405
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 30 Mar 2025
405 points (100.0% liked)
Technology
68495 readers
3212 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
So the devs were inexperienced in secure architectures and put a bunch of stuff on the client which should probably have been on the server side. This leaves anyone open to just use their API to access every picture they have on their servers. They then made multiple dating apps with this faulty infrastructure by copy-pasting it everywhere.
I hope they are registered in a country with strong data privacy laws, so they have to feel the consequences of their mismanagement
Inexperienced? This is not-giving-a-fuck level.
No, it's lack of experience. When I was a junior dev, I had a hard enough time understanding how things worked, much less understanding how they could be compromised by an attacker.
Junior devs need senior devs to learn that kind of stuff.
It does help if services that generate or store secrets and keys display a large warning that they should be kept secret, every time they're viewed, no matter the experience level of the viewer. But yeah understanding why and how isn't something that should be assumed for new devs.
I've met the type who run businesses like that, and they likely do deserve punishment for it. My own experience involved someone running gray legality betting apps, and the owner was a cheapskate who got unpaid interns and filipino outsourced work to build their app. Guy didn't even pay 'em sometimes.
Granted, you could also hire inexperienced people if you're a good person with no financial investor, but that I've mostly seen with education apps and other low profit endeavors. Sex stuff definitely is someone trying to score cash.
The illusion of choice
A lot of "normal" dating apps are also owned by the same companies
Every single one of those “secrets” is publicly available information for every single Firebase project. The real issue is the developers didn’t have proper access control checks.