A doxxing app created to target critics of slain activist Charlie Kirk has spectacularly backfired, exposing its own users' personal information through basic security flaws. The ironic twist highlights the dangerous intersection of political extremism and poor cybersecurity practices as digital vigilantism spreads online.
The doxxing app Cancel the Hate has become the latest cautionary tale about digital vigilantism gone wrong. Created in response to Charlie Kirk's September 10 assassination, the app was designed to crowdsource personal information about critics of the right-wing activist and others deemed to be "supporting political violence." But this week, the platform suspended operations after security researcher BobDaHacker revealed that the app was leaking its own users' data - the very people it had recruited to expose others.
The security flaws were almost comically basic. Despite offering privacy settings, the app's website publicly exposed users' email addresses and phone numbers even when accounts were set to private. BobDaHacker demonstrated to Straight Arrow News that the researcher could access all user information and even delete accounts at will. It's the kind of elementary security failure that underscores how quickly political anger can outpace technical competence.
The app's homepage featured Kirk's photo and was founded by a supporter who cited the activist's death as motivation. Users were encouraged to collect employment details and other personal information about targets, creating what essentially amounted to a crowdsourced surveillance network. But the platform's own surveillance capabilities proved embarrassingly porous.
After the security holes were exposed, Cancel the Hate quietly took down its reporting features and posted a message about moving to a "new service provider." Tellingly, the page selling $23 T-shirts remains fully operational - apparently e-commerce security was prioritized over user privacy.
This incident reflects broader security disasters plaguing politically-motivated platforms. The rush to capitalize on outrage often means basic cybersecurity gets overlooked, leaving users vulnerable to the exact tactics they're trying to deploy against others.
Meanwhile, Microsoft made headlines this week for pulling some cloud services from Israeli military operations following revelations about Palestinian surveillance. The tech giant's president Brad Smith said the company had decided to "cease and disable" specific cloud storage and AI services after an investigation found Israeli Unit 8200 was using Microsoft Azure to store massive amounts of intercepted Palestinian phone call data.
