RSS

Bridger Is Building an Osint Dossier in a Cute Font

ethanplant1 pts0 comments

Bridger Is Building an OSINT Dossier in a Cute Font · Ethan Plant

I was scrolling through Instagram, because unfortunately I am not immune to doomscrolling, when I came across a reel advertising bridger.social. Bridger claims, in its own words, to be "A close-friends social media built to help you actually connect." The antithesis of modern-day social media.

That pitch, at first glance, is exactly the sort of thing that should get me very excited. A close-friends social app. No endless scroll. No influencers. No AI slop. No follower-count brain poison. No ad-choked feeds where the people you actually care about are buried under a mountain of algorithmic sludge.

Just a social app, for actual friends to stay in touch. A product that says, in effect, "you were not supposed to spend your life scrolling". A social media platform that says, "this belongs to you, the user".

I'm exactly the target audience for that type of claim. I care about digital sovereignty. I care about user control, exit rights, local-first software, open systems, and the difference between using software and being used by it. This whole website essentially exists because I think people should have homes on the internet that aren't just rented rooms inside other people's platforms. I am, admittedly, very easy to bait with the phrase "user-owned".

Naturally, I had some skepticism going in. I wondered what “user-owned” actually meant. I wondered whether the code would be open source. I wondered whether users would have real exit rights. I wondered about data portability, federation, self-hosting, APIs, contributor rights, governance, ads, and the business model. All of the boring questions that make the infrastructure engineer in me happy.

Then, I opened the beta. And I slowly realized I was looking at the most horrifying thing I've seen on the internet in a while.

My initial response to Bridger may have been a healthy dose of architectural skepticism. My second reaction was incident response. Because, as I explored the beta, the problem wasn't merely that Bridger hadn't fully explained its governance model.

The problem was the product was asking users to build an extensive identity dossier. Not metaphorically. Not in some abstract "all data collection is bad" sense. I mean it was asking for exactly the kinds of details that privacy, security, and OSINT people spend their time warning about.

The trust problem started immediately

Bridger's sign-up flow managed to be both casual and invasive in the worst possible combination. To start, I never received any kind of validation email. No confirmation link. No verification code. No proof that I controlled the email address I had entered. As far as I can tell, the beta let me proceed without completing even the most basic account-integrity step.

It did, however, ask for my date of birth for "age verification". The box explicitly says: "Used for age verification only. Never shown to others."

There's a really strange set of priorities here. The product made no attempt to verify my email, arguably the most basic fraud prevention step, but demanded my date of birth immediately.

And date of birth isn't a throwaway field. It's identity-adjacent. It's frequently used in account recovery, identity matching, eligibility checks, advertising systems, and data-broker enrichment. It can become sensitive very quickly when combined with a name, email address, friend graph, location context, profile preferences, daily posts, and social activity.

It is also not, by itself, "age verification". A user typing a birth date does not prove their age. It proves they can type a birth date. Maybe that is acceptable for a low-risk beta. Maybe it's a placeholder while regulatory compliance is figured out. Maybe the team plans something more serious later. But then call it what it is. Do not collect date of birth under the reassuring label of "age verification" while leaving the rest of the trust model underdeveloped.

The sign-up flow also immediately asked for my first and last name. I gave it only my first name, because what, exactly, had this product done to earn my full government name? A close-friends app may need a display name. It may need a handle. It may eventually need billing information if someone becomes a paying member. It may allow users to share their real names with people they already trust. But “first and last name” immediately at signup is a very different choice. It treats real identity as the default.

I admit this is nitpicking a beta website's sign-up flow, and it's not out of the ordinary for a social media platform. But if a platform's public messaging is "we care deeply about privacy", I feel I reserve the right to be deeply critical.

The privacy-preserving version of this flow would ask: "What should your friends call you?" It would separate display identity from legal identity. It would make full names optional. It would explain clearly who can see them. It would not require more...

social bridger identity date birth name

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.