10 Updates
Tinder Dating App Users Are Playing With Privacy Fire
Photo Credit: Forbes Business

Tinder Dating App Users Are Playing With Privacy Fire

Feb 18 2014, 11:33am CST | by

The wildly popular Tinder app has perfected the art of the frictionless hookup to levels not seen since Erica Jong lost her fear of flying in the ’70s. Part of the appeal is how responsive and...

Filed under: news

 
 
 

22 weeks ago

Tinder Dating App Users Are Playing With Privacy Fire

Feb 18 2014, 11:33am CST | by

The wildly popular Tinder app has perfected the art of the frictionless hookup to levels not seen since Erica Jong lost her fear of flying in the ’70s. Part of the appeal is how responsive and location-aware the app is. Olympic athletes in Sochi , whose lives are devoted to speed, are reportedly using the app to spice up their downtime.

Unfortunately, two of the aspects responsible for the high quality of its user experience also potentially put its users at risk for stalking by predators with a modicum of hacking ability. First, the location processing takes place on the client side, so actual location data for matched users in a 25 mile radius is delivered directly to the user’s device, unmediated by the Tinder servers. Second, that data is incredibly accurate, within 100 ft. or less.

In July, a security vulnerability was reported concerning how Tinder was sending latitude and longitude co-ordinates of potential matches directly to iOS client apps. Researchers Erik Cabetas and Max Veytsman from the NYC-based firm Include Security began to investigate. “Anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user,” they write on the company’s blog. “We found a vulnerability that lets you get exact latitude and longitude co-ordinates for any Tinder user. “

Tinder fixed this issue, but Cabetas and Veytsman discovered that the fix itself created another vulnerability which they then reported to the company. Security companies do this all the time to demonstrate their chops and generate publicity. This case is particularly interesting both because of Tinder’s rapidly growing popularity and because according to Cabetas and Veytsman, “flaws in location information handling have been common place in the mobile app space and continue to remain common if developers don’t handle location information more sensitively.”

For those unfamiliar with the app, Tinder displays a pile of snapshots of potential dates in a user’s immediate area. If both sides of a match express interest, they have the option to message each other directly inside the app. The rest is up to them. What makes Tinder  particularly popular is that it works equally well for people who just want the vicarious pleasure of cruising with no real intention of following through as it does for those who really want to hookup in real life.

But what if just creating an account on Tinder and opening the app occasionally is enough to make your location visible to someone you have no intention of ever meeting? This was the possibility raised by this second Tinder vulnerability, and by many location-based apps with oversharing APIs.

The “fixed” version of Tinder replaced the GPS latitude and longitude coordinates with very precise distances (in miles to 15 decimal places, which is literally about five feet!) But knowing how far away you are from a person doesn’t tell you anything about direction, right? It can if you are a little clever and studied trigonometry in High School.

There is a form of triangulation called trilateration that enables you to use geometry to calculate a precise location based on a set of three precise distances. So, if you know that you can query the Tinder API for the precise distance of a user based on their ID, all you need is to create three dummy accounts to acquire the three required distances.

To show how such a process can be automated, Cabetas and Veytsman created a (private) app (for demonstration only) called Tinder Finder (see video below) that coordinates the activities of the dummy accounts and calculates the position of the targeted user. The researchers explain that while their “Proof of concept attack uses Facebook authentication to find the user’s Tinder id, Facebook is NOT needed to exploit this vulnerability, and no action by Facebook could mitigate this vulnerability.”

Tinder Finder:

So what does this mean in practical terms for the users of location-based apps? Most importantly, not to take an app’s word for it that your location data is secure when using it. There is simply not the authentication infrastructure yet in place to assure both  the security and ease of use that would make these apps genuinely bullet-proof. Many players are working on this problem, from Apple to Google to the FIDO Alliance , but until there is some clear consensus between hardware and software that users adopt widely, these kind of vulnerabilities will only increase.

For app makers it seems that making user IDs harder to “sniff” and making dummy accounts harder to acquire can make triangulation schemes more difficult. For users, forgoing the ease of Facebook or Google authentication may make sniffing out your user ID more challenging for hackers and being sure to close the app when not in use will cut down on the amount of location data the app has access to in the first place.

None of this, I am sure, will keep people from using Tinder. This is about sex, after all, and risk, for many, is part of the turn on. But it wouldn’t take very many incidents of aggressive unwanted attention linked to such an app to change the whole landscape for location-based services. Fortunately, no such problems have been reported in relation to Tinder.

The good news is that, as of this writing, Include Security tells me that  although the window for this exploit was open for a couple of months it seems now that appropriate action has been taken which has rendered the issue “unreproducible.” There are, however, many such apps out there and new ones appearing each day, so we probably have not heard the last of this tricky bit of triangulation.

– – – – – – – – – – – – – – – – – – – –

To keep up with Quantum of Content , please subscribe to my updates on Facebook , follow me on Twitter  and App.net  or add me on Google+ .

Source: Forbes Business

 
Update
10

6 weeks ago

RM47mil KWSG contributions still unclaimed

Jun 9 2014 7:54am CDT | Source: Business Times Malaysia

Cambodia's Famous Battambang Circus
KUALA LUMPUR: About RM47 million of contributions in the Teachers Provident Fund (KWSG) still remain unclaimed, the Dewan Rakyat was told ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
9

6 weeks ago

Gold shop lost almost RM1mil

Jun 9 2014 3:50am CDT | Source: Business Times Malaysia

New Zealand All Blacks Squad Announcement
KANGAR: A gold shop owner lost almost RM1 million after after the safe on in his shop was broken in ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
8

6 weeks ago

Motion to debate MAS losses in Dewan Rakyat rejected

Jun 9 2014 3:39am CDT | Source: Business Times Malaysia

Federal Aviation Administration Bans All US Flights To Israel
KUALA LUMPUR: AN emergency motion to debate the losses incurred by Malaysia Airlines last year, amounting to RM1.2 billion was reject ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
7

7 weeks ago

MH370 Tragedy: Hisham: RM27.6 mil spent on 1st phase of SAR

Jun 9 2014 2:11am CDT | Source: Business Times Malaysia

KUALA LUMPUR: Malaysia spent some RM27.6 million in its first phase of the search operations for missing Malaysia Airline flight MH370, said Acting Transport Min ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
6

7 weeks ago

9.1m litres of diesel seized in a month

Jun 8 2014 1:11am CDT | Source: Business Times Malaysia

INDIA-CHINA-DIPLOMACY-TRADE
PUTRAJAYA: The Domestic Trade, Cooperatives, and Consumerism ministry has seized some 9.1 million litres of diesel and property worth RM58 million since mounting ‘Operasi Diesel Selatan’ in the s ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
5

7 weeks ago

Girl, 9, awarded RM2.78m compensation for medical negligence

Jun 6 2014 4:56am CDT | Source: Business Times Malaysia

Government Weekly Cabinet Meeting
KUALA LUMPUR: A nine-year-old girl who suffered brain damage during her birth at a government hospital was awarded over RM2.78 million in compensa ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
4

7 weeks ago

Malaysia's total trade in April up 12pc

Jun 5 2014 11:52pm CDT | Source: Business Times Malaysia

KUALA LUMPUR: Malaysia's total trade in April 2014 rose by 12 per cent from a year ago to RM123.86 billion due to growing trading activities, International Trade and Industry Minister Datuk Seri Mustapa ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
3

7 weeks ago

Works Ministry to spend RM20m for upgrading works at 50 accident black spots

Jun 4 2014 11:35pm CDT | Source: Business Times Malaysia

Iskandar Johor Open - Previews
JOHOR BARU: The Works Ministry will implement upgrading works at 50 accident prone locations in the country that have been identified this year involving an allocation of ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
2

7 weeks ago

Najib launches loan scheme for Ramadan traders

Jun 4 2014 10:24pm CDT | Source: Business Times Malaysia

EurAsia Cup presented by DRB-HICOM - Day One
PUTRAJAYA: Prime Minister Datuk Seri Najib Razak today launches RM45 million Ramadan Bazaar Scheme 2014. ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
1

7 weeks ago

Residents bring up objection against Kidex to Suhakam

Jun 4 2014 4:49am CDT | Source: Business Times Malaysia

PETALING JAYA: A group of 20 Petaling Jaya residents held a meeting with the Human Rights Commission of Malaysia (Suhakam) over their objection against the proposed RM2.2 billion Kinrara D ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 

Don't miss ...

 

<a href="/latest_stories/all/all/30" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

blog comments powered by Disqus

Latest stories

Forget injection, pills to cure hardest-to-treat hepatitis C
London/Mumbai, July 28 (IANS) On this World Hepatitis Day, there's good news for patients, particularly from India, for those suffering from hepatitis C.
 
 
Lenovo to take on Google Glass
New York, July 28 (IANS) Lenovo is developing a wearable smart glass similar to Google Glass with an external battery to be worn on the neck.
 
 
New genetic risk factors for Parkinson's discovered
Washington, July 28 (IANS) In what could lead to new treatment for Parkinson's disease, scientists have identified 24 genetic risk factors involved in the disease, including six that had not been previously identified.
 
 
Device to help neuroscientists analyse 'big data'
New York, July 28 (IANS) In the era of unprecedented quantities of information via web, mobile and other internet-based operations, here comes a new device that can help neuroscientists make sense of the "big data".
 
 
 

Latest from the Network

Forget injection, pills to cure hardest-to-treat hepatitis C
London/Mumbai, July 28 (IANS) On this World Hepatitis Day, there's good news for patients, particularly from India, for those suffering from hepatitis C. Two new pill-only antiviral drug regimens could provide shorter...
Read more on Business Balla
 
Lenovo to take on Google Glass
New York, July 28 (IANS) Lenovo is developing a wearable smart glass similar to Google Glass with an external battery to be worn on the neck. The device will have a five-megapixel camera, voice recognition and gesture...
Read more on Apple Balla
 
Piper Perabo weds
Piper Perabo has gotten married. The 37-year-old actress tied the knot with director-and-producer Stephen Kay in New York City on Saturday (07.26.14), after getting engaged in September. The 'Covert Affairs' star - who...
Read more on Celebrity Balla
 
Simon Cowell celebrates girlfriend's birthday
Simon Cowell splashed out on jewelry for his girlfriend's birthday. The 'X Factor' star - who has five-month-old son Eric with Lauren Silverman - treated the US socialite to an expensive gift before enjoying some family...
Read more on Celebrity Balla
 
Chatty Ed Sheeran annoys pals
Ed Sheeran has reportedly annoyed his friends by ''spilling secrets''. The 23-year-old singer is incredibly open about his life, and though he hasn't shared anything ''malicious'' about pals including Courteney Cox and...
Read more on Celebrity Balla
 
Stop violence in Saharanpur, says Pakistani daily
Islamabad, July 28 (IANS) The communal violence in Indian town of Saharanpur should be halted at once before it spreads and becomes uncontrollable, a Pakistani daily said in an editorial. The violence was a result of...
Read more on Politics Balla
 
New genetic risk factors for Parkinson's discovered
Washington, July 28 (IANS) In what could lead to new treatment for Parkinson's disease, scientists have identified 24 genetic risk factors involved in the disease, including six that had not been previously identified...
Read more on Apple Balla
 
16 killed in Philippines in Islamist militants' attack
Manila, July 28 (IANS) At least 16 people were killed and 13 injured Monday in an ambush staged by members of the militants group Abu Sayyaf in the Philippines, an official said. The official said the victims were...
Read more on Politics Balla
 
Device to help neuroscientists analyse 'big data'
New York, July 28 (IANS) In the era of unprecedented quantities of information via web, mobile and other internet-based operations, here comes a new device that can help neuroscientists make sense of the "big data"....
Read more on Apple Balla
 
Commonwealth Games medals tally
Glasgow, July 28 (IANS) Australia continue to lead the 20th Commonwealth Games medals tally ahead of England at the beginning of the fifth day here Monday. India's rich haul of medals Sunday helped them leapfrog New...
Read more on Sport Balla