New: Dating app Raw (which this week said it's planning to release a hardware wearable for tracking partners' emotions) claims to use end-to-end encryption. But when we tried the app this week, I found it was exposing users' location data and personal information to the web — no password needed. - ThreadSky

zackwhittaker.com • 29 days ago

New: Dating app Raw (which this week said it's planning to release a hardware wearable for tracking partners' emotions) claims to use end-to-end encryption.

But when we tried the app this week, I found it was exposing users' location data and personal information to the web — no password needed.

Comments

yodelingfish.bsky.social•27 days ago

Why TF would anyone want a tracking device like this? Communication is key in a healthy relationship. Have people forgotten how to talk to each other and build trust?

pprodhon.bsky.social•29 days ago

Raw data.

hatr.bsky.social•27 days ago

🙌🏽🙌🏽🙌🏽

hatr.bsky.social•27 days ago

(To be clear: in reference to your analysis)

zackwhittaker.com•27 days ago

thank you, Hakan, that means a lot! 🙏

vessonsecurity.bsky.social•29 days ago

I guess it depends what they consider the "ends". If that's the wearer and their server, an HTTPS connection is "end-to-end encrypted".

geonncannon.bsky.social•27 days ago

I know it's been out a while, but I wish people would stop spoiling the new Black Mirrors. I haven't gotten to all the episodes yet.

sqlrob.bsky.social•29 days ago

"the exposed server no longer returns user data in the browser. "

Stupid question, have you tried changing the UA string? If they were screwing up this badly, it feels like their fix would be to just do user agent filtering.

cynthiagibas.bsky.social•29 days ago

Why would anyone in their right mind sign up for this

crocodilecat.bsky.social•28 days ago

You already answered that in the way you phrased that question.

gingerspiced.bsky.social•29 days ago

to abuse their spouse

skepsisology.bsky.social•27 days ago

Rawdogged the data breach

plankysmith.bsky.social•25 days ago

Wtf

sagastar.bsky.social•29 days ago

...."raw"?

crocodilecat.bsky.social•28 days ago

Why does this come as no surprise ?

zackwhittaker.com•29 days ago

After hearing about Raw's planned wearable (which sounds rife for abuse), I tested the Raw dating app using dummy data and a network traffic analysis tool (Burp Suite, ftw). Within a few minutes, I found Raw's servers were publicly exposing users' profile data — and granular location — to the web.

erinyes.diy•29 days ago

Are the monogamists ok?

Comments

Posting Rules

Reply