digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Server stats:

832
active users

#firebase

3 posts3 participants0 posts today

Remember our Open Source Software, OSS? You do you're using a set of Open Source programs right now, and you're also communicating through an open source network of federated servers

Everyone knows The Bad Things that Alphabet does. One Open Source program that I run is Fork Client which is Telegram Open Source fork.

Read here what Google does ever since version 8.0 of Android Oreo. From that version Android doesn't allow apps to run in background anymore. So the notifications have to be sent through the fire base push notification system. That means that Google can squash any program that needs background functionality, which are basically all RT communication programs by just squeezing the firebase system.

Google & Alphabet, Facebook & Meta with their Public LLMS scraping and destroying micro to medium Networks, the behavior of all these companies which are exclusively based in the United States makes one pattern bloody obvious

The leadership of these companies have a total disregard of those which they intended to serve. That is literally us, We The People

The Open Source World, and that includes me, needs to donate everything they can, coding time, raw database entries {voice projects}translation files, anything, so that our software and OS suite, which spans different types of hardware, becomes more and more robust so that we can rip the ignorant masses also off the clutches of these monsters.

github.com/Telegram-FOSS-Team/

do I know anyone who knows a bunch about Firebase auth?

I've got a target where I have full control over one of the domains in the "authorizedDomains" list reported by the identitytoolkit /v1/projects REST API.

the target supports a bunch of different authentication flows - Google, OIDC, password, some others.

what can I do with control over an "authorised domain"? the docs are frustratingly vague. I tried a bunch of stuff and nothing worked.

(no guess responses please)

This is pretty bad

So there's this #TeaApp for #women only to share the "#tea," gossip, on men they have dated or might date

They verify the govt #ID or other images of its users to get in

Tiny problem:

The galaxy brain #vibe coders (#app made by #AI?) put the images of all these women in a #Firebase *public bucket*

🤦🤦🤦

So completely open access

🤦🤦🤦

Thousands of images, including govt IDs, were downloaded, some posted on #4chan

Lawsuits in 3... 2... 1...

archive.ph/U5Tah

Women #Dating Safety App 'Tea' #Breached , Users' IDs Posted to #4chan

Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, #Firebase , belonging to the newly popular women’s dating safety app #Tea. Users say they are rifling through peoples’ personal data & selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media.
#privacy #security

404media.co/women-dating-safet

🎉 Welcome to the world of #serverless #bliss, where a SINGLE click costs you a Tesla! 🤦‍♂️ This article is a heartwarming tale of how to lose 100k overnight by letting your #Firebase #project fend for itself. Apparently, "rate limiting" isn't just a suggestion, but a necessary life skill. 💸
serverlesshorrors.com/all/fire #rate #limiting #tech #fails #financial #lessons #HackerNews #ngated

serverlesshorrors.comServerlessHorrors | $100,000.420Stories you never want to feel on your own skin