[smjburton]

It's concerning that these type of leaks keep happening. Outside of the damage from leaking personal information, they also lower public confidence in trying out new apps. Vibe coding is making it more difficult for app makers in general when users can't trust that their personal information is protected.

[pyrale]

Is that a new thing, though? I feel like there's been a new leak every week for years now.

[smjburton]

It's not new, but I believe vibe coding is going to make it more common. Both this app and Tea's data breaches could have been avoided with basic web dev security.

[swat535]

Exactly, why would security and privacy be ever considered when time and time again, it has been proven to companies that they will face no consequences for their actions.

We have had so many catastrophic breaches and leaks that I've lost count by now, from Equifax to AT&T to Lastpass. The consequences? at worst, the companies were forced to give people a 5$ credit or discounts and at best a few angry written articles.

Our elected representatives fail to serve the public and punish these corporations.

[NoMoreNicksLeft]

Granted that these particular apps require personal information, but why should a general-purpose app ever need it in the first place?

A few weeks ago, I wanted a walk-tracking app that would show me a map of where I'd been, the distance, not much else (maybe the time it took to walk it). Looks nice, download the first one I find... wants me to register and sign in. Why? This should all remain local on my iPhone. I think I went through 5 of them before I realized they were all junk. It's bad enough that I'd consider a monthly subscription (none were "it costs this much, once" up front), but the idea that I want them data-mining me trying to be a little less fat was absurd to the point of lunacy.

This was all thoroughly broken long before "vibe coding".

[01HNNWZ0MV43FF]

No, in an accelerationist sense this is good. People should not be trusting SaaS apps with their data. Even huge "trusthworthy" companies like Google and MS have had leaks over the ages. This is a learning opportunity.

[smjburton]

Why would you not want people trusting their data with SaaS apps? Smaller developers building software benefits users assuming their data is protected with basic security implemented.

[qualeed]

>Why would you not want people trusting their data with SaaS apps?

Mainly because after years and years (and hundreds and hundreds) of data leaks & breaches... every single person would be significantly better off by defaulting to not blindly trusting companies & applications with their data.

>Smaller developers building software benefits users assuming their data is protected

That assumption is simply incorrect. As has been proven literally thousands of times now.

Ideally, apps would be built to purposefully reduce the amount of data collected to the greatest amount possible (and only hold data for the shortest amount of time possible). Rather than now, where they collect as much data as possible, hold on to it forever, and then inevitably leak it.

[observationist]

People shouldn't be benefiting from those assumptions, especially flawed assumptions positing basic competence and good faith. Governments, agencies, organizations, and companies are dealing in personal, valuable information that they have no clue how to handle or secure, and we keep seeing massive leaks and breaches, incompetence, lack of care, apathy, and even outright malice.

You shouldn't be trusting your data with anyone, short of NASA, probably (and they won't be asking for it.)

[nerdjon]

It is quite concerning because SaaS isn't going away, (putting aside the questionable ethical side of an application like this) an application like this just is not possible outside of SaaS. It needs a server to centrally store information like this. If as a society we decide that something like this is valuable, there just is not another way to do it.

Sure before there would be leaks that would break trust, but generally it seems most of the time the basics were taken care of and often those leaks were because of phishing employees or other means of getting the information vs really basic security issues. Not a hard rule obviously, but still.

Now we have seen time and time again that these vibe coded systems lack even the most basic security fundamentals. That will continue to erode trust.

[parpfish]

Do you think enough leaks like this could ever make the App Store untrustworthy and harm Apple?