Not The Bees 🐝

Hive Social’s bad security practices, which are dangerous enough that a security team fast-tracked disclosure, puncture a hole in the formative platform’s long-term prospects.

Sponsored by Chartr: Get smarter in conversation with the #1 visual newsletter from our friends at Chartr. Join 200,000+ who love snackable charts and easy-to-remember data insights on business, tech, entertainment and society. Sign up for free.

(Ante Hamersmit/Unsplash)

Almost as if on cue from my post on Tuesday, the new, unheard-of social network suddenly getting a lot of attention in the wake of Twitter’s foibles has some big problems of its own.

And the result is that Hive Social, one of the networks that had seemed to draw the interest of the public, is completely non-functional because its servers are down.

And the reason that they’re down comes down to a security warning from the cybersecurity group Zerforschung, which pointed out in big letters on its website, “⚠️ Warning: do not use Hive Social 👉🐝👈,” which really says it all.

Much has been said about the fact that the company has evolved from its tiny-team roots to have millions of users, but what hasn’t perhaps caught the attention of interested users is that the app’s small number of developers are very green and have not worked on tools of this nature at scale before. And that means that, unlike the theoretical security problems that come with using a Mastodon server that has an admin you don’t trust, Hive Social has some coding errors that are so bad that pretty much any data you offer, down to your email address, is at risk.

Zerforschung felt the errors were so substantial—editing other people’s posts in the feed substantial—and the response from Hive Social’s team so haphazard and lacking, that they just reported the flaws a mere four days after first discovering them.

“After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report,” the company said. “After multiple days and multiple reminders by us, they claimed to have fixed all issues. However multiple vulnerabilities we reported still exist at the time of writing.”

Hive’s response to this report? Turn off the servers. Currently, Hive does not load anything at all. It has promised to be back in a couple of days. While they took the site offline, don’t be fooled—this is the definition of making repairs while flying the plane, and speaks to the positioning security took in the app’s development.

Had it grown out its community more slowly, it might have caught these things over time, but fast growth means fast scrutiny.

Now, to be clear, I think we can make a distinction here. Obviously prior social networks, most clearly Facebook and Snapchat, came from small teams of creators that were relatively green and still in school when they first started. New networks should be allowed to grow, and you’ll see in replies to Hive on Twitter that many are giving the creators the benefit of the doubt.

But Hive, which is getting tons of attention, has just a small number of employees and millions of users—which goes against a lot of the reason people want to leave Twitter in the first place, poor content moderation. In a way, Zerforschung calling them out on security issues is a way of telling us, the public, to be consistent.

I think if there is going to be a mass exodus from Twitter, we can’t just go somewhere in which we’ll make similar mistakes, or more concerningly, bigger ones.

Hive Social looks cool and appears to have some thoughtful ideas behind what makes a good social media experience, but we’re 20 years in and that’s simply not enough anymore. Security can’t be back-burnered.

Time limit given ⏲: 30 minutes

Time left on clock ⏲: 6 minutes, 2 seconds

Ernie Smith

Your time was just wasted by Ernie Smith

Ernie Smith is the editor of Tedium, and an active internet snarker. Between his many internet side projects, he finds time to hang out with his wife Cat, who's funnier than he is.

Find me on: Website Twitter

Related Reads