←back to thread

I hacked a dating app (and how not to treat a security researcher)

(alexschapiro.com)
561 points bearsyankees | 6 comments | 12 May 25 16:39 UTC | HN request time: 0.87s | source | bottom
Show context
nixpulvis ◴[12 May 25 17:50 UTC] No.43965715[source]
People need to be forced to think twice before taking in such sensitive information as a passport or even just addresses. This sort of thing cannot be allowed to be brushed off as just a bunch of kids making an app.
replies(5): >>43965749 #>>43966078 #>>43966320 #>>43966383 #>>43968604 #
jonny_eh ◴[12 May 25 18:25 UTC] No.43966078[source]
There should to be some kind of government operated identity confirmation service that is secure/private.

Or by someone "government-like" such as Apple or Google.

replies(4): >>43966153 #>>43966160 #>>43967625 #>>43969390 #
1. clifflocked ◴[12 May 25 18:33 UTC] No.43966153[source]
OAuth exists and can be used to confirm someone's identity by linking their Google account.
replies(3): >>43966180 #>>43966304 #>>43966328 #
2. nixpulvis ◴[12 May 25 18:36 UTC] No.43966180[source]
To be fair, I wouldn't want my google account linked to my dating profile. Aggregating services has risks too.
replies(1): >>43966203 #
3. knicholes ◴[12 May 25 18:38 UTC] No.43966203[source]
Maybe secondary google account.
replies(1): >>43969394 #
4. smt88 ◴[12 May 25 18:49 UTC] No.43966304[source]
A Google account does nothing to prove identity
5. kelnos ◴[12 May 25 18:52 UTC] No.43966328[source]
Linking a Google account doesn't confirm your identity, though. It just confirms that you created a Google account with a particular name.
6. nixpulvis ◴[13 May 25 03:18 UTC] No.43969394{3}[source]
Yea, but then what I have to upload my passport through a service linked to that secondary. It's not really tenable.