Dating and marriage are way down, politics are increasingly polarized by gender, and the original Tea app was hacked because men were angry about it... sounds a bit like gender war.
It is not just a gender wars that is an indicator of health. We have quantitative metrics correlating that the more modern a society is the slower the population grows. Negative population growth is an actuality, especially with Asia. If Americans didn’t have immigration we’d be going into the negative too. So immigration is a temporary reprieve. Overall the population of the world is going down, though so some countries are still going up (even with no immigration) like India.
The difference between modern society and the past is women have more power.
One theory is that Millions of years of evolution have conditioned the balance of power to be this way. So women gaining total equal rights is experimental and new in human civilization in general. Such changes in behavior cause unforeseen side effects even if those changes are morally correct. Population growth is one possibility here.
What changed is technology. Technology has enabled women to gain more power. It made life in Mother Nature easier by allowing women to operate on the same level as men. Things like greater strength and speed were no longer relevant because things like manual farming or manual hunting were no longer part of human life.
Once this happens the only barrier was culture and women easily fought for their rights and overcame it.
But the behavioral changes it enables like the tea app or tea on her app or gender wars is something we’ve never seen before.
The population is crashing and lowering and we don’t know why. There is a correlation between how modern a society is and how slow the population is growing. But is it causal?
Is it because women have changed their behavior so much? Although there is a correlation We don’t know for sure.
Qualitatively we do know that women date up. They want to date men who are more powerful and men they respect. But when they have greater choice in getting what they want (no arranged marriages in modern society) and when their own rising power makes the pool of available men who are more powerful than them much smaller… it seems that a possible logical conclusion is that more women will be willingly single and the population will shrink.
So humanity faces a dilemma. Do we go with biology or do we go with what’s morally right? Like if you look at India. The woman still lacks a huge amount of power but the population is expanding. The conditions in which women suffer under are horrible. They lack many freedoms and it’s not morally right. So it’s a hard question not only to answer but to face head on.
There is another freedom modern society enables that fully contributes to the problem as well. This freedom is enabling to both men and women and that is the freedom to fuck without having kids. Birth control. Another experiment in modern society.
China just needs to ban all forms of birth control and abortion and I’m very sure it will solve the population problem. But of course doing so banishes a basic human right that should be morally a universal human right.
I know tons of people disagree with me. And that’s fine. I posted here because I want to hear that disagreement and discuss it. I don’t want to start a gender war and the only way we can avoid that is to take stuff like this impartially. We need the freedom to criticize either gender, men and woman and not take it personally because real negative generalizations of either genders are real and those generalizations may very well be causing general macro impacts to society at large.
We have enough people. We would be better served by maintaining or even decreasing population. The fact that the economic health in the short term relies on unlimited growth doesn't mean the earth can sustain it long term.
TFR should be considered the basis of economics rather than GDP. It’s no longer difficult to imagine a society in which GDP is growing year over year through an automated economy of AI and robotics. But the humans who are supposedly consuming its goods and services are so miserable they can’t even be bothered to reproduce themselves.
It's concerning that these type of leaks keep happening. Outside of the damage from leaking personal information, they also lower public confidence in trying out new apps. Vibe coding is making it more difficult for app makers in general when users can't trust that their personal information is protected.
It's not new, but I believe vibe coding is going to make it more common. Both this app and Tea's data breaches could have been avoided with basic web dev security.
Exactly, why would security and privacy be ever considered when time and time again, it has been proven to companies that they will face no consequences for their actions.
We have had so many catastrophic breaches and leaks that I've lost count by now, from Equifax to AT&T to Lastpass. The consequences? at worst, the companies were forced to give people a 5$ credit or discounts and at best a few angry written articles.
Our elected representatives fail to serve the public and punish these corporations.
Granted that these particular apps require personal information, but why should a general-purpose app ever need it in the first place?
A few weeks ago, I wanted a walk-tracking app that would show me a map of where I'd been, the distance, not much else (maybe the time it took to walk it). Looks nice, download the first one I find... wants me to register and sign in. Why? This should all remain local on my iPhone. I think I went through 5 of them before I realized they were all junk. It's bad enough that I'd consider a monthly subscription (none were "it costs this much, once" up front), but the idea that I want them data-mining me trying to be a little less fat was absurd to the point of lunacy.
This was all thoroughly broken long before "vibe coding".
No, in an accelerationist sense this is good. People should not be trusting SaaS apps with their data. Even huge "trusthworthy" companies like Google and MS have had leaks over the ages. This is a learning opportunity.
Why would you not want people trusting their data with SaaS apps? Smaller developers building software benefits users assuming their data is protected with basic security implemented.
It is quite concerning because SaaS isn't going away, (putting aside the questionable ethical side of an application like this) an application like this just is not possible outside of SaaS. It needs a server to centrally store information like this. If as a society we decide that something like this is valuable, there just is not another way to do it.
Sure before there would be leaks that would break trust, but generally it seems most of the time the basics were taken care of and often those leaks were because of phishing employees or other means of getting the information vs really basic security issues. Not a hard rule obviously, but still.
Now we have seen time and time again that these vibe coded systems lack even the most basic security fundamentals. That will continue to erode trust.
> Images of these driver’s licenses are publicly accessible web addresses, allowing anyone with the links to access them using their web browser.
> TechCrunch also identified a potential second security issue, in which an email address and plaintext password belonging to the app’s creator, Lampkin, was left exposed on the server
> While the app requests IDs and selfies from its users to verify their identities — a process that is not automatic — users can access a “guest” view of the app without signing in.
Is this just bad development? Are these just things could be missed by any developer or team?
I'm curious as someone who would like to create side projects with users (albiet not dubious ones these like apps) but I'm always afraid of a glaring security flaw that would be basic 101 of web development.
> Is this just bad development? Are these just things could be missed by any developer or team
This couldn't be missed by competent developers, in both cases (tea and teaonher incidents). I'm not trying to be harsh, but i wouldn't call such teams competent and i'm fully aware that such bad teams exist. Also with the advent of a.i./vibe coding, people with no qualifications and/or experience in software development are now trying to sell / fake themselves as professional developers which also leads to such catastrophic security situations. You wouldn't hire a barista to build a bridge from a 2-week bridge building bootcamp but a licensed civil engineer, yet in software world this idea doesn't seem out of the order.
> Is this just bad development? Are these just things could be missed by any developer or team?
As the saying goes, "Human error is not a root cause". A good Five Whys would eventually hit something:
Why did the DL pictures leak? Because the images were accessible via public URL. Why were they accessible that way? Because nobody on the team checked they were not. Why did nobody check?
Maybe not enough red team thinking was employed. It's easy to make an app and say "Look we have a sign-in screen, it's secure", but you need to think from the attacker's perspective and make sure every route to every piece of sensitive data is actually secure.
> ... you need to think from the attacker's perspective and make sure every route to every piece of sensitive data is actually secure.
This is almost "paralyzingly" scary but to not think about it at all is something I cannot fathom from the developers who made these apps.
Doing some more digging into these two "CEOs" of Tea and TeaOnHer. The TeaOnHer CEO is a Criminal Justice graduate from UMD with some comments about using claude.ai and the Tea CEO looks like he took a 6 month coding bootcamp at UC Berkeley. I don't want to dog on their background because I also don't have a CS degree but man...
Your explanation is too simplistic. I've found magazine subscription pages where the link to the pdf is display:none in css. (I downloaded their entire back catalog.) This isn't that they missed a few routes to files when securing things, but that they are utterly clueless. Invariably, such software projects employ a number of contractors who for whatever reason can barely cobble together the functionality that is repeatedly demanded by the clients, let alone any of the common-sense features that these people fail to realize that they must also nag for.
"Permitting viewing or editing someone else's account, by providing its unique identifier (insecure direct object references)"
What vibe coding promoters don't understand is that the average web developer hasn't learned web security 101. Proof: HN commenter points out that "A01:2021 – Broken Access Control" is completely normal in production code.
I wonder whether they’re just looking at the exploits that worked against Tea (sounds like it could be the same from their description), or if they have staff that can find their own exploits.
Readit News
The difference between modern society and the past is women have more power.
One theory is that Millions of years of evolution have conditioned the balance of power to be this way. So women gaining total equal rights is experimental and new in human civilization in general. Such changes in behavior cause unforeseen side effects even if those changes are morally correct. Population growth is one possibility here.
What changed is technology. Technology has enabled women to gain more power. It made life in Mother Nature easier by allowing women to operate on the same level as men. Things like greater strength and speed were no longer relevant because things like manual farming or manual hunting were no longer part of human life.
Once this happens the only barrier was culture and women easily fought for their rights and overcame it.
But the behavioral changes it enables like the tea app or tea on her app or gender wars is something we’ve never seen before.
The population is crashing and lowering and we don’t know why. There is a correlation between how modern a society is and how slow the population is growing. But is it causal?
Is it because women have changed their behavior so much? Although there is a correlation We don’t know for sure.
Qualitatively we do know that women date up. They want to date men who are more powerful and men they respect. But when they have greater choice in getting what they want (no arranged marriages in modern society) and when their own rising power makes the pool of available men who are more powerful than them much smaller… it seems that a possible logical conclusion is that more women will be willingly single and the population will shrink.
So humanity faces a dilemma. Do we go with biology or do we go with what’s morally right? Like if you look at India. The woman still lacks a huge amount of power but the population is expanding. The conditions in which women suffer under are horrible. They lack many freedoms and it’s not morally right. So it’s a hard question not only to answer but to face head on.
There is another freedom modern society enables that fully contributes to the problem as well. This freedom is enabling to both men and women and that is the freedom to fuck without having kids. Birth control. Another experiment in modern society.
China just needs to ban all forms of birth control and abortion and I’m very sure it will solve the population problem. But of course doing so banishes a basic human right that should be morally a universal human right.
I know tons of people disagree with me. And that’s fine. I posted here because I want to hear that disagreement and discuss it. I don’t want to start a gender war and the only way we can avoid that is to take stuff like this impartially. We need the freedom to criticize either gender, men and woman and not take it personally because real negative generalizations of either genders are real and those generalizations may very well be causing general macro impacts to society at large.
... and, worse, we have loonies out there who think that indicates a problem with the "health" of anything.
Dead Comment
Dead Comment
We have had so many catastrophic breaches and leaks that I've lost count by now, from Equifax to AT&T to Lastpass. The consequences? at worst, the companies were forced to give people a 5$ credit or discounts and at best a few angry written articles.
Our elected representatives fail to serve the public and punish these corporations.
A few weeks ago, I wanted a walk-tracking app that would show me a map of where I'd been, the distance, not much else (maybe the time it took to walk it). Looks nice, download the first one I find... wants me to register and sign in. Why? This should all remain local on my iPhone. I think I went through 5 of them before I realized they were all junk. It's bad enough that I'd consider a monthly subscription (none were "it costs this much, once" up front), but the idea that I want them data-mining me trying to be a little less fat was absurd to the point of lunacy.
This was all thoroughly broken long before "vibe coding".
Sure before there would be leaks that would break trust, but generally it seems most of the time the basics were taken care of and often those leaks were because of phishing employees or other means of getting the information vs really basic security issues. Not a hard rule obviously, but still.
Now we have seen time and time again that these vibe coded systems lack even the most basic security fundamentals. That will continue to erode trust.
> TechCrunch also identified a potential second security issue, in which an email address and plaintext password belonging to the app’s creator, Lampkin, was left exposed on the server
> While the app requests IDs and selfies from its users to verify their identities — a process that is not automatic — users can access a “guest” view of the app without signing in.
Is this just bad development? Are these just things could be missed by any developer or team?
I'm curious as someone who would like to create side projects with users (albiet not dubious ones these like apps) but I'm always afraid of a glaring security flaw that would be basic 101 of web development.
This couldn't be missed by competent developers, in both cases (tea and teaonher incidents). I'm not trying to be harsh, but i wouldn't call such teams competent and i'm fully aware that such bad teams exist. Also with the advent of a.i./vibe coding, people with no qualifications and/or experience in software development are now trying to sell / fake themselves as professional developers which also leads to such catastrophic security situations. You wouldn't hire a barista to build a bridge from a 2-week bridge building bootcamp but a licensed civil engineer, yet in software world this idea doesn't seem out of the order.
As the saying goes, "Human error is not a root cause". A good Five Whys would eventually hit something:
Why did the DL pictures leak? Because the images were accessible via public URL. Why were they accessible that way? Because nobody on the team checked they were not. Why did nobody check?
Maybe not enough red team thinking was employed. It's easy to make an app and say "Look we have a sign-in screen, it's secure", but you need to think from the attacker's perspective and make sure every route to every piece of sensitive data is actually secure.
This is almost "paralyzingly" scary but to not think about it at all is something I cannot fathom from the developers who made these apps.
Doing some more digging into these two "CEOs" of Tea and TeaOnHer. The TeaOnHer CEO is a Criminal Justice graduate from UMD with some comments about using claude.ai and the Tea CEO looks like he took a 6 month coding bootcamp at UC Berkeley. I don't want to dog on their background because I also don't have a CS degree but man...
Not justifying it, but many applications consider the uniqueness of the URL enough protection to prevent discovery.
> Is this just bad development? Are these just things could be missed by any developer or team?
It's not knowing them. And when you vibe-code something, and don't prompt for it, it's not gonna do it.
Yes, that's why it's the #1 most common web security vulnerability in production code:
https://owasp.org/Top10/A01_2021-Broken_Access_Control/
"Permitting viewing or editing someone else's account, by providing its unique identifier (insecure direct object references)"
What vibe coding promoters don't understand is that the average web developer hasn't learned web security 101. Proof: HN commenter points out that "A01:2021 – Broken Access Control" is completely normal in production code.
Interesting that they've gone from reporting about flaws others found to hunting and hacking themselves.