Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

These apps are for people who are looking for mates, temporary or otherwise. There may be more nuance than "dummy gave passport info to app"


Not once ever in my quest of looking for a mate did the potential mate ask to see my passport. There are times when common sense must be used. If an app is asking for invasive data that just feels out of place, just stop. The juice isn't worth the squeeze


I had a feeling some would get hung up on the "passport" thing. The "private" intimate chats were leaked, too. And full name, city, university, phone numbers, sexual preferences, and geolocation. And photographs, obviously. I assume the passport/ID stuff was for "verified accounts", but again, none of that crap should be saved in a database - a boolean default false "VERIFIED" in the user table should suffice.

The disclosure didn't show every API endpoint, just a few dealing with auth and profiles. They also mentioned only a few PII, you can tell because there were multiple screenshots spread throughout the post. I'm harping on passport for the reason you specify, too; but mostly that information shouldn't be stored...


Setting aside all of the other info that was leaked, knowing that the only profiles you see are actual, real people would be nice.

Way back when I last used a dating site, a significant percentage of profiles ended up being placeholders for scams of some sort.

In fact, several texted me a link to some bogus "identity verification" site under the guise of "I get too many fake bot profile hits"... Read the fine print, and you're actually signing up for hundreds of dollars worth of pron subscriptions.

If the dating app itself verified people were real, AND took reports of spam seriously, AND kept that information in a way that wasn't insecure, it'd be worth it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: