July 29, 2025 • 36 mins
The Tea App promised a safe, anonymous space for women to share personal experiences with men they dated. Instead, it leaked their private data.
There’s tons of inaccurate, fear mongering information about the leak out there. So in this episode, we’ll break down what happened with the Tea App leak, why it matters, and what it reveals about tech’s ongoing failure to take women’s privacy seriously.
A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating: https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan: https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/
Miami New Times’ longread on Girl Don’t Date Him: https://www.miaminewtimes.com/news/blind-date-6335973
Tea: Inside the new app where women anonymously review men: https://www.dazeddigital.com/life-culture/article/68302/1/tea-the-new-app-where-women-anonymously-review-men
'It's fun watching you burn': Man suing women for defamation actually harassed them on dating apps, defendants say: https://lawandcrime.com/lawsuit/its-fun-watching-you-burn-man-suing-women-for-defamation-actually-harassed-them-on-dating-apps-defendants-say/
If you’re listening on Spotify, you can leave a comment there or email us at hello@tangoti.com!
Follow Bridget and TANGOTI on social media! Many vids each week.
instagram.com/bridgetmarieindc/
tiktok.com/@bridgetmarieindc
youtube.com/@ThereAreNoGirlsOnTheInternet
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:04):
There Are No Girls on the Internet, as a production
of iHeartRadio and Unbossed Creative. I'm Bridget Todd and this
is There Are No Girls on the Internet. In last
week's News Roundup, one of the stories that we cut
for Time was about the Tea dating app for women.
At the time when we were recording, the story was
(00:25):
still pretty simple, just that this dating app that had
quietly existed for two years had rocketed to the top
of Apple's App Store because it was getting a ton
of attention on social media from people making videos on
platforms like TikTok about how the app played into gender
dynamics around women who date men. I was seeing posts
on TikTok about the Tea app from my own city
here in DC, about how some women were using it
(00:47):
to talk about legitimately abusive behavior from men, while other
women were using it to talk about sort of commonplace
dating annoyances like men who don't text back or men
who ghost, and how conflating those two things on one
app it's probably not great. According to the people who
run the t app, all of these kinds of pots
were really driving a ton of attention, which is not
(01:09):
at all surprising because gender war stuff will always generate engagement.
That attention was both positive and negative, with a lot
of men complaining about how this app was unfair. But
in the economy of the Internet, it really doesn't matter
because it's all engagement either way. So everybody was talking
about this app and it became number one on the
App Store in the lifestyle category. The company said that
(01:30):
something like one million people had downloaded the app in
just a few weeks alone since or Tower, a marketing
intelligence firm that tracks app data, estimated that the downloads
of the app increased one hundred and eighty five percent
in the first twenty days of July compared with June.
Of that same period, the company that makes the app
set on social media that they had gotten over four
million female users, with a waiting list of approximately nine
(01:53):
hundred thousand new prospective users. There's a waiting list because
before women can use the app, they have to be verified.
This be important for later. So as recently as last
Thursday night, when we were recording the news roundup, that
was really the main gist of what was going on.
So I ended up not talking about it at all
because there was a lot of other important stuff going
on and I kind of just ran out of time.
(02:14):
But now I am glad that we did not talk
about it, because right after we published that episode, the
Tea App experienced a pretty major data breach. So let's
talk about what the Tea App is, what exactly happened,
the gendered history of online platforms like the Tea App,
and what I think it all means. So what exactly
(02:34):
is the Tea App? I want to spend some time
on how it works before we get into the data breach.
It's a dating app that's kind of like the Yelp
if you were rating men instead of restaurants. So not
a dating app that helps you match with people to date,
but an app that tries to help you make more
informed dating choices. Women can anonymously share information about the
experiences that they've had with specific men to help inform
(02:56):
other women. The key here is the anonymity. When you
first join the app, you're told that it is totally
and completely anonymous, and that screenshotting the app is not possible.
If you try to take a screen chat, you'll get
a black screen, though you can obviously still take a
photo of the app with an additional device, which people
do pretty often. On the Tea app, you can even
(03:16):
describe a guy's behavior and have other women weigh in
on whether you should keep seeing him or not. Women
assign men red flags for problematic behavior and green flags
for good behavior. Basically, it's a digital whisper network in
the form of an app for women to post photos
of men and talk about whatever they might know about
that man, you know, like sabilling the tea. So what
separates the Tea App from other kinds of platforms like
(03:38):
this is that it kind of bills itself as an
app for women's safety. They gave ten percent of their
proceeds to the National Domestic bile Once topline, and even
though the app is free, users get five free searches
each month. After that, they're given a choice pay for
teas fifteen dollars a month subscription, or invite friends to
keep using it for free. So basically, invite your girlfriends
(03:59):
to have their data breached as well. All kidding aside,
it's actually kind of a smart strategy for a growing app,
especially one that is so dependent on having a large
userbase of women able to weigh in on the men
in any particular area. For apps like this users are
basically as good as cash, so either pay up for
the premium version or invite your girlfriends. The Tea app
promises that women who date men can make sure your
(04:22):
data is safe, not a catfish, or not in a relationship,
according to Tea's marketing materials. The app's founder, Sean Cook,
who formerly was a product manager at Salesforce and Shutterfly,
launched the app because he witnessed his own mother's terrifying
experience with online dating. He said she was catfished and
unknowingly engaged with men who had criminal records. He teamed
(04:43):
up with a social media creator named danielle A Satela,
who came on as the Tea app social media director
who created a buzzy, pink and purple gen Z friendly
social media presence for the app. The website says that
Tea is on a mission to revolutionize dating safety by
equipping women with cutting edge tools, real time insights, and
a powerful community to navigate the modern dating world with
(05:04):
confidence and control. At its core, the site says, Tea
is built on one fundamental belief women should never have
to compromise their safety wild dating, So users anonymously post
photos of men they're dating, and asking others if they
have any TEA on them. Users can also turn on
notification alerts to see if a specific name is mentioned
on the app. So if I meet Joe Blow on
(05:26):
the street and I want to keep tabs on whether
or not he shows up on the Tee app, I
can set a notification alert for his name. Other tools
on the app allow users to run background checks, search
for criminal records, and reverse image search for photos in
the hopes of spotting catfishing or people passing off photos
of other people as themselves. If this premise sounds kind
of familiar, it's because it's very similar to those are
(05:48):
we dating the same guide pages on social media, which
you might recall, sparked lawsuits last year. Chicago man sued Meta,
as well as women who dated him and their parents,
women who commented on Facebook posts about him in a
Facebook group, and the moderators of the group for defamation,
invasion of privacy, doxing, and more. The complaint was dismissed,
(06:08):
and similarly, a man in LA filed a lawsuit against
fifty women. The man, Stuart Lucas Murray, sued fifty women
for defamation, libel, sex, based discrimination and other allegations, all
stepping from their posts in the Facebook group. Are we
dating the same guy? Some of the women that he
sued had never even met him, only commented on the
(06:29):
Facebook post with things like oh wow, and.
Speaker 2 (06:32):
He sued them too.
Speaker 1 (06:34):
This situation is pretty interesting. I would actually recommend googling
Stuart Lucas Murray because he has a pretty prolific public profile.
I won't say much more than that because in my opinion,
he seems like a pretty litigious guy, but it is
an interesting google. So one of the defendants in that
suit described the accusations as baseless, emphasizing that the group
(06:54):
serves as a platform for sharing personal experiences with men
and opinions, which she says are protected from defamation. Here's
a little bit of their press conference.
Speaker 3 (07:02):
As myself and my fellow co defendants were just speaking
their truth, and unfortunately for him, it was again not favorable.
So he somehow found those comments that we did make. Again,
they were factual and they were based in our true experiences.
He found those comments and decided to come forth with
(07:28):
this lawsuit with his claims of defamation, which we feel
are invalid because there is no evidence that we know
of that would exist in support of his claims.
Speaker 1 (07:43):
So, just like that Chicago case, this case was also dismissed.
But even still, Facebook really started cracking down on those
are we Dating the same Guy pages where women would
dish about men on Facebook, which is pretty ironic considering
Mark Zuckerberg originally conceptualized the idea of to rate the
looks of the women that he called dogs in his
college dorm. But in any event, a lot of those
(08:05):
groups are being pushed off a Facebook, which is why
apps like the Tea app have popped up in their place.
This kind of yelp for people thing may seem novel,
but it's actually not a new idea at all. There
was an app back in twenty twelve called Lulu which
integrated with Facebook to let you rate men that you've
dated and judge them on what other women say about them.
It was actually pretty similar to the te app in
(08:26):
that when a Facebook user joined Lulu, it pulled the
names of the men that they knew in their network,
and if the user decided to rate them, it would
generate a public facing page announcing that that man had
been reviewed. Originally, that page featured Batman's name and photograph
pulled from his Facebook account. So Lulu was kind of
similar to the tea app, but it was really more
about rating men in bed, like a cheeky way of
(08:48):
being like, oh, this guy has hashtag big feet, and
less about trying to keep women safe from abuse. Lulu
was eventually acquired and shut down. Its Wikipedia page says
it was described and popular press as sexist and objectifying,
non consensual, and shallow and mean. I also remember, way
back in the early two thousands, there was this big
splash about a site called Girl Don't Date Him that
(09:11):
advertised itself as a kind of credit report for men.
The site's founder, Tasha Joseph, was kind of a fast
talking lady, and she was always going on entertainment news
shows to talk about dating. And I actually remember that
site got quite a lot of good press, but it
went just about as well as you might expect. The
Miami New Times wrote an interesting piece in two thousand
and six about how somebody fabricated a very sensational story
(09:34):
about a horrible man who sexually assaulted a woman that
later led to her death by suicide. The story was
completely fabricated, but posted on the site without proof and
it kind of went proto viral, but the torrid tale
was a total lie just to prove a point. The
person who wrote that sake post said, the bottom line
is that this website is dangerous, and the chances of
(09:56):
a visitor reading some bullshit story like the one that
I posted about someone they are great. The Miami New
Times also profiled a man on the site who was
accused of sexually assaulting a woman, but later it's revealed
that he's actually never had sex with a woman because
he's gay, and that the person who wrote that post
was actually a former coworker of his who was making
false reports on the site to harass him. In two
(10:18):
thousand and six, a Pennsylvania attorney filed a suit against
the website's owner, as well as two alleged posters and
five unidentified women, for various claims that they made about
him that he assorted were false and defamatory. The suit
was initially dismissed in Pennsylvania for lack of personal jurisdiction,
but in two thousand and seven that man brought a
second lawsuit in federal court in Florida, which was settled
(10:38):
after the judge refused to dismiss the new case. The
terms of the settlement were not disclosed. Girl Don't Date
Him eventually pivoted to publishing articles about safer gating practices
until it was shut down entirely. So, if you're wondering,
wouldn't a similar platform like the te app just potentially
turn into a breeding ground for defamation and harassment, I
had the very same thought, because you don't actually need
(11:00):
any proof about what is being posted to the app.
Anyone can basically say anything about anyone, So we do
know that statistically speaking, it is quite rare for women
to lie about abuse. Tea Support Team stresses that they
had a zero tolerance policy for defamatory content and that
they ask anyone on the receiving end of this to
get in touch with them. But of course they would
say that. I actually haven't seen much about how they
(11:23):
handle it when someone does get in touch about alleged defamation,
I would be curious to know, and I think given
the popularity and the attention of the tea app, I
would guess that that's probably something we'll be hearing more
about in the next coming weeks or months.
Speaker 2 (11:37):
Let's take a quick break at our back.
Speaker 1 (11:52):
Listeners probably know that I have kind of a complicated
relationship with Section two thirty of the Communications Decency Act,
the controversial law that's says that social media platforms are
not liable for the content posted by users. Now, we
have had experts on the show who have both defended
section two thirty as a critical law for protecting the
open Internet, and we've had other experts on the show
(12:12):
who have argued that it should be repealed because it
lets platforms off the hook for hosting things like hate speech. So,
needless to say, it's complicated, but as of today, section
two thirty it's still the law of the land. So
thanks to section two thirty, the t app itself is
protected from being liable for the content posted on the platform.
And according to Elliot Williams, a former Deputy Assistant Attorney
(12:33):
General at the Justice Department and current legal analyst for CNN,
in the case of individual users, establishing malicious intent, which
is required in a defamation lawsuit, might be kind of
tricky because they could always argue that their aim was
to protect other women and not to harm someone. But
as you might imagine, the app's premise was immediately polarizing
(12:53):
along the lines of gender war stuff. Some praised it
as a useful way to warn women about the dangerous
behavior of men, while others called it divisive and a
violation of men's privacy. Here's what the CEO had to say,
I'm a release podcast.
Speaker 4 (13:08):
We receive probably about three legal threats a day from
different men that are disappointed that women have told largely
true stories about them on these apps, and so they
are upset that they've done something bad to a woman,
and then a woman has told people about it. And
we have a full legal team that helps us navigate
those situations, and all of the way that we operate
(13:30):
is well within legal guidelines. And then you know, there's
also a whole men's rights activism community that doesn't like
what we're doing, and so they're constantly trying to tear
us down and organize, you know, mass petitions to take
us down and mass reporting of us on the app
stores to try to take us down. So, you know,
(13:50):
we have a lot of people that are unhappy about
what we're doing, and that's okay with us. You know,
we believe that women deserve to be able to share
their story and to be able to have safe relationships.
Speaker 1 (14:05):
So I obviously don't disagree with him that women should
be able to have safe relationships, but it really highlights
the question our apps like the t app the digital
version of a whisper network and a way for women
to inform each other about potential abusers, stalkers, and catfishes.
Or is it an app for women to gossip about men,
potentially defame them and put those men at risk. Here's
(14:27):
how Dazed puts it in a piece that was written
before news of the data breach, which we'll get to
in a moment. For some, the app is a vital resource,
a way to alert other women to the predators and
abusers lurking undetected in the dating pool. Unlike anything else
out there, this is an app designed with women's safety,
awareness and empowerment as its top priority, reads one review
on the app Store. It goes beyond basic dating protection
(14:49):
and truly provides a layer of defense against liars, cheaters, scammers,
and even predators. Another reviewer says they're glad to have
a means of warning other women about her abusive X.
He's attractive, smart, and charming. You'd never know it. For
so long, I was hoping for a way to warn
other women off of them. So I do think this
is legitimately very important, and I don't want to dismiss this.
(15:11):
Marginalized people especially have been making use of whisper networks
since forever. Gossip and information sharing can be a real
tool for women to keep ourselves in our community safe
when it doesn't always feel like we have access to
more traditional forms of safety. So I get it. There
is a real need for this kind of information sharing,
and I think the popularity of the tea app shows
(15:32):
that women really do feel like they need ways to
arm themselves with information to feel safeer when dating. When
you think about how common things like sexual abuse actually are,
it makes complete sense to me why women would flock
to something that says that it's offering them a feeling
like they can put their safety in their own hands
by searching a guy on the tea app before they
(15:52):
let him into their lives. But an app offering women
safety then lying to them and betraying those women by
by failing to follow the most basic steps that keeping
them safe is not it. And when you look at
what happened with this breach, we really are talking about
women's actual safety here, not just theoretically, So let's talk
(16:13):
about the breach I mentioned the app. It's only for women,
so in order to verify your gender, anyone signing up
to the app needs to submit a selfie, but in
earlier iterations of this app, in addition to a selfie,
women also had to submit their driver's licenses. One of
my big questions was how the app deals with trans
women or non binary people. The app does not disallow
trans women. I'm not totally sure about non binary people,
(16:36):
and let's not dive too much into the binary of
the app verifying one's gender to keep men out. But
if this is something that you've had experience with, please
let me know. You can shoot me a DM or
email us at hello at tenggo dot com. So once
your information is submitted to the t app, then there
is a waiting period up to seventeen hours or more
if a lot of people are trying to sign up
for the app at the same time as you now.
(16:56):
T said that. In twenty twenty three, it removed the
requirement for photo ID in addition to the selfie, so
now you to submit a selfie. But that bit about
having to submit your driver's license is going to be
pretty key here. So on Friday night, after the news
roundup is published and live in the world, your girl
is happily too, Margaritea is deep at the bar and
the folks who run the te app said that there
(17:18):
had been a data breach of a legacy storage system
holding data for its users. This came after the app
angered some men and prompted a thread on the extremist
troll message board four chan in which users called for
a hack and leak campaign of the tapp. A spokesperson
for the t app confirmed all of this to Life Hacker,
saying Tea identified unauthorized access to one of its systems
(17:42):
and immediately launched a full investigation to assess the scope
and impact. The initial results of this effort suggest that
the incident involved a legacy data storage system containing information
from over two years ago. Approximately seventy two thousand images,
including approximately thirteen thousand images of selfies and photo identification
submitted during the verification, and fifty nine thousand images publicly
(18:04):
viewable in the app from posts, comments, and direct messages
were accessed without authorization. So yeah, that includes about thirteen
thousand images of women's drivers' licenses that they submitted back
when that was a requirement to join the app, and
also posts, comments, and direct messages in the apps were
also part of this breach. Now here's kind of a
(18:25):
key detail. According to Tea's privacy policy, the selfies that
it requires from people signing up for the app are
deleted shortly after those users are verified. But that obviously
was not happening, or at least it wasn't happening with
the images that were included in that breach, according to
The New York Times, rather than being deleted like the
privacy policy said would happen, that data was stored quote
(18:47):
in compliance with law enforcement requirements related to cyber bullying prevention,
T said in a statement, and that data was not
moved to newer systems that Tea said were better fortified.
So basically, the t app lied to its users about
the privacy policies that it was taking. It's also not
clear what law enforcement requirements are talking about. I've got
(19:08):
to admit it kind of sounds like a pretty convenient
dodge to me, but I'm not totally sure. When the
breach initially happened, the company said that the only people
impacted were those who signed up before February twenty twenty four,
but on Monday, four or four Media reported that there
was a second major security issue, impacting women who had
signed up and used the app much more recently. Basically,
(19:29):
the t app exposed much more user data than was
initially reported, with an independent security researcher now finding that
it was possible for hackers to access really sensitive direct
messages between users. Kasher Rajarity, the researcher who flagged the
issue to four or for Media, sent a database of
more than one point one million messages they said stretched
(19:50):
from early twenty twenty three to as recently as last week,
and some of the private messages viewed by four l
for Media that hackers could have had access to included
various insive stuff, conversations about having had abortions, information about
cheating partners, and even messages that included people's phone numbers.
Despite Tea's initial statement that the only thing impacted was
(20:10):
information from over two years ago, the researcher also said
that they found the ability to send a push notification
to all of Tea's users like it is hard to
overstate how bad this is, so just to be clear,
I am not a software developer, so I'm not an
expert in this, but doing some research, it sounds like
the company has a lot of the blame here, to
(20:32):
the point where I'm not even sure that it's fair
to call this a hack or a leak, because they
were just that sloppy with user data like it truly
sounds like these women had photos and their driver's license
photos posted to four chan because the tee app just
didn't bother to take basic security steps. Four or four Media,
one of my favorite tech outlets, was the first to
(20:53):
break the story of what happened, which is that users
from four chan claimed to have discovered and exposed an
unsecured day database hosted on Google's mobile app development platform Firebase,
belonging to the t app. On four chan, folks were
bragging that this let them rifle through women's personal data
and selfies that were uploaded to the app. Then, of course,
they posted that data online. Over on four Chan, users exclaimed, yes,
(21:17):
if you sent t app your face and driver's license,
they dos you publicly. No authentication, no nothing, it's a
public bucket driver's licenses and face picks. Get the fuck
in here before they shut it down. Now, the thread
says that the issue was this exposed database that allowed
anybody to access this material, and ROO four media confirmed
(21:37):
a VOLUMEUS list of specific attachment associated with the t app.
Eventually that page was locked down. The four chan post
includes a photo of four women's driver's licenses that the
four chan user says they wedacted, but the comment on
that four Chan thread indicate that many more photos of
te users have been exposed, with one person claiming that
(21:57):
they downloaded thousands. Four four media saw four chan users
share dozens of photos of women that they claim were
downloaded from the database, which all shared the same image
dimensions and file naming formats that they saw on the
list in the exposed of Google firebase bucket. Initially, the
person who discovered all this says they tried to report
it to Google but ended up reporting it to four
(22:18):
or four media instead. So let's break this down, because
it's basically like if your doctor stored your private personal
medical records in an open crate in the back alley
behind the clinic, or like if your bank stored all
of your money in an open shoe box in the
bank f lobby. Obviously, it's pretty fucked up for four
chan to access this. But it is even more fucked
(22:38):
up that the t app, this app that is getting
away with feeling themselves to be about women's safety, is
letting this level of sensitive information just essentially be publicly accessible.
I cannot overstate what a massive, massive fuck up this
is because both because of the very serious harm that
has been done to these thirteen thousand women, and also
because it happened because the developers just left this information
(23:00):
and sitting out there unsecured for anybody to just come
and get it.
Speaker 5 (23:06):
More after a quick break, let's.
Speaker 2 (23:19):
Get right back into it.
Speaker 1 (23:22):
So what the ever loving flock happened here? We don't
actually know. A lot of my cybersecurity friends that I
talked to about this said that the site might have
been vibe coded, which is when someone who doesn't know
any better, or is just careless and sloppy and lazy,
just uses AI to help them put together a site
and they don't really know the things they should be
asking for, so it comes out really janky. But other
(23:44):
friends have suggested this could also just be a careless person.
There's also the idea that this kind of fuck up
is unfortunately not super uncommon. Just a few weeks ago,
the insurance company Alliance Life disclosed a breach through a
third party cloud vender affecting most of its one point
four million US customers, including financial professionals and employees, and
(24:06):
all of their personal data was accessed and due to
a Google Analytics misconfiguration on their site, up to four
point seven million individuals had their names, insurance details, zip codes,
and patient identifiers shared improperly. So as shocking as this is,
this kind of breach is not terribly uncommon. There was
also such big fervor around the TF breach an interactive
(24:28):
Google map was circulating online purporting to show where all
the different women's addresses included in the breach were located.
This even not to a point where a fake story
emerged on social media using an AI generated news broadcaster
warning women about the so called tea bag killer, who
the fake report said was killing the women whose addresses
were exposed in the breach. Now this is not.
Speaker 6 (24:50):
True, controversy clinging to it in the form of an
AI generated newscast.
Speaker 1 (24:56):
This week, police are investigating a string of murders linked
the tea app where women who exposed men were later
found dead.
Speaker 6 (25:04):
Detroit, Bola you say there was absolutely no truth to
the show called tea Bag Killer a stuff their throats
with tea bags.
Speaker 4 (25:12):
The post even had a name of a deepd investigator.
Speaker 1 (25:16):
There's no one by that name that works for the department.
Speaker 6 (25:19):
But if you're not looking, these deep fakes can be
tricky to.
Speaker 1 (25:22):
Spot, so thankfully you don't have to worry about the
tea Bag Killer. But we cannot not talk about the
gender dynamics at play here because something that almost feels
a little I don't know hinky about this entire thing
is that it fits so squarely and neatly into a
gender wars framework. You know, women using an app that
they believe to be anonymous to share pictures of men
(25:44):
and gossip about men, men saying this is dosing, and
then those same women getting docks by the really sloppy
privacy protocols, and their images being posted all over the
internet like it almost seems like a tailor made kind
of gender wars just so story to the point where
when I first heard about this breach, I almost wondered
if it was some kind of a setup. And of
(26:06):
course those women's images were floating all over the Internet,
with men making fun of them with all kinds of sexist,
misogynistic barbs. And just a few days after the breach,
someone made a site that ranks the looks of the
women featured in the breached images, which, hey, I thought
Mark Zuckerberg already had that idea, And some of those
photos have been ranked tens of thousands of times, And
(26:27):
I think that really demonstrates why women would flock to
an app like the tee app. You know, an app
that is promising, even falsely, to help women have safer
experiences with men. The fact that men on Fordshan would
do this kind of thing kind of proves their point.
When I went to see what people were saying about
this online, I found a lot of women upset at
the idea that men would be so bothered that women
(26:50):
would have a space online to discuss the behavior of men.
One Instagram comment on the tea App's Instagram page reads, Wow,
It's crazy how some men are genuinely upset about this app,
mainly because it disrupts their ability to move in deception
and avoid taking accountability for their actions. The t app's
Instagram page is littered with stories purporting to show women
who have used the app to find out their husbands
(27:12):
or the fathers of their kids are running around on them,
though it's not clear to me if these are actually
real stories or just more marketing from the app. And again,
I don't want to discount that women should have as
a base to talk about their experiences in dating, and
I don't want the survivors of abuse to go unheard.
But I have to admit that I am personally very
uncomfortable with apps like this, even while I understand why
(27:35):
women might feel empowered by what these apps are selling.
And of course there's already calls and online forms to
make a version of the tea app for men to
rate women as payback, even though men kind of already
have this, like men don't really need a dedicated app
to rate women. One such app, called Tea Borne, according
to NBC News, quickly ignited backlash after its creator called
(27:58):
out users for posting revenge. Wow. What a shocker. Who
could have seen that coming. The Tea Born app has
now been removed from the app store, and there are
men all over men's rights reddit communities saying that this
is evidence of anti mal bias, that the t app
for women to rate men would be able to remain
on the App Store, but the app for men to
(28:18):
rate women was taken down. I think what makes me
the most angry about this entire thing, honestly, isn't the
four Chan goons responsible. It's the fact that this app
would purport to give women a space to keep themselves
safe and betray them so cruelly by putting them at risk.
Like as fucked up as four Chan is for circulating
these images in this data, who expects anything other than
(28:41):
this kind of behavior from the guys who hang out
on four Chan. If anything, the fact that these kinds
of threats exist for women should mean that the people
who run apps like the Tea app have an even
bigger responsibility to protect those women that they have attracted
to their platform with the promise of caring about their safety,
or at the very least, east they ought to not
be outright line to those women about what steps they're
(29:03):
taking to keep them safe so they can make up
their own minds about whether or not they're going to
trust this platform. The t app issued an apology for
the breach, but it kind of doesn't matter. They had
a responsibility to protect their users and they failed hard
and suck ups like this are not a force of nature.
They happened because somebody somewhere in the company decided that
this about of security was good enough. They could have
(29:25):
hired additional software engineers or contracted with an outside company
to do a security audit, but they didn't. They decided
to spend money on other stuff, and it's obvious that
they did not invest enough in security to keep their
users safe. The t app security practices, or lack thereof,
make me think that this app that was started by
a man was never really invested in women's safety at all,
(29:47):
because if they were, they would have had better security practices.
I think that what they were actually interested in is
just capitalizing on the inevitable online engagement from the promise
of women telling each other juicy stories about men. Cover
that with a little splashy, pink influencer style social media presence,
and you've got a solid business plan to capitalize on
(30:08):
the unpleasant experiences of women. Who cares if you put
those women at risk? I mean, this is just my
personal take, but I think the t app was basically
quickly and sloppily thrown together with security and privacy obviously
as an afterthought, just to generate and make use of
gendered rage bait in order to garner attention for the app.
And the sad thing is this is effective. I just
(30:30):
checked and the t app is currently the number two
app on the entire app store. To put that in perspective,
right now, the number one app is Chatsheet BT And
I guess ultimately, I simply do not trust a lot
of for profit apps that are selling and packaging safety
to women, because real safety is not someone telling you
on an app that a guy is a red flag.
(30:51):
It's having safer communities, healthier relationship dynamics, avenues for meaningful accountability.
It's about being able to communicate on platforms that aren't
just lying to us and exploiting us and putting us
at risk. So yeah, I guess I just don't like
the idea of safety being sold to us as a
for profit app, and I think it also creates a
dynamic that puts the burden on keeping yourself safe on women,
(31:12):
like we should be able to have safe dating experiences
without relying on apps that ultimately exploit us. And honestly,
what makes me really sad is that on the tee
app's Instagram posts about the breach. A lot of the
comments are from women who do not seem to care
about the breach. They just want to know when their
verification to sign up for the app will be approved.
And it makes me sad that the state of gender
(31:33):
in dating is so bad that even on a post
about the app admitting how carelessly it treated very sensitive
information of their users, people are still just clamoring to
get on the app like it makes me think we
really are cooked. And I think the Tea app is
a bit of a harbinger of things to come bad
things to be clear, because we've talked a lot about
the rise of age verification laws and laws that would
(31:56):
require folks to submit their government ID to access different
corners of the inn. I am very personally against laws
like this for several reasons, but what happened with the
t app reach is an excellent example of one of
those reasons. A lot of what keeps us secure online
comes down to shared norms, like we learn not to
click those suspicious links and not to give away our
(32:16):
two factor authentication codes, or had to spot a scam
or a spoof call. But when apps and websites start
asking for more and more sensitive information, like social security numbers,
face scans, our photo IDs. It trains us to just
hand over our data without really thinking twice about it.
Sharing this kind of information can start to feel as
automatic as just hitting agree on terms of service without
(32:37):
thinking much about it, and that is no good. The
more apps and services that require us to give up
our personal information, they're more opportunity there is for that
information to fall into the wrong hands. Cybersecurity experts sometimes
call this expanding the surface area of risk, and the
real problem is is that we don't have any real
way of knowing how our data will be stored or
(32:58):
used once we hand it over. The tea app said
they were deleting verification, selfies and government IDs, but we
can see that they clearly did not, because that information
is now floating all over the Internet. So a company
might say, oh, yeah, we're following very strict privacy policies,
but that doesn't mean they actually are, and the t
app obviously wasn't. Even companies with solid security protocols can
(33:19):
still get hacked hacked, and when the stakes are this high,
you know when what's being collected is tied to your
government name and identity, and address these risks are not theoretical.
As more platforms require ID uploads and facial recognition, I
think we're only going to see more problems with this,
and weak security practices are not just inconvenient, they're dangerous,
(33:40):
not just for women, for all of us. Last year,
for or for Media reported that a company that verifies
the identities of kicktok uber and x users, sometimes by
processing photographs of their faces and pictures of their driver's licenses,
exposed a set of an administrative credentials online for more than
a year, potentially allowing hackers to access that sensitive data.
And this is happening as more social networks and pornography
(34:03):
sites move toward an identity or age verification model in
which users are required to upload their real identity documents
to access certain services, usually because laws require it in
a misguided effort to protect children. The Tea breach highlights
that identity services are themselves a prime target for hackers
and a major threat to all of our safety. So
(34:23):
if these are the same companies that we might all
be using, if age verification becomes more widespread across the country,
we could all very well be at risk. So as
for the Tea app, in the wake of the breach,
They say they have engaged third party cybersecurity experts and
are working around the clock to secure systems. In a statement,
they said, at this time, we have implemented additional security
measures and a fixed the data issue. We are currently
(34:45):
working to determine the full nature and scope of the
information involved in the incident. Protecting our users' privacy and
data is our highest priority. We are taking every necessary
step to ensure the security of our platform and prevent
further exposure. This is tail as old as the Internet itself.
Company rushes to build sloppy software, pushes it to users
with weak security, gets burned by a data breach, and
(35:08):
then and only then invest in resources that actually protect
their users. But it shouldn't take a disaster like this
one for a company to do the right thing and
prioritize user safety. And this kind of thing honestly tells
you a ton about a company's values and the values
of the people who work there. So not to put
too fine a point on it, but I think if
(35:28):
you currently have the t app, you should delete it.
I don't think that any company that lies to its
users while purporting to be all about keeping themselves is
a company that you can trust, even if they do
clean up their act. Women deserve so much better. Got
a story about an interesting thing in tech, or just
(35:48):
want to say hi? You can reach us at Hello
at tengody dot com. You can also find transcripts for
today's episode at tengody dot com. There Are No Girls
on the Internet was created by me Brigitad. It's a
production of iHeartRadio and Unbossed. Created Jonathan Strickland is our
executive producer. Tarry Harrison is our producer and sound engineer.
Michael Almato is our contributing producer. I'm your host, Bridget Dodd.
(36:09):
If you want to help us grow, rate and review
us on Apple Podcasts. For more podcasts from iHeartRadio, check
out the iHeartRadio app, Apple Podcasts, or wherever you get
your podcasts.
There Are No Girls on the Internet, as a production
of iHeartRadio and Unbossed Creative. I'm Bridget Todd and this
is There Are No Girls on the Internet. In last
week's News Roundup, one of the stories that we cut
for Time was about the Tea dating app for women.
At the time when we were recording, the story was
(00:25):
still pretty simple, just that this dating app that had
quietly existed for two years had rocketed to the top
of Apple's App Store because it was getting a ton
of attention on social media from people making videos on
platforms like TikTok about how the app played into gender
dynamics around women who date men. I was seeing posts
on TikTok about the Tea app from my own city
here in DC, about how some women were using it
(00:47):
to talk about legitimately abusive behavior from men, while other
women were using it to talk about sort of commonplace
dating annoyances like men who don't text back or men
who ghost, and how conflating those two things on one
app it's probably not great. According to the people who
run the t app, all of these kinds of pots
were really driving a ton of attention, which is not
(01:09):
at all surprising because gender war stuff will always generate engagement.
That attention was both positive and negative, with a lot
of men complaining about how this app was unfair. But
in the economy of the Internet, it really doesn't matter
because it's all engagement either way. So everybody was talking
about this app and it became number one on the
App Store in the lifestyle category. The company said that
(01:30):
something like one million people had downloaded the app in
just a few weeks alone since or Tower, a marketing
intelligence firm that tracks app data, estimated that the downloads
of the app increased one hundred and eighty five percent
in the first twenty days of July compared with June.
Of that same period, the company that makes the app
set on social media that they had gotten over four
million female users, with a waiting list of approximately nine
(01:53):
hundred thousand new prospective users. There's a waiting list because
before women can use the app, they have to be verified.
This be important for later. So as recently as last
Thursday night, when we were recording the news roundup, that
was really the main gist of what was going on.
So I ended up not talking about it at all
because there was a lot of other important stuff going
on and I kind of just ran out of time.
(02:14):
But now I am glad that we did not talk
about it, because right after we published that episode, the
Tea App experienced a pretty major data breach. So let's
talk about what the Tea App is, what exactly happened,
the gendered history of online platforms like the Tea App,
and what I think it all means. So what exactly
(02:34):
is the Tea App? I want to spend some time
on how it works before we get into the data breach.
It's a dating app that's kind of like the Yelp
if you were rating men instead of restaurants. So not
a dating app that helps you match with people to date,
but an app that tries to help you make more
informed dating choices. Women can anonymously share information about the
experiences that they've had with specific men to help inform
(02:56):
other women. The key here is the anonymity. When you
first join the app, you're told that it is totally
and completely anonymous, and that screenshotting the app is not possible.
If you try to take a screen chat, you'll get
a black screen, though you can obviously still take a
photo of the app with an additional device, which people
do pretty often. On the Tea app, you can even
(03:16):
describe a guy's behavior and have other women weigh in
on whether you should keep seeing him or not. Women
assign men red flags for problematic behavior and green flags
for good behavior. Basically, it's a digital whisper network in
the form of an app for women to post photos
of men and talk about whatever they might know about
that man, you know, like sabilling the tea. So what
separates the Tea App from other kinds of platforms like
(03:38):
this is that it kind of bills itself as an
app for women's safety. They gave ten percent of their
proceeds to the National Domestic bile Once topline, and even
though the app is free, users get five free searches
each month. After that, they're given a choice pay for
teas fifteen dollars a month subscription, or invite friends to
keep using it for free. So basically, invite your girlfriends
(03:59):
to have their data breached as well. All kidding aside,
it's actually kind of a smart strategy for a growing app,
especially one that is so dependent on having a large
userbase of women able to weigh in on the men
in any particular area. For apps like this users are
basically as good as cash, so either pay up for
the premium version or invite your girlfriends. The Tea app
promises that women who date men can make sure your
(04:22):
data is safe, not a catfish, or not in a relationship,
according to Tea's marketing materials. The app's founder, Sean Cook,
who formerly was a product manager at Salesforce and Shutterfly,
launched the app because he witnessed his own mother's terrifying
experience with online dating. He said she was catfished and
unknowingly engaged with men who had criminal records. He teamed
(04:43):
up with a social media creator named danielle A Satela,
who came on as the Tea app social media director
who created a buzzy, pink and purple gen Z friendly
social media presence for the app. The website says that
Tea is on a mission to revolutionize dating safety by
equipping women with cutting edge tools, real time insights, and
a powerful community to navigate the modern dating world with
(05:04):
confidence and control. At its core, the site says, Tea
is built on one fundamental belief women should never have
to compromise their safety wild dating, So users anonymously post
photos of men they're dating, and asking others if they
have any TEA on them. Users can also turn on
notification alerts to see if a specific name is mentioned
on the app. So if I meet Joe Blow on
(05:26):
the street and I want to keep tabs on whether
or not he shows up on the Tee app, I
can set a notification alert for his name. Other tools
on the app allow users to run background checks, search
for criminal records, and reverse image search for photos in
the hopes of spotting catfishing or people passing off photos
of other people as themselves. If this premise sounds kind
of familiar, it's because it's very similar to those are
(05:48):
we dating the same guide pages on social media, which
you might recall, sparked lawsuits last year. Chicago man sued Meta,
as well as women who dated him and their parents,
women who commented on Facebook posts about him in a
Facebook group, and the moderators of the group for defamation,
invasion of privacy, doxing, and more. The complaint was dismissed,
(06:08):
and similarly, a man in LA filed a lawsuit against
fifty women. The man, Stuart Lucas Murray, sued fifty women
for defamation, libel, sex, based discrimination and other allegations, all
stepping from their posts in the Facebook group. Are we
dating the same guy? Some of the women that he
sued had never even met him, only commented on the
(06:29):
Facebook post with things like oh wow, and.
Speaker 2 (06:32):
He sued them too.
Speaker 1 (06:34):
This situation is pretty interesting. I would actually recommend googling
Stuart Lucas Murray because he has a pretty prolific public profile.
I won't say much more than that because in my opinion,
he seems like a pretty litigious guy, but it is
an interesting google. So one of the defendants in that
suit described the accusations as baseless, emphasizing that the group
(06:54):
serves as a platform for sharing personal experiences with men
and opinions, which she says are protected from defamation. Here's
a little bit of their press conference.
Speaker 3 (07:02):
As myself and my fellow co defendants were just speaking
their truth, and unfortunately for him, it was again not favorable.
So he somehow found those comments that we did make. Again,
they were factual and they were based in our true experiences.
He found those comments and decided to come forth with
(07:28):
this lawsuit with his claims of defamation, which we feel
are invalid because there is no evidence that we know
of that would exist in support of his claims.
Speaker 1 (07:43):
So, just like that Chicago case, this case was also dismissed.
But even still, Facebook really started cracking down on those
are we Dating the same Guy pages where women would
dish about men on Facebook, which is pretty ironic considering
Mark Zuckerberg originally conceptualized the idea of to rate the
looks of the women that he called dogs in his
college dorm. But in any event, a lot of those
(08:05):
groups are being pushed off a Facebook, which is why
apps like the Tea app have popped up in their place.
This kind of yelp for people thing may seem novel,
but it's actually not a new idea at all. There
was an app back in twenty twelve called Lulu which
integrated with Facebook to let you rate men that you've
dated and judge them on what other women say about them.
It was actually pretty similar to the te app in
(08:26):
that when a Facebook user joined Lulu, it pulled the
names of the men that they knew in their network,
and if the user decided to rate them, it would
generate a public facing page announcing that that man had
been reviewed. Originally, that page featured Batman's name and photograph
pulled from his Facebook account. So Lulu was kind of
similar to the tea app, but it was really more
about rating men in bed, like a cheeky way of
(08:48):
being like, oh, this guy has hashtag big feet, and
less about trying to keep women safe from abuse. Lulu
was eventually acquired and shut down. Its Wikipedia page says
it was described and popular press as sexist and objectifying,
non consensual, and shallow and mean. I also remember, way
back in the early two thousands, there was this big
splash about a site called Girl Don't Date Him that
(09:11):
advertised itself as a kind of credit report for men.
The site's founder, Tasha Joseph, was kind of a fast
talking lady, and she was always going on entertainment news
shows to talk about dating. And I actually remember that
site got quite a lot of good press, but it
went just about as well as you might expect. The
Miami New Times wrote an interesting piece in two thousand
and six about how somebody fabricated a very sensational story
(09:34):
about a horrible man who sexually assaulted a woman that
later led to her death by suicide. The story was
completely fabricated, but posted on the site without proof and
it kind of went proto viral, but the torrid tale
was a total lie just to prove a point. The
person who wrote that sake post said, the bottom line
is that this website is dangerous, and the chances of
(09:56):
a visitor reading some bullshit story like the one that
I posted about someone they are great. The Miami New
Times also profiled a man on the site who was
accused of sexually assaulting a woman, but later it's revealed
that he's actually never had sex with a woman because
he's gay, and that the person who wrote that post
was actually a former coworker of his who was making
false reports on the site to harass him. In two
(10:18):
thousand and six, a Pennsylvania attorney filed a suit against
the website's owner, as well as two alleged posters and
five unidentified women, for various claims that they made about
him that he assorted were false and defamatory. The suit
was initially dismissed in Pennsylvania for lack of personal jurisdiction,
but in two thousand and seven that man brought a
second lawsuit in federal court in Florida, which was settled
(10:38):
after the judge refused to dismiss the new case. The
terms of the settlement were not disclosed. Girl Don't Date
Him eventually pivoted to publishing articles about safer gating practices
until it was shut down entirely. So, if you're wondering,
wouldn't a similar platform like the te app just potentially
turn into a breeding ground for defamation and harassment, I
had the very same thought, because you don't actually need
(11:00):
any proof about what is being posted to the app.
Anyone can basically say anything about anyone, So we do
know that statistically speaking, it is quite rare for women
to lie about abuse. Tea Support Team stresses that they
had a zero tolerance policy for defamatory content and that
they ask anyone on the receiving end of this to
get in touch with them. But of course they would
say that. I actually haven't seen much about how they
(11:23):
handle it when someone does get in touch about alleged defamation,
I would be curious to know, and I think given
the popularity and the attention of the tea app, I
would guess that that's probably something we'll be hearing more
about in the next coming weeks or months.
Speaker 2 (11:37):
Let's take a quick break at our back.
Speaker 1 (11:52):
Listeners probably know that I have kind of a complicated
relationship with Section two thirty of the Communications Decency Act,
the controversial law that's says that social media platforms are
not liable for the content posted by users. Now, we
have had experts on the show who have both defended
section two thirty as a critical law for protecting the
open Internet, and we've had other experts on the show
(12:12):
who have argued that it should be repealed because it
lets platforms off the hook for hosting things like hate speech. So,
needless to say, it's complicated, but as of today, section
two thirty it's still the law of the land. So
thanks to section two thirty, the t app itself is
protected from being liable for the content posted on the platform.
And according to Elliot Williams, a former Deputy Assistant Attorney
(12:33):
General at the Justice Department and current legal analyst for CNN,
in the case of individual users, establishing malicious intent, which
is required in a defamation lawsuit, might be kind of
tricky because they could always argue that their aim was
to protect other women and not to harm someone. But
as you might imagine, the app's premise was immediately polarizing
(12:53):
along the lines of gender war stuff. Some praised it
as a useful way to warn women about the dangerous
behavior of men, while others called it divisive and a
violation of men's privacy. Here's what the CEO had to say,
I'm a release podcast.
Speaker 4 (13:08):
We receive probably about three legal threats a day from
different men that are disappointed that women have told largely
true stories about them on these apps, and so they
are upset that they've done something bad to a woman,
and then a woman has told people about it. And
we have a full legal team that helps us navigate
those situations, and all of the way that we operate
(13:30):
is well within legal guidelines. And then you know, there's
also a whole men's rights activism community that doesn't like
what we're doing, and so they're constantly trying to tear
us down and organize, you know, mass petitions to take
us down and mass reporting of us on the app
stores to try to take us down. So, you know,
(13:50):
we have a lot of people that are unhappy about
what we're doing, and that's okay with us. You know,
we believe that women deserve to be able to share
their story and to be able to have safe relationships.
Speaker 1 (14:05):
So I obviously don't disagree with him that women should
be able to have safe relationships, but it really highlights
the question our apps like the t app the digital
version of a whisper network and a way for women
to inform each other about potential abusers, stalkers, and catfishes.
Or is it an app for women to gossip about men,
potentially defame them and put those men at risk. Here's
(14:27):
how Dazed puts it in a piece that was written
before news of the data breach, which we'll get to
in a moment. For some, the app is a vital resource,
a way to alert other women to the predators and
abusers lurking undetected in the dating pool. Unlike anything else
out there, this is an app designed with women's safety,
awareness and empowerment as its top priority, reads one review
on the app Store. It goes beyond basic dating protection
(14:49):
and truly provides a layer of defense against liars, cheaters, scammers,
and even predators. Another reviewer says they're glad to have
a means of warning other women about her abusive X.
He's attractive, smart, and charming. You'd never know it. For
so long, I was hoping for a way to warn
other women off of them. So I do think this
is legitimately very important, and I don't want to dismiss this.
(15:11):
Marginalized people especially have been making use of whisper networks
since forever. Gossip and information sharing can be a real
tool for women to keep ourselves in our community safe
when it doesn't always feel like we have access to
more traditional forms of safety. So I get it. There
is a real need for this kind of information sharing,
and I think the popularity of the tea app shows
(15:32):
that women really do feel like they need ways to
arm themselves with information to feel safeer when dating. When
you think about how common things like sexual abuse actually are,
it makes complete sense to me why women would flock
to something that says that it's offering them a feeling
like they can put their safety in their own hands
by searching a guy on the tea app before they
(15:52):
let him into their lives. But an app offering women
safety then lying to them and betraying those women by
by failing to follow the most basic steps that keeping
them safe is not it. And when you look at
what happened with this breach, we really are talking about
women's actual safety here, not just theoretically, So let's talk
(16:13):
about the breach I mentioned the app. It's only for women,
so in order to verify your gender, anyone signing up
to the app needs to submit a selfie, but in
earlier iterations of this app, in addition to a selfie,
women also had to submit their driver's licenses. One of
my big questions was how the app deals with trans
women or non binary people. The app does not disallow
trans women. I'm not totally sure about non binary people,
(16:36):
and let's not dive too much into the binary of
the app verifying one's gender to keep men out. But
if this is something that you've had experience with, please
let me know. You can shoot me a DM or
email us at hello at tenggo dot com. So once
your information is submitted to the t app, then there
is a waiting period up to seventeen hours or more
if a lot of people are trying to sign up
for the app at the same time as you now.
(16:56):
T said that. In twenty twenty three, it removed the
requirement for photo ID in addition to the selfie, so
now you to submit a selfie. But that bit about
having to submit your driver's license is going to be
pretty key here. So on Friday night, after the news
roundup is published and live in the world, your girl
is happily too, Margaritea is deep at the bar and
the folks who run the te app said that there
(17:18):
had been a data breach of a legacy storage system
holding data for its users. This came after the app
angered some men and prompted a thread on the extremist
troll message board four chan in which users called for
a hack and leak campaign of the tapp. A spokesperson
for the t app confirmed all of this to Life Hacker,
saying Tea identified unauthorized access to one of its systems
(17:42):
and immediately launched a full investigation to assess the scope
and impact. The initial results of this effort suggest that
the incident involved a legacy data storage system containing information
from over two years ago. Approximately seventy two thousand images,
including approximately thirteen thousand images of selfies and photo identification
submitted during the verification, and fifty nine thousand images publicly
(18:04):
viewable in the app from posts, comments, and direct messages
were accessed without authorization. So yeah, that includes about thirteen
thousand images of women's drivers' licenses that they submitted back
when that was a requirement to join the app, and
also posts, comments, and direct messages in the apps were
also part of this breach. Now here's kind of a
(18:25):
key detail. According to Tea's privacy policy, the selfies that
it requires from people signing up for the app are
deleted shortly after those users are verified. But that obviously
was not happening, or at least it wasn't happening with
the images that were included in that breach, according to
The New York Times, rather than being deleted like the
privacy policy said would happen, that data was stored quote
(18:47):
in compliance with law enforcement requirements related to cyber bullying prevention,
T said in a statement, and that data was not
moved to newer systems that Tea said were better fortified.
So basically, the t app lied to its users about
the privacy policies that it was taking. It's also not
clear what law enforcement requirements are talking about. I've got
(19:08):
to admit it kind of sounds like a pretty convenient
dodge to me, but I'm not totally sure. When the
breach initially happened, the company said that the only people
impacted were those who signed up before February twenty twenty four,
but on Monday, four or four Media reported that there
was a second major security issue, impacting women who had
signed up and used the app much more recently. Basically,
(19:29):
the t app exposed much more user data than was
initially reported, with an independent security researcher now finding that
it was possible for hackers to access really sensitive direct
messages between users. Kasher Rajarity, the researcher who flagged the
issue to four or for Media, sent a database of
more than one point one million messages they said stretched
(19:50):
from early twenty twenty three to as recently as last week,
and some of the private messages viewed by four l
for Media that hackers could have had access to included
various insive stuff, conversations about having had abortions, information about
cheating partners, and even messages that included people's phone numbers.
Despite Tea's initial statement that the only thing impacted was
(20:10):
information from over two years ago, the researcher also said
that they found the ability to send a push notification
to all of Tea's users like it is hard to
overstate how bad this is, so just to be clear,
I am not a software developer, so I'm not an
expert in this, but doing some research, it sounds like
the company has a lot of the blame here, to
(20:32):
the point where I'm not even sure that it's fair
to call this a hack or a leak, because they
were just that sloppy with user data like it truly
sounds like these women had photos and their driver's license
photos posted to four chan because the tee app just
didn't bother to take basic security steps. Four or four Media,
one of my favorite tech outlets, was the first to
(20:53):
break the story of what happened, which is that users
from four chan claimed to have discovered and exposed an
unsecured day database hosted on Google's mobile app development platform Firebase,
belonging to the t app. On four chan, folks were
bragging that this let them rifle through women's personal data
and selfies that were uploaded to the app. Then, of course,
they posted that data online. Over on four Chan, users exclaimed, yes,
(21:17):
if you sent t app your face and driver's license,
they dos you publicly. No authentication, no nothing, it's a
public bucket driver's licenses and face picks. Get the fuck
in here before they shut it down. Now, the thread
says that the issue was this exposed database that allowed
anybody to access this material, and ROO four media confirmed
(21:37):
a VOLUMEUS list of specific attachment associated with the t app.
Eventually that page was locked down. The four chan post
includes a photo of four women's driver's licenses that the
four chan user says they wedacted, but the comment on
that four Chan thread indicate that many more photos of
te users have been exposed, with one person claiming that
(21:57):
they downloaded thousands. Four four media saw four chan users
share dozens of photos of women that they claim were
downloaded from the database, which all shared the same image
dimensions and file naming formats that they saw on the
list in the exposed of Google firebase bucket. Initially, the
person who discovered all this says they tried to report
it to Google but ended up reporting it to four
(22:18):
or four media instead. So let's break this down, because
it's basically like if your doctor stored your private personal
medical records in an open crate in the back alley
behind the clinic, or like if your bank stored all
of your money in an open shoe box in the
bank f lobby. Obviously, it's pretty fucked up for four
chan to access this. But it is even more fucked
(22:38):
up that the t app, this app that is getting
away with feeling themselves to be about women's safety, is
letting this level of sensitive information just essentially be publicly accessible.
I cannot overstate what a massive, massive fuck up this
is because both because of the very serious harm that
has been done to these thirteen thousand women, and also
because it happened because the developers just left this information
(23:00):
and sitting out there unsecured for anybody to just come
and get it.
Speaker 5 (23:06):
More after a quick break, let's.
Speaker 2 (23:19):
Get right back into it.
Speaker 1 (23:22):
So what the ever loving flock happened here? We don't
actually know. A lot of my cybersecurity friends that I
talked to about this said that the site might have
been vibe coded, which is when someone who doesn't know
any better, or is just careless and sloppy and lazy,
just uses AI to help them put together a site
and they don't really know the things they should be
asking for, so it comes out really janky. But other
(23:44):
friends have suggested this could also just be a careless person.
There's also the idea that this kind of fuck up
is unfortunately not super uncommon. Just a few weeks ago,
the insurance company Alliance Life disclosed a breach through a
third party cloud vender affecting most of its one point
four million US customers, including financial professionals and employees, and
(24:06):
all of their personal data was accessed and due to
a Google Analytics misconfiguration on their site, up to four
point seven million individuals had their names, insurance details, zip codes,
and patient identifiers shared improperly. So as shocking as this is,
this kind of breach is not terribly uncommon. There was
also such big fervor around the TF breach an interactive
(24:28):
Google map was circulating online purporting to show where all
the different women's addresses included in the breach were located.
This even not to a point where a fake story
emerged on social media using an AI generated news broadcaster
warning women about the so called tea bag killer, who
the fake report said was killing the women whose addresses
were exposed in the breach. Now this is not.
Speaker 6 (24:50):
True, controversy clinging to it in the form of an
AI generated newscast.
Speaker 1 (24:56):
This week, police are investigating a string of murders linked
the tea app where women who exposed men were later
found dead.
Speaker 6 (25:04):
Detroit, Bola you say there was absolutely no truth to
the show called tea Bag Killer a stuff their throats
with tea bags.
Speaker 4 (25:12):
The post even had a name of a deepd investigator.
Speaker 1 (25:16):
There's no one by that name that works for the department.
Speaker 6 (25:19):
But if you're not looking, these deep fakes can be
tricky to.
Speaker 1 (25:22):
Spot, so thankfully you don't have to worry about the
tea Bag Killer. But we cannot not talk about the
gender dynamics at play here because something that almost feels
a little I don't know hinky about this entire thing
is that it fits so squarely and neatly into a
gender wars framework. You know, women using an app that
they believe to be anonymous to share pictures of men
(25:44):
and gossip about men, men saying this is dosing, and
then those same women getting docks by the really sloppy
privacy protocols, and their images being posted all over the
internet like it almost seems like a tailor made kind
of gender wars just so story to the point where
when I first heard about this breach, I almost wondered
if it was some kind of a setup. And of
(26:06):
course those women's images were floating all over the Internet,
with men making fun of them with all kinds of sexist,
misogynistic barbs. And just a few days after the breach,
someone made a site that ranks the looks of the
women featured in the breached images, which, hey, I thought
Mark Zuckerberg already had that idea, And some of those
photos have been ranked tens of thousands of times, And
(26:27):
I think that really demonstrates why women would flock to
an app like the tee app. You know, an app
that is promising, even falsely, to help women have safer
experiences with men. The fact that men on Fordshan would
do this kind of thing kind of proves their point.
When I went to see what people were saying about
this online, I found a lot of women upset at
the idea that men would be so bothered that women
(26:50):
would have a space online to discuss the behavior of men.
One Instagram comment on the tea App's Instagram page reads, Wow,
It's crazy how some men are genuinely upset about this app,
mainly because it disrupts their ability to move in deception
and avoid taking accountability for their actions. The t app's
Instagram page is littered with stories purporting to show women
who have used the app to find out their husbands
(27:12):
or the fathers of their kids are running around on them,
though it's not clear to me if these are actually
real stories or just more marketing from the app. And again,
I don't want to discount that women should have as
a base to talk about their experiences in dating, and
I don't want the survivors of abuse to go unheard.
But I have to admit that I am personally very
uncomfortable with apps like this, even while I understand why
(27:35):
women might feel empowered by what these apps are selling.
And of course there's already calls and online forms to
make a version of the tea app for men to
rate women as payback, even though men kind of already
have this, like men don't really need a dedicated app
to rate women. One such app, called Tea Borne, according
to NBC News, quickly ignited backlash after its creator called
(27:58):
out users for posting revenge. Wow. What a shocker. Who
could have seen that coming. The Tea Born app has
now been removed from the app store, and there are
men all over men's rights reddit communities saying that this
is evidence of anti mal bias, that the t app
for women to rate men would be able to remain
on the App Store, but the app for men to
(28:18):
rate women was taken down. I think what makes me
the most angry about this entire thing, honestly, isn't the
four Chan goons responsible. It's the fact that this app
would purport to give women a space to keep themselves
safe and betray them so cruelly by putting them at risk.
Like as fucked up as four Chan is for circulating
these images in this data, who expects anything other than
(28:41):
this kind of behavior from the guys who hang out
on four Chan. If anything, the fact that these kinds
of threats exist for women should mean that the people
who run apps like the Tea app have an even
bigger responsibility to protect those women that they have attracted
to their platform with the promise of caring about their safety,
or at the very least, east they ought to not
be outright line to those women about what steps they're
(29:03):
taking to keep them safe so they can make up
their own minds about whether or not they're going to
trust this platform. The t app issued an apology for
the breach, but it kind of doesn't matter. They had
a responsibility to protect their users and they failed hard
and suck ups like this are not a force of nature.
They happened because somebody somewhere in the company decided that
this about of security was good enough. They could have
(29:25):
hired additional software engineers or contracted with an outside company
to do a security audit, but they didn't. They decided
to spend money on other stuff, and it's obvious that
they did not invest enough in security to keep their
users safe. The t app security practices, or lack thereof,
make me think that this app that was started by
a man was never really invested in women's safety at all,
(29:47):
because if they were, they would have had better security practices.
I think that what they were actually interested in is
just capitalizing on the inevitable online engagement from the promise
of women telling each other juicy stories about men. Cover
that with a little splashy, pink influencer style social media presence,
and you've got a solid business plan to capitalize on
(30:08):
the unpleasant experiences of women. Who cares if you put
those women at risk? I mean, this is just my
personal take, but I think the t app was basically
quickly and sloppily thrown together with security and privacy obviously
as an afterthought, just to generate and make use of
gendered rage bait in order to garner attention for the app.
And the sad thing is this is effective. I just
(30:30):
checked and the t app is currently the number two
app on the entire app store. To put that in perspective,
right now, the number one app is Chatsheet BT And
I guess ultimately, I simply do not trust a lot
of for profit apps that are selling and packaging safety
to women, because real safety is not someone telling you
on an app that a guy is a red flag.
(30:51):
It's having safer communities, healthier relationship dynamics, avenues for meaningful accountability.
It's about being able to communicate on platforms that aren't
just lying to us and exploiting us and putting us
at risk. So yeah, I guess I just don't like
the idea of safety being sold to us as a
for profit app, and I think it also creates a
dynamic that puts the burden on keeping yourself safe on women,
(31:12):
like we should be able to have safe dating experiences
without relying on apps that ultimately exploit us. And honestly,
what makes me really sad is that on the tee
app's Instagram posts about the breach. A lot of the
comments are from women who do not seem to care
about the breach. They just want to know when their
verification to sign up for the app will be approved.
And it makes me sad that the state of gender
(31:33):
in dating is so bad that even on a post
about the app admitting how carelessly it treated very sensitive
information of their users, people are still just clamoring to
get on the app like it makes me think we
really are cooked. And I think the Tea app is
a bit of a harbinger of things to come bad
things to be clear, because we've talked a lot about
the rise of age verification laws and laws that would
(31:56):
require folks to submit their government ID to access different
corners of the inn. I am very personally against laws
like this for several reasons, but what happened with the
t app reach is an excellent example of one of
those reasons. A lot of what keeps us secure online
comes down to shared norms, like we learn not to
click those suspicious links and not to give away our
(32:16):
two factor authentication codes, or had to spot a scam
or a spoof call. But when apps and websites start
asking for more and more sensitive information, like social security numbers,
face scans, our photo IDs. It trains us to just
hand over our data without really thinking twice about it.
Sharing this kind of information can start to feel as
automatic as just hitting agree on terms of service without
(32:37):
thinking much about it, and that is no good. The
more apps and services that require us to give up
our personal information, they're more opportunity there is for that
information to fall into the wrong hands. Cybersecurity experts sometimes
call this expanding the surface area of risk, and the
real problem is is that we don't have any real
way of knowing how our data will be stored or
(32:58):
used once we hand it over. The tea app said
they were deleting verification, selfies and government IDs, but we
can see that they clearly did not, because that information
is now floating all over the Internet. So a company
might say, oh, yeah, we're following very strict privacy policies,
but that doesn't mean they actually are, and the t
app obviously wasn't. Even companies with solid security protocols can
(33:19):
still get hacked hacked, and when the stakes are this high,
you know when what's being collected is tied to your
government name and identity, and address these risks are not theoretical.
As more platforms require ID uploads and facial recognition, I
think we're only going to see more problems with this,
and weak security practices are not just inconvenient, they're dangerous,
(33:40):
not just for women, for all of us. Last year,
for or for Media reported that a company that verifies
the identities of kicktok uber and x users, sometimes by
processing photographs of their faces and pictures of their driver's licenses,
exposed a set of an administrative credentials online for more than
a year, potentially allowing hackers to access that sensitive data.
And this is happening as more social networks and pornography
(34:03):
sites move toward an identity or age verification model in
which users are required to upload their real identity documents
to access certain services, usually because laws require it in
a misguided effort to protect children. The Tea breach highlights
that identity services are themselves a prime target for hackers
and a major threat to all of our safety. So
(34:23):
if these are the same companies that we might all
be using, if age verification becomes more widespread across the country,
we could all very well be at risk. So as
for the Tea app, in the wake of the breach,
They say they have engaged third party cybersecurity experts and
are working around the clock to secure systems. In a statement,
they said, at this time, we have implemented additional security
measures and a fixed the data issue. We are currently
(34:45):
working to determine the full nature and scope of the
information involved in the incident. Protecting our users' privacy and
data is our highest priority. We are taking every necessary
step to ensure the security of our platform and prevent
further exposure. This is tail as old as the Internet itself.
Company rushes to build sloppy software, pushes it to users
with weak security, gets burned by a data breach, and
(35:08):
then and only then invest in resources that actually protect
their users. But it shouldn't take a disaster like this
one for a company to do the right thing and
prioritize user safety. And this kind of thing honestly tells
you a ton about a company's values and the values
of the people who work there. So not to put
too fine a point on it, but I think if
(35:28):
you currently have the t app, you should delete it.
I don't think that any company that lies to its
users while purporting to be all about keeping themselves is
a company that you can trust, even if they do
clean up their act. Women deserve so much better. Got
a story about an interesting thing in tech, or just
(35:48):
want to say hi? You can reach us at Hello
at tengody dot com. You can also find transcripts for
today's episode at tengody dot com. There Are No Girls
on the Internet was created by me Brigitad. It's a
production of iHeartRadio and Unbossed. Created Jonathan Strickland is our
executive producer. Tarry Harrison is our producer and sound engineer.
Michael Almato is our contributing producer. I'm your host, Bridget Dodd.
(36:09):
If you want to help us grow, rate and review
us on Apple Podcasts. For more podcasts from iHeartRadio, check
out the iHeartRadio app, Apple Podcasts, or wherever you get
your podcasts.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.