Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
dabockster 5 days ago

> Appropriate regulation should make this an offense punishable by a large fine.

And some kind of legal penalty for the engineers as well. Just fining the company does nothing to change the behavior of the people who built it in the first place.

ryandrake 5 days ago | parent | next [-]

I would at least love to see a public postmortem. What was the developer's rationale for storing extremely personal user data unencrypted, in a publicly facing database? How many layers of management approved storing extremely personal user data unencrypted, in a publicly facing database? What amount of testing was done that failed to figure out that extremely personal user data was stored unencrypted, in a publicly facing database?

ohdeargodno 5 days ago | parent | next [-]

>What was the developer's rationale for storing extremely personal user data unencrypted, in a publicly facing database?

https://www.teaforwomen.com/about >With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology to create a game-changing platform that prioritizes women’s safety

If you're lucky, a clown vibe coded this trash. If you're unlucky, he paid someone to do so, and despite his proven background about leading top Bay Area companies, didn't even think to check a single time.

The CEO is directly responsible for this.

ryandrake 5 days ago | parent [-]

Wow, so the entire company is a Founder and a Social Media Director??

> With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology

Blah blah blah blah blah... Just goes to show that you can write all sorts of powerful sounding words about yourself on your About page, but it doesn't say anything about your actual competence. I mean, I don't have a "proven background leading product development teams" but I sure as shit wouldn't make obvious amateur-level mistakes like this if I ever did a startup.

ytpete 5 days ago | parent | prev [-]

Requiring a 3rd-party auditor perform a postmortem whose results are posted publicly might be an interesting regulatory approach to this. Companies get shamed for their mistakes, and also the rest of the industry learns more about which practices are safe and which are dangerous. A bit like NTSB investigation reports, for example.

chemeng 5 days ago | parent | prev [-]

In the US, professional certifications (PE, Bar, USMLE, CPA) exist to partially solve this problem when the certification is required to perform work legally. These are typically required in industries where lives and livelihoods of individuals and the public are at risk based on the decisions of the professional.

Joining in with some other comments on this thread, if the stamp of a certified person was required to submit/sign apps with more than 10K or 100K users and came with personal risk and potential loss of licensure, I imagine things would change quickly.

I'm personally not for introducing more gatekeeping and control over software distribution (Apple/Google already have too much power). Also not sure how you'd make it work in an international context, but would be simple to implement for US based companies if Apple/Google wanted to tackle the problem.

I think the broader issue is that we as a society don't see data exposure or bad development practices as real harm. However, exposing the addresses and personal info of people talking about potentially violent, aggressive or unsafe people seems very dangerous.