Grindr and Jack'd both fail to encrypt data that reveals the user is running the app by name, leaving that sensitive data open to any snoop on the same Wi-Fi network. (Most Grindr users do show their faces, but not their name.) But even then, Hoang points out that continually tracking someone's location can often reveal their identity based on their address or workplace.Įven beyond location leaks, the Kyoto researchers found other security problems in the apps, too. As Jack'd notes, people can also avoid posting their faces to the dating apps.
GAY MEN FEET POSE ANDROID
Hoang advises that people who truly want to protect their privacy take pains to hide their location on their own, going so far as to run Grindr and similar apps only from an Android device or a jailbroken iPhone with GPS spoofing software. They suggest that the apps could further obscure people's locations, but acknowledge that the companies would hesitate to make that switch for fear of making the apps far less useful.
GAY MEN FEET POSE HOW TO
The Kyoto researchers' paper has only limited suggestions about how to solve the location problem. Hoang advises that people who truly want to protect their privacy take pains to hide their location on their own. And Jack'd, despite claims to "fuzz" its users' locations, allowed Hoang to find me using the older simple trilateration attack, without even the need to spoof dummy accounts. But after a slightly longer hunting process, Hoang was still able to identify my location. Hornet claims to obscure your location, and told the Kyoto researchers that it had implemented new protections to prevent their attack. Grindr's competitors Hornet and Jack'd offer differing degrees of privacy options, but neither is immune from the Kyoto researchers' tricks. "You draw six circles, and the intersection of those six circles will be the location of the targeted person," says Hoang. Overlap three of those bands-just as in the older trilateration attack-and the target’s possible location is reduced to a square that’s as small as a few feet across. Each pair of fake users sandwiching the target reveals a narrow circular band in which the target can be located. They spoofed the location of accounts under their control and placed those fake users in positions that reveal narrow bands in which the victim "V" must be located.īy adjusting the spoofed location of those two fake users, the researchers can eventually position them so that they’re slightly closer and slightly further away from the attacker in Grindr's proximity list. To respond to Grindr's obscuring of the exact distance between some users, the Kyoto researchers' used a "colluding" trilateration attack. "In the US that's not a problem but in Islamic countries or in Russia, it can be very serious that their information is leaked like that."
![gay men feet pose gay men feet pose](https://i.pinimg.com/originals/2b/4e/a9/2b4ea93bd24dff2b28b07b3b85b535a7.jpg)
"You can easily pinpoint and reveal a person," says Hoang. That added degree of invasion means that even particularly privacy-oriented gay daters-which could include anyone who perhaps hasn't come out publicly as LGBT or who lives in a repressive, homophobic regime-can be unwittingly targeted. And unlike previous methods of tracking those apps, the researchers say their method works even when someone takes the precaution of obscuring their location in the apps’ settings.
![gay men feet pose gay men feet pose](https://thumbs.dreamstime.com/b/man-feet-tropical-ocean-gay-male-couple-together-sand-beach-their-honeymoon-101495412.jpg)
(He went on to demonstrate as much with my test accounts on those competing services.) In a paper published last week in the computer science journal Transactions on Advanced Communications Technology, Hoang and two other researchers at Kyoto University describe how they can track the phone of anyone who runs those apps, pinpointing their location down to a few feet. Hoang says his Grindr-stalking method is cheap, reliable, and works with other gay dating apps like Hornet and Jack'd, too. In fact, the outline fell directly on the part of my apartment where I sat on the couch talking to him. "I think this is your location?" he asked. Ten minutes after that, he sent me a screenshot from Google Maps, showing a thin arc shape on top of my building, just a couple of yards wide. Within fifteen minutes, Hoang had identified the intersection where I live. For anyone in that neighborhood, my cat photo would appear on their Grindr screen as one among hundreds of avatars for men in my area seeking a date or a casual encounter. A minute later I called Nguyen Phong Hoang, a computer security researcher in Kyoto, Japan, and told him the general neighborhood where I live in Brooklyn.
![gay men feet pose gay men feet pose](https://i.pinimg.com/736x/f5/3c/b4/f53cb4449b1d4b5cb0f3060ecf961852--barefoot-hipster.jpg)
I set my profile photo as a cat, and carefully turned off the "show distance" feature in the app's privacy settings, an option meant to hide my location. Then I installed the gay hookup app Grindr.
![gay men feet pose gay men feet pose](https://www.advocate.com/sites/default/files/styles/vertical_gallery_desktop_1x/public/2018/12/06/01-alex_chevesx1000.jpg)
A few days ago, I warned my wife that the experiment I was about to engage in was entirely non-sexual, lest she glance over my shoulder at my iPhone.