How a new dating app called words of heart will help people become victims of online fraud

I found this on Product Hunt thanks to a tweet from my friend Chris Messina. It’s the most irresponsible project I’ve seen in a very long time. And what’s worse, is that it was hunted by someone who works at Product Hunt.

I think Chris is being kind. I once used the title “Shooting phish in a barrel” for a cyber security talk I gave a blockchain conference. I think that’s more apt for this project. Here’s what I read on Product Hunt:

Words of Heart is an app with a unique take on online dating — create an account and you will be matched with other singles based on your password.
Please note the password you use will be sent in plain text to the server — it is not secure. Don’t use a password you use on any other accounts.

This is the stupidest thing I’ve seen on the Internet in a long time. It’s totally irresponsible to build this.

  1. Many people will not know their password is open for the world to see. Of those who read about the outrageously stupid approach to storing passwords, they won’t realize what it means.

If they care about people, they will stop this project. Some people will use passwords that they already use for banking or other sensitive login credentials.

It’s not good enough to say that they disclose how passwords are stored — or how insecure they are. The fact is, some people will become victims of fraud as a direct result of this project.