Anyone using the Feeld dating app should be aware that it performs client-side filtering - returned responses that are marked "Status: HIDDEN" will be invisible in the UI but visible in the UI response. I reported the original and most egregious example of this over 90 days ago and that was fixed, but there's at least one remaining case where data is leaked that shouldn't be.
Conversation
Notices
-
Embed this notice
Matthew Garrett (mjg59@nondeterministic.computer)'s status on Thursday, 01-Aug-2024 12:47:18 JST 
Matthew Garrett
-
Embed this notice
Matthew Garrett (mjg59@nondeterministic.computer)'s status on Thursday, 01-Aug-2024 12:48:02 JST
Matthew Garrett
They have no publicly posted security contact. I ended up paying for a month of Linkedin Premium to message their head of Trust and Safety, and was originally pointed at a HackerOne program that had a ToS link that 404ed (it's now marked as "Program not live"). I was finally given a non-public email address, and provided details. I received no feedback until I queried the status and was told it was fixed. In fact, they'd fixed the specific issue but not the general category of issues.
-
Embed this notice
All GNU social JP content and data are available under the