←back to thread

I hacked a dating app (and how not to treat a security researcher)

(alexschapiro.com)
560 points bearsyankees | 3 comments | 12 May 25 16:39 UTC | HN request time: 0.001s | source
Show context
michaelteter ◴[12 May 25 17:34 UTC] No.43965514[source]
Not excusing this is any way, but this app is apparently a fairly junior effort by university students. While it should make every effort to follow good security (and communication) practices, I'd not be too hard on them considering how some big VC funded "adult" companies behave when presented with similar challenges.

https://georgetownvoice.com/2025/04/06/georgetown-students-c...

replies(10): >>43965600 #>>43965723 #>>43965782 #>>43966035 #>>43966222 #>>43966281 #>>43966578 #>>43967558 #>>43968803 #>>43969670 #
tmtvl ◴[12 May 25 19:18 UTC] No.43966578[source]
I vehemently disagree. 'Well, they didn't know what they were doing, so we shouldn't judge them too harshly' is a silly thing to say. They didn't know what they were doing _and still went through with it_. That's an aggravating, not extenuating, factor in my book. Kind of like if a driver kills someone in an accident and then turns out not to have a license.
replies(6): >>43966766 #>>43967142 #>>43967680 #>>43967819 #>>43968420 #>>43969894 #
LadyCailin ◴[12 May 25 20:30 UTC] No.43967142[source]
This is exactly why I think software engineering should require a licensing requirement, much like civil engineering. I get that people will complain about that destroying all sorts of things, and it might, yes, but fight me. Crap like this is exactly why it should be a requirement, and why you won’t convince me that the idea is not in general a good one.
replies(7): >>43967245 #>>43967271 #>>43967301 #>>43967749 #>>43967914 #>>43968373 #>>43970478 #
1. CelestialMystic ◴[13 May 25 07:35 UTC] No.43970478{3}[source]
You haven't thought thought this through. What happens with open source? I need a license to make a PR on github. It will also push all software engineering to places where there isn't a license requirement or onto the darknet.
replies(1): >>43970628 #
2. LadyCailin ◴[13 May 25 08:05 UTC] No.43970628[source]
Yes, I have. You aren’t allowed to build a faulty bridge, even free of charge.

Maybe you are allowed to build that faulty bridge in, I dunno, Laos or whatever, and if people go to Laos specifically to drive on your bridge, then that’s on them if it collapses. But countries can and do successfully regulate how software is handled in their jurisdiction, see GDPR for example. It’s not an unsolvable problem, and even if there are cracks (like there are with GDPR), the solution isn’t to throw our hands up and say “welp, nothing to be done, just have to accept that sometimes people’s intimate personal details gets leaked.”

If you think my suggestion is bad (which it very well may be), happy to hear your take on how to prevent things like this and and other negligent software.

replies(1): >>43970695 #
3. CelestialMystic ◴[13 May 25 08:17 UTC] No.43970695[source]
[flagged]