Dating apps require users to disclose vulnerable information — and Uth4 Pat4k (2024) S03 Hindi Web Seriesnot just someone's romantic dreams. Most times, these apps require personal data like your name, age, and location. In the case of the latter, a new paper details that, for a time, several major apps left user locations able to be exposed by potential adversaries.
In a new paper out of Belgian university KU Leuven, "Swipe Left for Identity Theft," researchers break down potential privacy risks for 15 location-based dating apps (LBDs) with at least 10 million downloads. These days, dating apps are typically location-based in order to help users find matches physically close to them. By needing location, however, it opens users up to potential risks.
SEE ALSO: Daters are changing their app locations to the Olympic VillageAll apps except one used distance between users to measure location. (That exception, TanTan — an Asian dating app — used exact coordinates one-time at the point of matching, and only if they matched.) "However, lacking sufficient protections, the availability of distances can still lead to the inference of a user's location," the paper states. "This is done through trilateration."
Trilateration is the process of determining location by measuring distances between three triangles (or circles, or spheres). There are different types of trilateration apps use to determine location. The authors — Karel Dhondt, Victor Le Pochat, Yana Dimova, Wouter Joosen, and Stijn Volckaert — found that they were able to pinpoint almost an exact location in six out of 15 apps, as TechCrunch reported.
The most common vulnerability was through "oracle trilateration," which the paper explains, "Adversaries use an oraclethat indicates through a binary signal whether a victim is located within proximity, i.e., when they are within a defined 'proximity distance' from the attacker."
Hinge, Bumble, Badoo (which is owned by Bumble), and Hily were susceptible to such trilateration.
A Hinge spokesman told Mashable:
At Hinge, the safety and privacy of our users is always a top priority. Our app is built with a privacy-by-design approach and strictly protects sensitive user data. We are proud of our state-of-the-art bug bounty program and our ongoing dialogue with researchers, which are designed to attract comments so we can make adjustments before any harm happens to our users. We reviewed the feedback from this research team when we received it in early 2023 and immediately took action where appropriate.
A Bumble spokesperson told both TechCrunch and Mashable, "We were made aware of these findings in early 2023, and swiftly resolved the issues outlined. As a global business with members in countries all over the world, we are committed to protecting our users’ privacy and have adopted a global approach to privacy compliance."
This statement applies for Badoo as well, Bumble told Mashable.
Dmytro Kononov, CTO and co-founder of Hily, shared this statement with TechCrunch:
The findings indicated a potential possibility for trilateration. However, in practice, exploiting this for attacks was impossible. This is due to our internal mechanisms designed to protect against spammers and the logic of our search algorithm...Despite this, we engaged in extensive consultations with the authors of the report and collaboratively developed new geocoding algorithms to completely eliminate this type of attack. These new algorithms have been successfully implemented for over a year now.
Grindr was vulnerable to "exact distance trilateration." This can be done when services reveal exact distances to other users. The authors were able to figure out user locations as close as 111 meters (around 364 feet). Exact distance trilateration was possible even when the distance was hidden, such as in Egypt where Grindr hides all user locations for safety reasons.
SEE ALSO: Men found a surprising new way to lie on dating apps"The proximity Grindr offers to this community is paramount in providing the ability to interact with those closest to them, Grindr's chief privacy officer Kelly Peterson Miranda told TechCrunch. "As is the case with many location-based social networks and dating apps, Grindr requires certain location information in order to connect its users with those nearby...Grindr users are in control of what location information they provide."
Finally, the app happn was vulnerable to "rounded distance trilateration," which can be done if an app utilizes a rounded location as a precaution. CEO and president of happn, Karima Ben Abdelmalek, told TechCrunch:
After review by our Chief Security Officer of the research findings, we had the opportunity to discuss the trilateration method with the researchers. However, happn has an additional layer of protection beyond just rounding distances...This additional protection was not taken into account in their analysis and we mutually agreed that this extra measure on happn makes the trilateration technique ineffective.
It appears that for apps with these vulnerabilities, the apps took measures to stop bad actors from determining user location using trilateration, with the exception of Grindr.
According to the paper, Tinder and LOVOO used "grid snapping" to prevent trilateration. Grid snapping is a technique of dividing one's location into a grid of squares. Coordinates (aka where users are) are moved to the center of these squares (Tinder) or the right side (LOVOO) and one's distance is measured from there. Therefore, their actual distance is inaccurate and can't be trilaterated.
Plenty of Fish and Meetic don't access GPS locations. While MeetMe, Tagged, and OkCupid do access this information, they convert it to the nearest town. The authors couldn't reverse engineer the information they needed for TanTan and Jaumo, so they couldn't test this method to find user locations.
The paper shows the importance of caution when using dating apps. As the paper concludes, "We hope that the awareness that we bring of these issues will lead LBD app providers to reconsider their data gathering practices, protect their APIs [application programming interfaces]from data leaks, prevent location inference, and give users control of their data and therefore ultimately their privacy."
Topics Apps & Software Privacy
Previous:Contingent No More
Character AI reveals AvatarFX, a new AI video generator
Faulkner, Munro, and Bribery! by Sadie Stein
Salinger Foods, Austen Portraits by The Paris Review
Phillip’s Dry Cleaners by Amie Barrodale
Best IPL deal: Save $80 on Braun IPL Silk·Expert
Chad Harbach on 'The Art of Fielding' by Robyn Creswell
On Uncle Vanya: Part Two by Clancy Martin
Code 451, Psychotic Real Estate by Sadie Stein
SpaceX lands its first rocket on West Coast ground: Watch
Thursday: Me by Witold Gombrowicz
Gods of War
Books, Crime, and Punishment! by The Paris Review
Code 451, Psychotic Real Estate by Sadie Stein
TPR vs. The Nation; or, The Evening Redness in Lower Manhattan by Cody Wiewandt
Trump's new tariff plan spares some smartphones, laptops
Watch: Issue 201 in Action! by Noah Wunsch
Sheila Heti on How Should a Person Be? by Thessaly La Force
Drama, Tantrums, and Bird
Best Amazon Fire TV Cube deal: Save $30 at Amazon
Chad Harbach on 'The Art of Fielding' by Robyn Creswell
Cristiano Ronaldo is the first athlete (and guy) to reach 100 million Instagram followersPowerful portrait series connects young LGBTQ activists with queer trailblazersMarvel's 'Inhumans' cast photo brought out some of Twitter's best jokesHow to master Snapchat, Facebook, and Instagram Stories'Game of Thrones' spinoffs are coming: HBO developing four potential projectsgoogle mapsKim Kardashian and Kanye West are dropping the 'sickest' clothing line for kids todayCollege student crawls through air ducts in quest to steal stats examUmpire takes a pitch to the groin and we feel his pain from hereOculus Story Studio could have been Pixar for VR. Facebook just shut it down.Cry of the week: Kevin Senior's lonely journey on 'The Leftovers'Countless galaxies billions of lightBeyoncé's spokesperson is not here for all the lip injection rumorsSomeone found the original 'StarCraft' source code so Blizzard showered them in giftsOculus Story Studio could have been Pixar for VR. Facebook just shut it down.Lonzo Ball's signature shoe got savaged on Twitter, but his dad might have the last laughWonder Woman is being advertised on diet products and our eyes are going to roll out of our headsThese are the 11 most important Star Wars scenes ever. Fight me.5 snacks from a galaxy far far away to help you celebrate 'Star Wars'Behold Crayola's new, thoroughly underwhelming crayon How to screenshot on Mac The biggest and best onscreen crushes of 2020 Kendall and Kylie Jenner can't get enough of their special brand of cultural appropriation Apple bans app that promoted secret parties during pandemic Women face pay inequality and have no path for advancement at Google, lawsuit claims LG wants to put transparent OLEDs in restaurants and subways Meghan and Harry's first podcast invites special guests to reflect on a hectic 2020 Family surprises their dad with color vision glasses and his reaction is priceless 10 video games we can't wait to play in 2021 You don't have to celebrate New Year's Eve this year Unseen 'The Office' clip shows Dwight enter 'The Matrix' in finale prank Here's what really happens when you call those celeb fundraising lines How to set up PS5 Here's the name of that underwhelming new Crayola crayon Mira Nair's 'A Suitable Boy' is a visual feast set in post How to enable 2FA on Xbox Oh nothing, just this cute subantarctic fur seal having a nap on the beach What we want to see in 'The Mandalorian' Season 3 Watch Baby Yoda bop to a tune from director Robert Rodriguez An elderly man's words about his late wife reduced a shop full of people to tears
2.5707s , 8233.9453125 kb
Copyright © 2025 Powered by 【Uth4 Pat4k (2024) S03 Hindi Web Series】,Evergreen Information Network