Interpreting Animats' question as concern for the user population, I think it's a valid one.
The new administration in the US is openly hostile, and a lot of damage could be done to peoples' lives if, say, the community was hacked and private email addresses (or other PII) was leaked.
And I also agree with you -- now's the time for those of us who can afford it, to fly our ally flags as loudly and proudly as possible.
OP: Please make sure your secure coding and operational security practices are excellent and meet the challenge here.
I am taking security very seriously. All sensitive rows are protected by RLS, and I have gone even further by adding random noise to all location data. Locations are locked down, but in the unfortunate event of a hack what would be leaked is location within a 5 or so mile range, not exact location.
If it is possible on Supabase I would like to eventually obscure emails and oauth info.
5 mile range is pretty serious, it narrows someones locations down to a single town in the entire world. Just dont store it at all and you're all good.
I'm wondering if it's more or less safe (from doxxers attacking individual users, or the entire service being compromised) to share location with this app vs. Lex. In any case I chose not to share location yet, and don't know if Lex is any safer (they require location).
I got an offer of a "code review" like that once for an authentication system and never heard back; it was open source anyway so anybody could have downloaded it and found my rookie mistakes like
signed_token = content + MD5(secret_key+content)
which doesn't stop anyone from appending to the content (might not have really been exploitable, but any honest review from somebody who knew more than me would have turned it up)
If I were in the US, and particularly in one of the seriously intolerant red states, there's no way I'd want and of my details in their database.
I don't think it's catastrophising to consider there may well be very real risks to being openly trans in the US in the near future. Risks of not only blackhat 4chan hackers, but also from government and legal system attacks on sites like this.
And tbh now more than ever I think it’s important for communities like this to exist.