data security

63red Safe, the Yelp for the MAGA Crowd, Might Not Be So Safe After All

Photo: Daniel Acker/Bloomberg via Getty Images

Tired of your unwavering support for President Trump getting in the way of ordering a properly seasoned plate of fajitas? To quote a famous, decade-old iPhone ad, “there’s an app for that.” Launched in March, the new guide 63red Safe leads users who wear a MAGA hat like a uniform to restaurants where they can dine in peace, unencumbered by negative reactions to their entirely voluntary display of their political beliefs.

“I’m trying to position it as an everyday ‘where can I go eat safely’ app,” the founder, Scott Wallace, told the Daily Beast. Serving a similar function as the restaurant-search engine Yelp, the app scores restaurants according to their friendliness to Republican voters who do not want to be accosted while eating.

The need for such an app suggests a rise in anti-conservative actions across the U.S. In fact, hate crimes have been on the rise during the Trump administration, though the data suggests that Americans are more likely to be targeted because of their race, religion, or gender identity. Barring a few high-profile instances of Republican politicians forced out of restaurants by unfriendly crowds — and reports of Trump supporters having MAGA hats flipped off their heads — there is no trend-level data to suggest Americans are being persecuted because of their political affiliation.

But for conservatives interested in “safe” dining, the app’s rubric is as follows:

  • Does this business serve persons of every political belief?
  • Will this business protect its customers if they are attacked for political reasons?
  • Does this business allow legal concealed carry under this state’s laws?
  • Does this business avoid politics in its ads and social-media postings?

This app is part of a larger family of apps that includes a news aggregator and a “real-time conservative chat.” Founder Scott Wallace believes that 63red Safe will flourish “between now and 2020 [because] we’re going to see the rise of the socialist goon squad.” Since launching at the beginning of the month, the app features 5,000 restaurant reviews, including one claiming that the Red Hen in Lexington, Virginia — the farm-to-table spot that asked Sarah Huckabee Sanders to leave last year — is “not safe.”

But for 63red Safe to be a resource for conservatives during the election, it has to make it past the primary process. According to a report from the tech site Ars Technica, 63red Safe is an open wound of accessible user data:

Because the application is build in React Native, a JavaScript- and JSX-based scripting language that basically turns Web apps into “native” Apple iOS and Android applications, the entire architecture of the application is available to anyone who downloads and unpacks it.

Within that code, a French security researcher, Elliot Alderson, found that Scott Wallace had left his username, email, and plaintext password lying around in two different places. Furthermore, there was no authentication process for the application programming interface — the tools for building the software — meaning that a savvy user could get administrative access and retrieve other user’s data.

In his interview with the Daily Beast, Wallace compared the app to the utility of a fire extinguisher: It’s not always necessary, but it’s vital when needed. It’s unclear how that metaphor holds up when the thing is leaking all over the place.

Meet 63red Safe, the Not-So-Secure Yelp for the MAGA Crowd