She could go on to spread lies about you and even upload pictures of you to the reverse image search/ai. So even if you were doing everything right from a privacy standpoint, you’d still end up in someone’s private database, subjected to ai training, shared with the government, or who knows what. While I do see the purpose of apps like these, they can effectively take away someone’s privacy/dignity without them even knowing about it. Now imagine being a 4channer, someone probably even more privacy-conscious than lemmings, and possibly experiencing mental disorders like paranoid schizophrenia or autism; of course they’re drawn to hacking an app that would destroy their privacy. They are not sane individuals, so this event really was inevitable.
Well lets be honest if someone made a gender inverse version ofctea many people would b concerned about what is being shared on the app. Honestly i find tesla disturbing and the 4 chan doxing dangerous. Both sides can be bad.
sorry, are men concerned for their safety dating women such that a gender inverted version of this app makes sense? Your ignorance is what I’m talking about here …
The need for it was not part of my point. The point was a gender flipped app would of course cause some outrage. Immediately there would be people cry “it’s just for doxxing, stalking and revenge porn”.
But to engage in some good Faith dialoige. Are some men concerned for their safety, yes.
Those already exist. 4chan (yes, they even kind of invented cancel culture with going after “whores” in the late 2000’s), kiwifarms, various manosphere forums, Andrew Tate’s Discord server, etc.
Yeah amd those sites are not herald had a safety tool for men. They are seen vile pos.
Lemmy is full of people with a lot of technical knowledge, who look down on anyone without it. Just look at their responses to someone complaining and an issue on Windows, it’s just a hundred people telling you what Linux distro they use.
It’s not so much mysogyny, they just can’t pass up the opportunity to be smug about something.
it’s just a hundred people telling you what Linux distro they use.
Oh come on, Lemmy doesn’t have that many users!
/s
Apparently the platform operated as some sort of gossipping/reporting system where unaware men and guys could be posted, so they could basicallly do the same thing that happened to them, all on one if the most unsafe system possible.
Honestly I see this as a consequence of their own actions mostly the database was unprotected. Their purpose was to document men behind their back. Turns out it backfired.
“According to predators on 4chan the platform operated as what the users thought was a secure way to discuss potentially dangerous men on dating platforms with women in similar situations, this is naturally completely equivalent to exposing the women who were attempting to be safer and putting any and all private info of theirs online for predators to access. The level of risk in going on first dates with people you met on the internet is completely equivalent for straight men and straight women and it serves them right for trying to help eachother stay safe by comparing notes”
Did I get that right?
You have the level of understanding of a redditor.
“gossip” is for safety. It’s often information that men don’t want shared so it’s painted like it’s bad. Claiming women shouldn’t gossip is just more misogyny.
There is some of that happening, like when women get together and discuss how they’re being treated it’s “gossip” and implied as immoral.
I think some men might read what you’ve said and think you are denying any toxic gossip exists, it’s important to have nuance and not alienate men who otherwise would be allies, but I think overall your point is well taken.
Say a woman breaks up with a man for petty reasons, like the guy switching the channel on TV, or even the other way around.
And she decides to make up reprehensible shit about him on that app.
He essentialy becomes undatable, and he does not know why.
I’m not sure what that has to do with the comment above yours, but you’re comparing men becoming “essentialy undatable” to women being raped. Perhaps unknowingly.
Ok fine. Dark Voice “Sacrifice the men! It’s for the greater good!”
Though I am unironically anti-natalist, and misanthropic, so everyone being single (or well, gay/lesbian) is fine with me personally.
Ok fine. Dark Voice “Sacrifice the men! It’s for the greater good!”
Do you really think that’s the alternative here?
I can’t tell if you’re putting on a bit based on your username or something…
I’m also Misanthropic and so done with society. I don’t have the same stakes in it as everyone else.
I understand why women have to do what they have to, and someone must lose here. To prevent horrible cases of rape and abuse, some innocent men will have to be rendered undatable.
On top of that, dating will become a lot like how job searches are nowadays. Have a gap in your err…dating resume? Something is wrong with you, no date.
A wise thing to do is for men to have their own “Tea” type of app to balance things out. I see no reason not to.
The best advice of course, is to just not date. Whether we like it or not, there are too many people, and they have been irrevocably damaged by pollution, trauma, and poor education practices.
Few of us are wanted in this world (and I don’t just mean romantically, and I don’t just mean men). When there is too many of us, we behave like locusts, devouring everything. The solution is stop pumping out babies, consuming useless products, or feeling enitled to other’s things. This world does not want you, and you should not want it either
I have meet so so so many broken people who have to suffer through no fault of their own, and I had to play the part of support to them. Because really, no one else gave a damn.
You are a truly disgusting species. If there was something to define evil by, it would be the opposite of good. There are many types of good, and humans somehow manage to run counter to it. But the worst thing they do, is betray and cannibalize their own kind.
If you don’t want to be kind, don’t want to pay taxes, don’t want to include others, then you don’t fucking deserve it either. It is a choice that can be made at any time, yet so many refuse, can’t even wrap their heads around it.
And even if it was purely a gossip app, an eye for an eye leaves the whole world blind.
This comment is one hour old, let’s give you my SS and CC info
??
I would not under any circumstances give my drivers license to a for profit app. I don’t even like to give my email.
apparently there’s some law in the UK that mandates it now 🙄
Well UK, have the day you voted for I guess
Unfortunately this is the better of the two main parties. This isn’t republicans winning because dems didn’t vote. Labour won, and this still went through. The UK government as a whole has been on an anti porn brigade for decades. I can’t wait for the day labour and the Tories just die off.
Technically the act passed in 2023 under the Sunak government.
That said; I can’t seem to find a vote breakdown and I would not be at all surprised if labour also backed it.
I’m hoping enough public dissatisfaction leads to labour repealing it but I won’t hold my breath.
I’d like to blame the voting system for the lack of meaningful voting options.
The next PM of this country will be the one who promises to bring back all the porn.
Thank fuck for VPNs, although it now wants to show me hot milfs in Brussels.
Something something Vegemite sandwich
And many republican US states.
Also California
Wow that was fast.
I did not even know this app existed untill about 8 hours ago.
Already comprimised.
EDIT: Also, lol, this arguably is not even largely a hack.
These idiots just had everything stored in a fucking publically accesible firebase bucket… amazing.
They didn’t delete anything they claimed to.
Either way you look at it, anywhere on the spectrum from:
A ] A bunch of women reasonably concerned for their safety
B ] A bunch of gossip mongers
… well, they’ve now all been doxxed, ironic from each angle.
What a fucking disaster.
deleted by creator
Hooray two tiered legal system, huzzah!
/s/s/s
Not sure if this is ironic that the users are now less safe after using the safety app. But I still feel bad for the users. Dating is hard enough without the fear of being harmed.
Maybe I’m just getting old, but the idea of “verifying” my real identity to a faceless website or mobile app is abhorrent.
I guess it doesn’t help that governments in some countries (UK, Australia that I know of) are encouraging this bullshit with Trojan horse laws claiming to protect children from adult websites / social media.
Can’t help but think there is also an element of pot meet kettle here, when users of an app designed to dox and slander people without their knowledge are now the ones getting doxxed themselves.
California, Utah, Texas all have laws now requiring age verification to use an app store
I’d be interested to know how that works with F-Droid or Aurora.
What if they take people’s biometric aka fingerprint and to view nsfw stuff you goota use the biometric and I am not talking about passkey
What if they fucked right off and left parenting what kids do on their devices to their parents?
My friend came over and told me a story about this crazy date she was on. The guy love bombs her, sets her up with a massage, then in the morning, goes out and eats McDonalds alone and ghosts her. Then repeats every few weeks with love bombs.
I shared that with my discord group and someone said they know that guy too.
Im assuming that’s what Tea is for.
Wait what? How does one ghost and then repeat love bombing? Also why is eating breakfast alone remarkable? Tf is happening?
Im guessing he’s being way too pushy and overbearing, then goes no contact for two weeks, then repeats the process.
You yadda yadda yadda’ed over the best part.
And what part is that?
What did he order at McDonald’s?
sets her up with a massage, then in the morning,
What happened between the massage and him ditching her to eat breakfast?
You don’t have to go home but you can’t stay here: https://www.literotica.com/stories
No, I mentioned the bisque.
…eats McDonalds alone and ghosts her. Then repeats every few weeks with love bombs
Something something “cheat day”
deleted by creator
Protecting our users’ privacy and data is our highest priority. We are taking every necessary step to ensure the security of our platform
Since sensitive data was put on a public bucket, maybe they meant it was their lowest priority?
Reading these incredible comments has revealed a large piece of what was named as the reason for lemm.ee shutting down.
what was that?
Moderation.
This is why there should be a nationwide rule that PII data should be deleted after the users identity has been verified
Truly impressive how little america cares about its citizens.
BUT WE HAVE FREEDUM!!!
There should be a time limit on all data.
A better rule is that PII data should never be used as a basis for auth/auth except by government agencies in the process of delivering legally mandated government services.
Never upload PII to social media
Your privacy is not legally protected.
Tell that to UK citizens. They have to. To be “protected”. The irony
I live in the UK and, like nearly everyone else in the UK, have never been required to do this. The only time it’s required is when accessing adult-only sites, and there are some obvious workarounds in those cases, yarr.
What are the chances of this being the main reason for the app’s existence?
Seeing as the word hack is doing a lot of heavy lifting. They didn’t bother to actually secure the data and then put it on the internet for anyone to access.
I thought 4chan shut down permanently like 2 months ago?
Cancer can return after going into remission for a while.
Nah they came back online after like 2 weeks I think?
