Security Improvements Regarding Fizz

12/07/2021

To the Fizz Community,

Over the past few months, we have been blown away by the positive responses from students using Fizz. As of today, over 4800 Stanford students have joined Fizz and over half use the app every day. We are incredibly thankful to both the students and our student moderation team for upholding Fizz as a safe, uplifting, and inclusive community.

A few weeks ago, on November 8th, a team of Stanford security researchers reached out to inform us of necessary security improvements to our platform. Specifically, the team notified us that they had discovered ways to perform certain unauthorized writes and reads on our database (such as gaining moderator access or manipulating karma). Additionally, the team was able to uncover personally identifiable information (PII) in our database and advised us of methods to better secure user data.

Since then, we have been working with the researchers to significantly improve our database security mechanisms and prevent clients from interacting with unauthorized data. We have also refactored the database to no longer store PII directly in our database. In other words, PII is not discoverable to unauthorized users.

We’d like to thank the security researchers for working with us and have additionally brought on industry security consultants to our team to ensure that we can continue to maintain user security in the future.

On a separate note, the Fizz Team would like to affirm our stance that PII is not directly interacted with on a daily basis, by the Fizz Team or student moderators, and user anonymity is our top priority. Although our policy is that we will cooperate with law enforcement in the presence of a court order and have the means to retrieve PII in this situation, PII will never be released to 3rd parties in any other circumstance.

As the app continues to mature, we greatly value user feedback and encourage students to reach out to our team at [email protected] with any suggestions, questions, or concerns. We are truly excited to grow Fizz and continue to have a positive impact on the community!

With much love,

The Fizz Team <3