Last month, we saw the massive data breach of the “Tea App” — a smartphone app for women to talk about men they don’t like — resulting in over 60 GB of personally identifiable data leaked out to the public. Stuff like selfies and pictures of drivers licenses.

Well, it didn’t take long for a “TeaOnHer” App to appear — with the same basic functionality, except this time for men to talk about women they don’t like.

 

And, of course, the developer of “TeaOnHer” made the same basic mistake that the “Tea App” made: They permanently stored a ton of personal information. Including, once again, divers licenses.

You can already see where this is going.

Driver’s Licenses Everywhere

Almost as soon as the “TeaOnHer” app went live, writers for TechCrunch went looking to see if they could easily access any of that data. Because wouldn’t that be crazy if a copy-cat app made the exact same kind of security mistakes as the app it was copying?

What TechCrunch found was that it took no more than around 10 minutes for them to begin accessing pictures of drivers licenses of user accounts.

 

10 minutes!

With a bunch of the usual suspects of bad security being involved: unprotected file storage (in this case, Amazon), public API documentation, and a lack of secured API calls.

Now, unlike the “Tea App” breach — which resulted in massive archives of personal data published all over the web — it isn’t known if these vulnerabilities actually resulted in significant data archives getting out there in the wild.

But, as the writers at TechCrunch put it, “The bugs were so easy to find that it would be sheer luck if nobody malicious found them before we did.”

There’s a Lesson Here… But it Won’t Be Learned

Sure, this “hack” of the “TeaOnHer” App was easy — as was the hack of the “TeaApp” before it. Both of those systems were comically insecure.

But, the reality is, no complex online system is truly secure.

Have a website or App which stores (and publishes) user data? It can be hacked.

And, if there is sufficient interest in obtaining whatever data is being stored, not only can it be hacked… but it will be hacked.

The HaveIBeenPwned site, alone, has documented close to 15 Billion (with a B) accounts which have not only been breached… but reported and (often) made available in some way.

 

And that 15 Billion is only the breached accounts which we know about.

Anyone who works in IT can tell you that the vast majority of data breaches are never discovered. And the majority of those which are discovered… are never disclosed publicly.

Considering that the current population of the Earth is roughly 8 Billion, it’s safe to assume that every single adult on Earth, with an Internet connection, probably has several breached accounts already.

With the frequency, and size, of such data breaches increasing.

Should these Tea Apps have had better security? You bet your tuchus. From the looks of things neither developer spent any significant time trying to implement even the most basic security precautions.

For Pete’s sake, at least try to slow the hackers down a little.

But the real problem here is not the total lack of security — even “good” security can (and will) be overcome.

No.

The real problem is the type of data being permanently stored, in an Internet accessible way, by these services. If a service is likely to be breached (and any significant service is), a key goal is to limit the amount of data which a hacker can gain access to.

Here are a few good rules of thumb when dealing with data being stored on an Internet accessible server:

• Do not store any more data, at any given moment, than is 100% necessary.

• If previously stored data is no longer needed, delete it. Completely. Not “flagged” for deletion. Actually deleted.

• Whatever data you are storing should be encrypted whenever possible.

• If sensitive personal data absolutely must be stored, for legal and regulatory reasons, consider physical archives stored in a secure location instead of an Internet connected server.

• And, of course, don’t use unprotected (or barely protected) “cloud” file storage like the numbskull developers of these “Tea” apps did. That never ends well.

Simple guidelines which, if followed, could significantly reduce the negative impact of inevitable data breaches.

But, of course, few online services — big or small — will follow such guidelines. They will continue expanding the quantity of data they store on increasingly complex systems.

Which means we’ll see more and more data breaches — containing an ever increasing amount of personal data.

Welcome to the future.

The stupid, stupid future.

This last weekend we had a “50% off Subscriptions” sale — and the response was nothing short of phenomenal. Amazing to see so many people supporting truly independent Tech Journalism!

The future looks bright.

You know what? Just for kicks, let’s extend that 50% off… for the entire month of August.

Take your time. Pick the subscription type (below) that makes the most sense for you (there are many, most excellent options).

Note: The 50% off discounts are available via Locals, Substack, & Itch (MP4 Downloads). Monthly subscriptions are also available on X, Patreon, & YouTube, but those platforms do not have the ability to provide these types of discounts.

If you’re ever unsure of where to grab the latest articles, podcasts, and videos from The Lunduke Journal, check out Lunduke.com.

50% Off Yearly or Monthly Subscription:

Available via both Locals and Substack. (This includes full access to all new videos & the community Forum.)

That means $3 / Month. Or $27 / Year (which works out to $2.25 / Month).

Via Lunduke.Locals.com:

• $3 Monthly Subscription via Locals (Code: AUTOEXEC)

• $27 Yearly Subscription via Locals (Code: CONFIGSYS)

Via Lunduke.Substack.com:

• Monthly or Yearly via Substack (No Code Needed)

Note: You can also grab a Monthly subscription via X, YouTube, or Patreon. There’s no way to offer a discount on those platforms. But those are still good options!

The Famous Lifetime Subscription:

The "World Famous Lunduke Journal Lifetime Subscription" is exactly what it sounds like. Pay once and get full access to The Lunduke Journal. For life.

Now, through the entire month of August… you can snag one at a crazy discount. Normally these are $200… but you can grab one for $100. (You can also pay more if you’d like to donate a little extra.)

The Lifetime Subscription can be obtained via Locals, Substack, or using Bitcoin. All three options work great and are super easy (& all three include full access to both new videos & the community Forum). Scroll down and choose your option.

Note: The Lifetime Subscription only applies to Substack and Locals. Other platforms (such as X, Patreon, & YouTube) do not provide the functionality necessary to create Lifetime Subscriptions.

How to get a Lifetime Subscription via Locals:

1. Go to Lunduke.Locals.com/support.

2. Select "Give Once".

3. Enter "100" (or more) into the amount field.

4. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

How to get a Lifetime Subscription via Substack:

1. Go to Lunduke.Substack.com/subscribe.

2. Select the “Lifetime Subscription” option.

3. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):

1. Make a free account on Lunduke.Locals.com.

2. Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).

3. Lunduke will toss you an email once your account is set to full lifetime status on Locals.

How to get a Lifetime Subscription with Bitcoin:

You can also obtain a Lifetime Subscription via Bitcoin.

• Make sure you have a Lunduke.Locals.com or Lunduke.Substack.com account (a free account, to either, works just fine).

• Send $100 worth of Bitcoin (or more) to the following address:

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

• Email "bryan at lunduke.com" with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com (or both).

50% Off DRM-Free, MP4 Downloads:

Want to be able to download every show The Lunduke Journal releases (and watch them on whatever device you like)? Yeah. You can do that. For 50% off.

• All 2024 Lunduke Journal Episodes (226 total videos)

• All 2025 Lunduke Journal Episodes (Already over 200 videos, with more added almost daily.)

Note: This DRM-Free download option does not include access to the Forum. This option is strictly for downloading the episodes.

No matter which type of subscription you choose, thank you for your support! Every subscription goes directly towards keeping The Lunduke Journal running well into the future.

-Lunduke

The Linux Foundation has announced the release of a new “Inclusive Language Guide” — which adds a handful of new words you are not allowed to say.

And it’s even more ridiculous than you might expect.

 

This new “Inclusive Language Guide” is designed to “drive a more diverse, equitable, and inclusive culture” (read: DEI) and to replace “offensive language” with “acceptable language”.

Past iterations of the “Inclusive Language Guide” included “Socially Charged” words such as “Master / Slave”, “Black / White”, and even “Owner”.

This new revision officially adds “Pow-wow” to that list of death-causing words.

 

Of course, any “gendered language” remains firmly off limits. “Manpower”? Can’t say that. And definitely don’t use “gendered” pronouns like “he” or “she”.

Doing so is literally genocide.

 

Which brings us to my favorite new additions (to the “Ableist” and “Violent” language sections of the list).

• Sanity Check

• Dummy

• Hung

That’s right. You can’t use the word “hung” anymore.

 

I deleted 3 different titles for this story containing the word “hung”. They were all very entertaining and very inappropriate. I would like credit for the restraint I am showing right now.

As crazy, insane, and abnormal (see what I did there?) as this list of “bad” words is… what’s even stranger is the group behind it.

This is a joint project between The Linux Foundation and — wait for it — the Academy of Motion Picture Arts & Sciences. Yes. The one that produces the Oscars.

 

The two organizations teamed up to create the Academy Software Foundation.

Which, apparently, ran out of worthwhile things to work on… and, instead, chose to add “hung” to a “don’t use this word in the software industry” list.

That organization also worked with the Alliance for OpenUSD — another Linux Foundation Project — to publish this list.

 

Who, exactly, is responsible for making all of this happen at the Alliance for OpenUSD?

Pixar, Nvidia, Adobe, Autodesk, and Apple.

 

And the leadership over at the Academy Software Foundation includes companies like Netflix, Sony, Adobe, Intel, Microsoft, and Epic Games.

 

Right about now you may be wondering why Epic Games and Amazon is so worried about you using the word “hung”.

I don’t have an answer for you.

It’s weird.

Thanks to all of the subscribers to The Lunduke Journal for making this work possible — without taking a single dime from Big Tech (or running a single ad). Check Lunduke.com for all the ways you can get the articles, podcasts, and videos.