Are you being serious right now? No one forced those people to upload their data to this sketchy site. Everyone with one brain cell would know the repercussions of uploading IDs to a no-name site
i think you are assuming a level of computer literacy that doesn't exist in the general population. most people seem to not actually know where data goes when they put it in their phone, how that data is used, or what actually happens on computers in general. They mostly appear as magic to them.
"Do not share personal information online" is a warning that has been heeded since the internet was created. You don't need tech savvy to understand that message, just as you don't need to know anything about zoos to understand "Do not enter the lion cage".
With tech savvy it is possible to understand the dangers well enough to dismiss the common advice in certain cases, but if you don't have it — you had better listen to what others are telling you. If you wish to dismiss it, you are on your own.
The problem is as follows: There is a subset of the population that tends to trust things you say, and this subset is fairly large.
The solution is that we need to make it so that the majority no longer trusts anything people say.
There will be no negative knock-on effects for this, I'm sure.
--
To be less glib, I don't really see a good outcome of this in the long term. If everyone developed the right level of op-sec given the amount of bad actors on the internet, we'd effectively never communicate with another person again.
I am being downvoted for being real. How is the general populous not aware of it? That's wild. Again, you have to be aware of this. It's like privacy 101
The general population hasn't taken privacy 101. They get asked to email their id to their doctor.
If turns out the doctor also hasn't taken privacy 101.
Naw. That’s victim blaming. People have a right to believe that if an online service or app requires identify verification that the data will be protected. If you provide your credit card to uber you assume they put a password on the database and do the things required to protect it.
The idiot no-technical founder failed to do even the most simple and obvious data protection.
Vibecoding is not an excuse. Ask how to secure the data and the AI will answer.
Of course it is right. Victims need to be blamed, else they'll just stupidly do it again. That’s what “blame” is for. But, sure, if 'Tea' snuck up behind these people then there would be some room for sympathy.
But this case is more like you sticking your fingers into an electrical socket, after being warned continuously not to do that, and then crying that it was the utility company's fault for putting something dangerous in your face.
We've been told since the advent of the internet to not share personal information online. If you want to take the risk, you have to accept the consequences. However, in this case the story is even worse as the intent of these people was to violate that rule not just for themselves but for other people as well.
If I lend you my car, and you park in Berkeley leaving your laptop open on the passenger seat... Yes it's your fault my window got smashed and I'd like you to pay for it. Is it your fault your laptop got stolen? Maybe, that's just semantics. But my window being broken is your fault because we all know thieves exist and look for items on seats.
So if you upload your id to a flash in the pan website, who's fault is it when the rookie website turns out to have expectedly low security?
