New, by me: Dating app Raw (which this week said it's planning to release a hardware wearable for tracking partners' emotions) claims to use end-to-end encryption.
But when we tried the app this week, I found it was exposing users' location data and personal information to the web — no password needed.
https://techcrunch.com/2025/05/02/dating-app-raw-exposed-users-location-data-personal-information
After hearing about Raw's planned wearable (which sounds rife for abuse), I tested the Raw dating app using dummy data and a network traffic analysis tool (Burp Suite, ftw). Within a few minutes, I found Raw's servers were publicly exposing users' profile data — and granular location — to the web.
After contacting the Raw's co-founder, the bug was fixed. When I asked, the company confirmed it hadn't asked for a third-party security audit of its app.
https://techcrunch.com/2025/05/02/dating-app-raw-exposed-users-location-data-personal-information
@zackwhittaker [...] that its “focus remains on building a high-quality product and engaging meaningfully with our growing community.”
How dumb do they think we are to not understand that this is just saying "we don't care about spending money on security, we like the money more"?
And there are thousands of companies out there with the same mindset.
Zack, thanks for making the internet a little bit safer.
Zack Whittaker
Brokar