For me the only people I'm looking at with disgust is those who were using said app... it was a gossip cesspool with no way to verify any of the claims being said and a breeding pool for hateful posts against people you dislike.
The meme floating around of "I joined a site to dox and spread personal info about people got hacked and now my personal information is being spread around waahhahaaa" is pretty damn accurate and makes me not feel bad for them at all.
Of course, in reality such behavior is rarely conductive to anything good; I guess they got what's coming.
The whole concept of dating apps is so toxic, shallow and just plain bad. It's like choosing people as if they were products on a shelf.
Its not perfect of course, neither am I.
But centering your ideological bubble is its own form of toxicity that is enabled by the internet.
Such as? Are any of those disagreements ideological?
If that all sounds too non-spicy, well, even mentioning the smaller things like JS vs TS on a mainstream Reddit page got people calling me a moron and my comment hidden because the score got too low. If I said it on a different page, maybe it would've been +100 score and everyone disagreeing with me booted instead, but that's not any better. Learned quickly not to bother with there.
HN isn't really a place for plain political discussions, so I don't participate in those. They do exist though, and end up getting locked. I'd probably be more right-wing than most.
Also using reddit as a baseline is like using a cesspool tank as a baseline of sanitation.
So what is your non-cesspool forum example that isn't Reddit? Twitter seemingly got taken over by bots early on, Facebook pages were a disaster at least when I was in college, and those are the big ones.
X optimizes for engagement and as studies have shown, that means optimizing for rage bait.
Reddit optimizes for rage bait too but includes a voting system that hides unpopular opinions, so any person that conflicts with the majority is marginalized. So on top of being full of rage bait, its an echo-chamber and that is before even talking about the powermod problem.
HN is much like reddit in style, so fundamentally HN also tends towards an echo chamber.
And by echo chamber, I mean a cringe circle jerk: a New Yorker article called it "performative erudition".
Gotta say though, it's rich hearing this from New Yorker.
The app would be banned within a few seconds and 90% of people here would celebrate it.
Majority of people assume the following:
1. Men don't deserve to have private spaces
2. Men can't be victims of abuse (sexual, physical or else)
3. Men don't need to be protected from toxic relationships
4. Women don't need to ask men for consent
Men here refers to all men, including trans men, homosexuals, bisexuals, heterosexuals, etc.
Perhaps, it's time that we have an honest discussion about the realities of living in the world as a man in 2025.
If you're reading this and find my comment in bad taste, or that it frustrates you, I highly encourage that you take sometimes and introspect as to why you feel that way.
Worse than that, if you speak against any of the nonsense coming to you, you are extra bad. And they are surprised that fertility has fallen all over the place, seems like intended objective to me.
Now the Village Crazy can find others with their exact flavour of crazy online and think that it's cool and everyone is doing it. Then they get deeper and deeper into their crazy, maybe transitioning into other flavours of crazy.
I have no idea why many hateful minds meet in places like that you mention; maybe it is some specific interactions that spark the noxious emotions, but I am no expert. It is similar to highschool extremely cool kid circles and fraternities, only for reverse reasons (alone together vs in a group)
There's also the fact that the big story in the USA right now is how some app got hacked exposing everyones IDs and the big story in the UK right now is that they want everyone to enforce ID verification for literally everything and they want people to think this is somehow safe and not just a time bomb waiting to blow
Workmates, family, people of the streets and in shops. just so much angry toxic people. it's like a cultural change (am in Australia btw).
its not everybody but its a definitely larger number than I remember in the past few decades.
Don't try to brag about something that doesn't exist please
in the traditional db world, at least your db creds live on the server-side app.
Having used it several times, yeah I wouldn't entrust it to a dev team. It's gotten better lately but still seems like the gun is always pointed at your foot.
Also GCP, storing secrets properly in AppEngine is notoriously difficult and prone to accidental git-commit: https://stackoverflow.com/questions/58371905/how-to-handle-s...
/s btw
True story.
The is completely the fault of the people who made that app.
They have no fucking idea how to build systems if they can't figure out how to lock down Firebase. It isn't that hard.
Source: Multiple Firebase apps back in the day.
There are probably countless new projects today that are storing plaintext passwords, or not adding scoping, and so on.
Putting in scopes and ensuring data security for both users and system wide is on the developer.
You could have a SQL injection vuln, but any SQL lib will very clearly steer you to parameterized queries, and even then such a vuln takes some expertise to find and exploit.
I was able to access his data by simply accessing it figuring out his URL and other stuff. I told him to use supabase or DO deployment and set up proper roles and stuff…
I think you’re being way too charitable honestly and it’s dangerous. I won’t join you on that path of absolving the developer of any blame.
They don’t read the docs and they didn’t care simply put. Any production system needs to be tested especially if it will have PII data.
But sure blame firebase lol
Y’all can continue making excuses for people leaking PII. Peace.
So yeah already did it, global b2b product used by millions daily. I have nothing to prove anymore besides my current company that I’m doing on my own.
Everyone else can do whatever insignificant and make mistakes that’s on them.
For me good product is more of a passion than proving anything to anyone. And I definitely don't get better at product by victim blaming.
Discovery of heinous defamation circles, doesn't sound like something to look away from or feel sorry for.
Frankly, I don’t waste my time online with toxic behavior. In real life, I might have a response. Online, it is too hard to get an idea if the interaction is even sincere.
Citation, anyone?
Apps like these show the apathy of authorities towards slander (especially of men) and the presence of predators who want to worsen and take advantage of the gender wars and other forms of bigotry. Ultimately, people must introspect and reassess the influence of these venomous propaganda on their biases and emotions. This sort of radical beliefs is never healthy for anyone.
The app stores haven't pulled it because they are waiting for this to flow out of the news cycle and reduce the impact of this subset of our culture freaking out at them.
Just because you don't want anything to do with the type of people who would post pictures of you and slander / shit talk you doesn't mean that you should want that being out there to begin with - it's not like that sort of thing hasn't ever been weaponized against someone before.
The worst part is with this app there is a high chance you'd never find out that anything was ever said about you until the snowball is so big that it'll crush any attempt to slow it down.
And yeah, I am trusting certain companies like Apple with some of my data to some extent.
1. Wrt/ dating, the obvious downside is that your potential partner is dissuaded from dating you because of what is said on the platform.
2. I can also see vigilante justice; an extremist reaction to what is said on the platform. Actual violence, or just harassment, online or real life.
3. Or, I can see corporations using these databases on the down low to filter potential employees, similar to how they screen online presence as well.
Of course, all of these are just potential risks, not things that actually happen(ed yet).
They aren't so much picking sides based on their moral compass more picking sides to induce the least harm to bottom line.
This is why Google has a large number of scam dating apps on its app store. The apps I refer to are near/complete scams with 99% fake profiles and 1% lured, like the phishers of Myanmar, only these are Western. They bring big money in.
A while ago (about 3 years), I downloaded a ton of apps made (allegedly) to meet new people in cities you don't know (I was going to spend about 3 weeks at a friend and he would be busy with his job); Meet with Locals types of apps.
I shit you not, the vast majority were filled with scam profiles and a lot of what I assume is escort services/soft prostitution and whatnot.
So, I just deleted them all and just met people the old-fashioned way (which was just fine, not sure technology has a real use case for that); but it was an eye-opener.
Kiwifarms never gets this level of outrage going, and I’d argue it’s an order of magnitude more toxic to society than Tea would be
1. The leak Friday was from firebase's file storage service
2. This one is about their firebase database service also being open (up until Saturday morning)
The tl;dr is:
1. App signed up using Firebase Auth
2. App traded Firebase Auth token to API for API token
3. API talked to Firebase DB
The issue is you could just take the Firebase Auth key, talk to Firebase directly, and they had the read/write/update/delete permissions open to all users so it opened up an IDOR exploit.
I pulled the data Friday night to have evidence to prove the information wasn't old like the previous leak and immediately reached out to 404media.
Here is a gist of Gemini 2.5 Pro summarizing 10k random posts: https://gist.github.com/jc4p/7c8ce9a7392f2cbc227f9c6a4096111...
And to be 100% clear, the data in this second "leak" is a 300MB JSON file that (hopefully) only exists on my computer, but I did see evidence that other people were communicating with the Firebase database directly.
If anyone is interested in the how: I signed up against Firebase Auth using a dummy email and password, retrieved an idToken, sent it into the script generated by this Claude convo: https://claude.ai/share/2c53838d-4d11-466b-8617-eae1a1e84f56
And here's the output of that script (any db that has <100 rows is something another "hacker" wrote to and deleted from): https://gist.github.com/jc4p/bc35138a120715b92a1925f54a9d8bb...
They seem generic enough that I think it's okay, but you're right there is no need in including them and I should've caught that in the AI output, thank you!!
Including the pseudonyms associated with those stories creates unnecessary risk of, and arguably incentive for those individuals.
I also just don't get the mindset of dumping something like this into an AI tool for a summary. You say "a 300MB JSON file that (hopefully) only exists on my computer" but then exposed part of that data to generate an AI summary.
Having the file on your computer is questionable enough but not treating it as something private to be professionally protected is IMHO another ethical violation.
This is why laws that say "just give websites your photo ID! It's for the safety of the children!" are concerning
All that said, I'm still not a fan of such invasive arrangements and laws.
dlcarrier•6mo ago
iszomer•6mo ago
zamadatix•6mo ago
frollogaston•6mo ago
fc417fc802•6mo ago
For the IRS it doesn't even make sense because I can drop paper forms in the mail. Don't need any ID whatsoever for that.
iszomer•6mo ago
paulpauper•6mo ago
gypak•6mo ago
klipklop•6mo ago
dom96•6mo ago
We really need some sort of standard for sharing specific and limited authenticated info about ourselves to third-party websites that doesn't require sharing a full photo ID.
fc417fc802•6mo ago
We really don't need a standard for sharing it online, at least nothing easy for businesses to implement. There are very few legitimate scenarios for an online service to ask for that. Online pharmacy, online signup with a bank, and online government interactions are the only that immediately come to mind.
I'm not even sure that the pharmacy case is legitimate now that I think about it. I don't need ID when I go in person. The prescriber can validate the mailing address for them.
tempnew•6mo ago
fc417fc802•6mo ago
> Presumably online alcohol or marijuana sales would also require some retained evidence that a dl was presented.
Why? Is that required for in person purchases where you are? I thought violations were typically caught with sting operations. I don't see why online should be any different.
> Maybe car insurance too.
Why? I guess the provider could choose to for due diligence if they felt there might be fraud. But I'm struggling to come up with any realistic scenarios. For what it's worth I've never once been asked for any official documentation in order to purchase car insurance. Simply provided information over the phone and received documents in the mail a few days later.
hn_acc1•6mo ago
Just to register for one-more-app / one-more-webboard? Nope.
WD-42•6mo ago
Some private app for rating other human beings? Nope.
tough•6mo ago
WD-42•6mo ago
BobaFloutist•6mo ago
Providing a digital copy of my ID to someone who otherwise would have no copy of my ID, digital or otherwise, is a different matter.
djoldman•6mo ago
I dislike it to such a degree that I try to avoid services that require it.
Sometimes, however, it's worth trying to access services without giving the ID and just saying oh I'd like to keep that private or just not providing it and submitting an application for services without it.
Additionally, try to apply in person as often they'll accept paper.
It doesn't work in the majority of situations but it's worth a try.
dlcarrier•6mo ago
tbrownaw•6mo ago
gruez•6mo ago
rsync•6mo ago
Actual banks (not fintech barnacles) enjoy a very privileged position in terms of verifying identity and legal mechanisms afforded to them.
If a non-bank actor can verify against an actual bank, that should be enough…
It is absurd that, for instance, a small saas/iaas provider should perform any form of KYC when we can match a successful payment against a bank.