Talk:Tea (app)

Some earlier versions of this article were notable for repeating the same criticisms of the app over and over, but only saying the positive things once. This is contrary to Wikipedia's NPOV policy; unless there is a clear reason not to, we should report both positive and negative statements without undue weight one way or the other, and almost all coverage in WP:RS has been of the "some good, some bad" variety. — The Anome (talk) 03:10, 26 July 2025 (UTC)Reply

This page currently blames vibe coding for the incident... but the data in question is from a legacy system that existed prior to February 2024, long before vibe coding was common practice. See the Tea announcement about it here: https://www.teaforwomen.com/cyberincident

> During our early stages of development some legacy content was not migrated into our new fortified system. Hackers broke into our identifier link where data was stored before February 24, 2024. As we grew our community, we migrated to a more robust and secure solution which has rendered that any new users from February 2024 until now were not part of the cybersecurity incident.

I'm going to remove that section. Happy to discuss more here. Simonwillison (talk) 16:45, 26 July 2025 (UTC)Reply

I support removing the section because it was pure WP:OR and cited a source that didn't mention the app, but this counterpoint is also OR. We simply can't say one way or another unless reliable sources report that it was/wasn't vibe coded. Jamedeus (talk) 18:29, 26 July 2025 (UTC)Reply

Some people blame the vibe(AI) code, but i don't think it is the MAIN reason. I think it was due to easy to bypass security. But i think it wouldn't be that major if they deleted all the IDs from DB after checking. From other side, it would mean that if some mod accepted the ID and only after that realised it was fake, the evidence would be gone S ecialkai (talk) 10:17, 27 July 2025 (UTC)Reply

You can certainly speculate about this, but it's irrelvant, as you can't add it to the article because it would be original research, which is against Wikipedia's policies. We have to wait for reliable sources to comment. — The Anome (talk) 12:13, 30 July 2025 (UTC)Reply

I've removed a considerable amount of material that had bad sourcing. Cited sources must actually support the material; not checking cites is bad editing, but deliberate addition of inappropriate cites is bad-faith editing. — The Anome (talk) 12:49, 30 July 2025 (UTC)Reply

The sources I have do not mention whether or not the app embraces transgender people; its policies don't say anything either way, and nor do any sources I can find.

There is a single source that alludes to the issue, but only to say that they are ignoring it: https://lifehacker.com/tech/i-knew-the-viral-tea-app-was-trouble-but-i-didnt-expect-a-data-breach which uses the words "Next, Tea asked me to prove I was a woman. Ignoring the rigidity of that framing (and the potential implications for LGBTQ+ people) for the moment, I snapped a selfie with the in-app camera." but even then it does not say anything clearly one way or the other, or even state that it is unclear, without conclusion-drawing by the reader would count as original research - when the author says "Ignoring the rigidity of that framing" they presumably mean exactly that - that they are ignoring the issue.

It would be really good if we could find a WP:RS for this, but I can't find one. — The Anome (talk) 12:49, 30 July 2025 (UTC)Reply

The lede is meant to be a summary of the most salient parts of the article. If you shove everything you find important in the lede, then you risk making the lede itself the article, making it redundant. — The Anome (talk) 13:25, 30 July 2025 (UTC)Reply

This discussion has been disrupted by block evasion, ban evasion, or sockpuppetry from the following user: SickNWristed (talk · contribs · block log · spi) Their comments should be excluded from assessments of consensus.

The Did You Know (DYK) nomination for this article is stalled until editors settle on what to include and exclude from this article. There are two main versions of the article:

• SickNWristed's version (Special:Permalink/1304754010), which contains extensive media quotes
• Launchballer's version (Special:Permalink/1304570212), which contains no quotes except the ones around the phrase "red flag"

The version to be exhibited for DYK might resemble either one of these versions, or something in between. There is some discussion at User talk:SickNWristed § Tea (app) and Template:Did you know nominations/Tea (app), but the discussion should ideally be centralized here.

The current version of the article is SickNWristed's version, with minor modifications. Should anything be added, removed, or changed from the article in preparation for DYK? — Newslinger talk 20:03, 15 August 2025 (UTC)Reply

Thank you. I partly outlined this already in an edit summary, but in my opinion the current version contains extensive violations of WP:NOT, WP:DUE, WP:SUMMARY, and (much less critically) MOS:PARA and MOS:OVERSECTION; I believe I also removed at least one claim for failing WP:V.--Launchballer 20:29, 15 August 2025 (UTC)Reply

No response, so I updated my version and put it back.--Launchballer 08:38, 23 August 2025 (UTC)Reply

@SickNWristed: I don't see how the above constitutes "continuing talk page discussion".--Launchballer 09:41, 24 August 2025 (UTC)Reply

SickNWristed, if you would like to participate in this content dispute, you have to engage on this page and provide evidence and policy-based arguments supporting your preferred version of the article, instead of simply reinstating your preferred version while disregarding the discussion (edit warring). — Newslinger talk 13:45, 24 August 2025 (UTC)Reply

I didn't see the ping in my notifications for some reason. Will write a detailed response back in a few hours. SickNWristed (talk) 14:19, 24 August 2025 (UTC)Reply

@SickNWristed: any update? theleekycauldron (talk • she/her) 14:56, 28 August 2025 (UTC)Reply

I was sick with influenza. I wouldn't oppose a cutting down of many of the quotes contained within the article, but the suggested changes in my opinion go too far and delete important information. I think each of the three individual hacks/data leaks should be mentioned in a substantial manner.

I understand that the current version may have NPOV issues, but reliable sources have overwhelmingly focused on the app's negative reception, and it has received criticism across the political spectrum. Feminist scholars and journalists have accused it for fueling gender war dynamics and a way for the (male) creator to get money. Right-wing commentators have similarly been unfriendly. Computer security experts have described the app's policies surrounding privacy and security as awful as horrible, etc.

I'm free to discuss this. I just don't see anything wrong about the article as is to warrant removing 70% of it. SickNWristed (talk) 03:25, 29 August 2025 (UTC)Reply

Allow me to take the content line by line:

• In July 2025, private messages, other personally identifying information, and approximately 72,000 images (13,000 selfies and photo IDs, and 59,000 images from app posts and direct messages) were leaked via 4chan. - slightly too much detail, trimmed per WP:SUMMARY
• Claims were made that its backend database was completely unsecured and without a password or any form of data encryption. According to both The New York Times and R Street Institute, the leaked data strongly indicated that Tea is actively storing user verification data past their terms of service guidelines. - speculation, trimmed per WP:INDISCRIMINATE
• The app's publishers claimed that the leaked data contains data only from users who signed up before February 2024. - firms are always going to do damage limitation, not sure this adds anything on an encyclopedic level
• CNN reported that the data is expected to be used in facial recognition spoofing, biometric bypassing, fraud/other misrepresentations, and deepfakes. Richard Blech, CEO and co-founder of AI security firm XSOC Corp, told CNN that "There's going to be action on that stolen information. There's no question about it" and that those in the leaks should more thoroughly monitor their credit reports because biometric data "doesn't expire". - more speculation, more WP:INDISCRIMINATE
• An even larger, more significant leak of 1.1 million private messages between Tea's users from February 2023 to July 2025 were also leaked with a separate security vulnerability. These messages included intimate conversations about controversial topics such as adultery and other forms of infidelity on their partners, discussions of abortion, phone numbers, meeting locations, and other confidential communications. - no problems
• On July 28, the app's publishers accepted that the scale of the leaks were much larger than it previously claimed. - more damage limitation
• According to Ted Miracco, CEO of the cybersecurity company Approov, Tea was not following basic cybersecurity practices. - quote adds nothing; trim per WP:SUMMARY
• According to 404 Media: - certainly shouldn't be a quote box, probably doesn't add that much either
• The ability to private message users in the app has been subsequently taken offline. - would reword, but otherwise fine
• The journalist Lindsey Ellefson wrote that regardless of individual's opinions, the fact that "thousands of women's photos and private messages were stored in such an insecure way by Tea that they have been exposed in multiple data breaches [within the last week] is definitely a very bad thing." - adds nothing
• A third major data leak was reported in August 2025. Unlike previous data leaks, it was first reported on by 404 Media, and it is unknown if any black hat extracted information from it. - second half could take revising, but basically sound
• A website called Teaspill created an Elo-based ranking game ("where users could view and rate women whose selfies were among the stolen files") that went viral on social media as part of a broader backlash against the website. - Cites Teaspill itself, which isn't WP:DUE, but much of this isn't in the Fox source
• An interactive, unverified map was also created of those in the files. - no problems
• 404 Media reported that a class action lawsuit had been filed against Tea in the US state of California. - unnecessary given "By 7 August 2025, ten class action lawsuits had been filed." later on (which is itself fine)
• The plaintiff "seeks to hold the Defendant responsible for the harms it caused and will continue to cause" her and "thousands of other similarity situated persons in the massive and preventable cyberattack". - this should be summarised anyway, but as plaintiffs tend to have a goal, not useful
• The law firm expected more lawsuits to be filed in the future. - speculation, per above--Launchballer 12:10, 30 August 2025 (UTC)Reply

@SickNWristed: Do you dispute any of the above?--Launchballer 23:10, 5 September 2025 (UTC)Reply

Just noting that SickNWristed has been blocked for sockpuppetry by @Tamzin:, and I intend on putting back my version shortly.--Launchballer 16:17, 11 September 2025 (UTC)Reply

Restored. Happy to discuss further with welcome contributors.--Launchballer 13:10, 12 September 2025 (UTC)Reply

The logo of the app is the icon that appears on the mobile phone screen. The other image that has been put here before is part of the Tea website's branding, but is not the actual logo of the app. This is consistent with the use of mobile phone app logos in other articles; see, for example, WhatsApp and Signal (software). — The Anome (talk) 19:36, 6 September 2025 (UTC)Reply