Opinion by: Alexander Linton, president of the Session Technology Foundation
The viral women’s dating safety app Tea was under fire for leaking users’ identity documents, DMs and selfies, but this is not just another data leak. The Tea incident demonstrated that centralized platforms cannot deliver the privacy and safety they promise. It highlighted an urgent need to abandon these low-privacy systems for decentralized identity, data management and user verification solutions.
Tea’s website describes the platform as a “secure, anonymous” place for women to share information about the people they meet while dating. Along with its social features, like posting comments and images of encounters, Tea also advertises safety features like phone number look-ups, background checks and catfish image searches.
These features lay bare the normalization of sharing, storing and searching for personal identifying information (PII) online. Sharing phone numbers and IDs with online services has become routine. After years of being conditioned to feel comfortable sharing PII, there are now people eagerly contributing to a crowdsourced database of other people’s information.
Spilling the tea
Tea is an attempt to put an ethical spin on doxing, but in reality, the people being catalogued, searched and assessed on Tea have had their privacy violated. Beyond this, many of these people may never be made aware of the violation due to the platform’s women-only membership policy.
The popularity of a dating platform like Tea revealed a severe fracture in social trust borne out of a desire for safety and an undervaluation of personal privacy. While the need for safety is real — 69% of respondents reported being subjected to online sexual harassment in a 2022 study — privacy invasions only serve to exacerbate social disharmony.
The surveillance side
The proliferation of anti-privacy technology and industry practices has instilled the belief that if people want safety, they should renovate the bedroom into a panopticon. The comprehensive systems of surveillance being embraced are not legitimate, however, and surveillance only worsens the risk of things like discrimination and coercion.
Tea’s story was spiced with dramatic irony when a user posted to the internet forum 4chan. The post, which has since been removed from the site, detailed that “if you sent Tea app your face and drivers license, they publicly doxxed you!” along with redacted images of driver’s licenses.
More than 72,000 images were exposed in the leak.
The same users who had sought safety at the sacrifice of other people’s privacy have now had their own privacy — and safety — violated by the malpractice of the platform. Tea users have already had their images re-uploaded to a Facemash-style site ranking people based on attractiveness, and users will undoubtedly continue facing adverse effects of this privacy breach for months to come.
Online safety regulation
The leak comes against the backdrop of the United Kingdom’s Online Safety Act rollout, controversial legislation forcing platforms to implement robust age verification measures, like collecting facial scans, photo ID or credit card information. As rules like this are adopted worldwide, breaches of increasing frequency and severity are, unfortunately, inevitable.
Related: Blockchain set to eliminate complexity in Web3 with 2025 roadmap
In 2024, there were over 3,000 data breaches in the United States alone. Digital dependence is at an all-time high, and current systems for securing and verifying information are failing the test of privacy preservation.
Decentralization is the answer
Centralizing trust within KYC service providers, tech platforms or state governments is insufficient. Decentralized solutions offer key advantages in distributing trust requirements and securing and protecting personal data to better protect against critical breaches.
Web3’s core principle of data ownership, combined with technologies like zero-knowledge proofs and self-sovereign identities, positions it to answer the burning questions about online trust, safety and ID verification.
Decentralized ID networks allow for the creation of self-sovereign identities, enabling people to control their own verification credentials. When combined with technology such as zero-knowledge proofs, users can verify specific information (such as age, nationality or gender) without revealing the underlying data.
In Tea’s case, this would enable users to verify they were women without needing to have their facial scans or photo ID processed by Tea, saving the company’s reputational cost and, more importantly, preserving the privacy of its users.
These protocols have many possible applications — ID verification is essential in many personal, governmental and business contexts. As of 2024, the global market size of the ID verification industry is $12 billion.
Going further, projects offer the opportunity to socialize the trust requirement for things like dating. This can be achieved through reputation and verification systems, where people can deliberately opt in to information sharing, rather than having their personal identifying information shared carte blanche on an opaque platform.
By the end of 2025, the Tea leak will have been just another statistic in data breach reports, but it belies the importance of this case. People have been conditioned to dismiss or show outright hostility toward privacy, and governments and tech platforms are implementing and advocating for policies that will make things worse.
There is an urgent need to adopt decentralized solutions to allow for a future where people have ownership and control over their own personal data. This will foster a culture of being intentional and agentive in the way people share their personal information. It’s not too late, but the Tea incident shows it is now or never.
Opinion by: Alexander Linton, president of the Session Technology Foundation.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.