I haven’t heard of #Giggle before but apparently they not only had a pretty bad vulnerability allowing anybody to query information of all accounts, they also made some rather questionable privacy choices. https://research.digitalinterruption.com/2020/09/10/giggle-laughable-security/
So they would keep the selfie meant only for verification, store the user’s geographic coordinates and keep account data after deletion. But that’s not what makes this case notable. Problematic vulnerability disclosures aren’t uncommon, but #Giggle managed to stand out here.
And she claims that @DI_Security@twitter.com researchers publicly called her a transphobe. Not sure what this is about, I could only find a tweet by @firstname.lastname@example.org who appears to have no relation to the researchers. Judging by the way @email@example.com responded she thinks otherwise.
Update: today #Giggle’s @firstname.lastname@example.org published a new statement. It’s a good first step, though for my taste it’s a bit thin on reflection of her own role in this mess. What’s still missing however is some statement on the privacy issues. Will these be fixed as well eventually?
A Mastodon instance for info/cyber security-minded people.