Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

BeReal users receive a single notification en masse prompting them to take two photos — simultaneous images, shot through the front- and back-facing lens on their phone cameras. Everyone is given two minutes to take the photographs, which are then shared with their followers on the app. This is the purpose of the new social media app.

The application had some privacy issues. In particular, it was sending the exact longitude and latitude of the location of a picture. Additionally, when posts are public, the feed is randomly generated to users with 10 in each request.

The random feed is a little scary, since data like gender, hair color and other personal information can be found quite quickly with these public posts. This is because the posts have a photo that was just taken by the user.

The author came up with a SUPER interesting attack for the /friendSuggestions API. If you only pass one friend into the friends parameter of this request, then this basically reduces to just finding all of the friends of the given friend that we pass in. Interesting! So inherently, you’re telling BeReal (and now, let’s say, everyone) who your closest friends are

Privacy is hard to do and the expected data to be shared needs to be defined beforehand. This is a good example of that.