Those of you who pay attention to infosec news at all will have heard about Tea, a women-only chat app that let its users “anonymously” chat with each other… about anything, really, but its highlighted use case was warning each other about creepy men.

The problem, and the reason I put the word “anonymously” in sneer quotes above, was that Tea’s approach to keeping men out of its userbase included demanding that users take selfies and pics of their government IDs and send them in, to prove they’re women.

Side note: How secure is Google Firebase, the backend system Tea was using? Reportedly, the answer is complicated; TLDR, it can be secured with some difficulty/awkwardness and third-party tools, but otherwise, it can be disturbingly brittle.

…that wasn’t really a side note, because the inevitable thing happened; Tea’s database got hacked. The database full of users’ faces and IDs, And a pile of DMs also got hacked, probably to fuel some culture-war manosphere nonsense.

The first wave of news coincided with a deadline for compliance with the UK’s Online “Safety” Act – sneer quotes again intended – when a lot of the infosec-interested crowd was already thinking of just how badly an age-verification database could fuck over users. Tea and its gender-verification database were spotlit as a shameful example.

That was last week, though. Over the past week, a second wave has apparently been building, a wave of culture-war sewage. The frst example I saw was from The Atlantic:

First Came Tea. Then Came the Male Rage.

Um…

The men so hell-bent on revenge against Tea’s users are illustrating that hatred of women is alive and well. And the leaks demonstrated how insufficiently women are protected by the tech companies that shape their romantic lives.

I’d claim that I admire the Atlantic writer’s restraint in re: stopping short of actually using the word techbro, but I actually don’t.

Then I found NPR trying to both-sides the thing…

…and then I got depressed and stopped researching.