←back to thread

I hacked a dating app (and how not to treat a security researcher)

(alexschapiro.com)
560 points bearsyankees | 5 comments | 12 May 25 16:39 UTC | HN request time: 0.99s | source
Show context
michaelteter ◴[12 May 25 17:34 UTC] No.43965514[source]
Not excusing this is any way, but this app is apparently a fairly junior effort by university students. While it should make every effort to follow good security (and communication) practices, I'd not be too hard on them considering how some big VC funded "adult" companies behave when presented with similar challenges.

https://georgetownvoice.com/2025/04/06/georgetown-students-c...

replies(10): >>43965600 #>>43965723 #>>43965782 #>>43966035 #>>43966222 #>>43966281 #>>43966578 #>>43967558 #>>43968803 #>>43969670 #
tmtvl ◴[12 May 25 19:18 UTC] No.43966578[source]
I vehemently disagree. 'Well, they didn't know what they were doing, so we shouldn't judge them too harshly' is a silly thing to say. They didn't know what they were doing _and still went through with it_. That's an aggravating, not extenuating, factor in my book. Kind of like if a driver kills someone in an accident and then turns out not to have a license.
replies(6): >>43966766 #>>43967142 #>>43967680 #>>43967819 #>>43968420 #>>43969894 #
LadyCailin ◴[12 May 25 20:30 UTC] No.43967142[source]
This is exactly why I think software engineering should require a licensing requirement, much like civil engineering. I get that people will complain about that destroying all sorts of things, and it might, yes, but fight me. Crap like this is exactly why it should be a requirement, and why you won’t convince me that the idea is not in general a good one.
replies(7): >>43967245 #>>43967271 #>>43967301 #>>43967749 #>>43967914 #>>43968373 #>>43970478 #
motorest ◴[12 May 25 20:44 UTC] No.43967271[source]
> This is exactly why I think software engineering should require a licensing requirement, much like civil engineering.

Civil engineering requires licensing because there are specific activities that are reserved for licensed engineers, namely things that can result in many people dying.

If a major screwup doesn't even motivate victims to sue a company then a license is not justified.

replies(2): >>43967584 #>>43967832 #
1. alpaca128 ◴[12 May 25 21:54 UTC] No.43967832[source]
I would say the risk of identity theft for over 150 million people justifies some preventative measures. And yes, there also were hundreds of lawsuits.

https://en.wikipedia.org/wiki/2017_Equifax_data_breach

Or how about four suicides and 900+ wrongful convictions?

https://en.wikipedia.org/wiki/British_Post_Office_scandal

Not to mention the various dating app leaks that led to extortion, suicides and leaking of medical information like HIV status. And not to forget the famous Therac-25 that killed people as direct result of a race condition.

Where's the threshold for you?

replies(1): >>43968264 #
2. tonyhart7 ◴[12 May 25 23:02 UTC] No.43968264[source]
I mean this is Tech industry, everyone here gather data big tech or not,

I'm not saying I'm pro identity theft or data breach or something, but the industry culture is vastly different

people here are pro on move fast break things some of idea, I think you just cant tbh

replies(2): >>43968501 #>>43971048 #
3. ikiris ◴[12 May 25 23:45 UTC] No.43968501[source]
Everyone in business is move fast and break things and let people die if it's cheaper until regulations force them not to be. Software is just new enough that mostly doesn't exist yet.
replies(1): >>43969207 #
4. ◴[13 May 25 02:28 UTC] No.43969207{3}[source]
5. alpaca128 ◴[13 May 25 09:16 UTC] No.43971048[source]
Systematically violating people's privacy while not caring about protecting their data is not culture, it's called a problem.

Perhaps they could move even faster and scale better by collecting and storing less data. Moving forward fast instead of moving frantically while looking for things to break seems more reasonable to me. But then again I'm not the kind of person to become a billionaire tech CEO who's unironically bragging about being called the Eye of Sauron, so what do I know.