The popular dating app Tinder spent months last year leaking excessive location data about its users. According to Include Security, the bug arose when Tinder implemented a fix to an older security issue that emerged in July 2013 (in which users could get other users' geolocation in latitude and longitude, discovered by the same …
Always the unnecessary hi-tech solution
What's wrong with the traditional way of stalking? You sneak up to the stalkees home at night, fill their bedroom with sleepy-gas of some sort, then while they're unconscious you get your tame struck-off-alcoholic-doctor to operate to insert a small radio device under their skin (where they won't notice) and then you can track them for months (or until the battery goes flat).
Who needs leaky software? And this method works without getting the stalkee to use a 'dating app' (whatever one of those is)
Not exactly rocket science...
...though it does require average Joe to understand rudimentary math.
And to think the scumbag grunts at school told me trig was a waste of time!
The same issue crops up on multiple dating and social networking sites which use location.
Add firebug to you favorite foxy browser and check those xhr requests. ;)
Also the fix is still poor
You don't even require multiple accounts to do this, as Tinder returned the current distance away from the person you were viewing.
It's a simple matter to spoof your location. This also means that the fix is also poor enough that this method still works.
Instead of working trilaterally with fake accounts, simply spoof your location a few hundred times, equidistant at the distance returned from your original location.
Iterate...progressively narrowing your search and you can still get a high resolution location of the target.
Problematically, it simple to do this until you get a distance rounding down to 0.
Ie location to less than half a mile.
They should just send the current city and rate limit the api.....
And that is why...
...GPS is 99.99% of the time disabled on my phone (any time I'm not using a map), all Location Services are permanently off and even Google apps are barred from their use, and any app asking for location access (except the one offline map app) gets the mad cackle instead of approval. Yes I'm aware the cell towers still know where I am but hey I do have to compromise somewhere.
No one wants to stalk you anyway :'(
Not familiar with Tinder...
But this functionality strikes me as more of a "no strings attached anonymous sex" app than a dating app.
Re: Not familiar with Tinder...
That may be what is advertised. But take a look at the actions of the users:
It is a vehicle to flirt and engage in the dynamics leading to a 'hookup'* without the traditional social and personal network strictures. Beyond this, there is nothing special about what happens between people when they finally meet. They will be the same boring people they always were - see online dating and how the results mirror that of offline dating. Sure there will be some scandal (particularly when famous people get involved), infamy, and hope involved...how like love in the analog world.
* Suspiciously enough hooking up can refer to anything from minor cuddling to making porn look tame, in other words typical human mating actions that in the past were referred to as 'dating' which could mean anything from they sometimes do stuff together to they are damn near playing house.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan