The dating application for gay men Grindr leaves exposed the geolocation of their users, with an accuracy of between five and ten meters, and allows anyone to form an interactive map with the locations and data of millions of people through applications free download. The blog Queer Europe has reported that via free applications downloadable from the internet that are hosted on GitHub, it is possible to discover the location almost exactly, of the users of Grindr due to a vulnerability present in the service.
To determine the geographic location, the applications make use of a process of triangulation that employs the distances among users collected within Grindr. This process allows to locate a person through three or more points virtual placed around him since the intersection of these points indicates their location with a margin of error less than ten meters.
The application gets this information by means of the Application Programming Interface (API) of Grindr, with which a call is made to the server. With this method you can locate to 600 people in only a few seconds, which allows you to create maps with the location of all the users that can be updated every minute.
The method is so accurate because Grindr uses the system geohash to measure the distances, which encodes the place where a person is located in a string of letters and digits, which in the case of Grindr is 12 characters, so that once the information is decrypted gives rise to an area of 37 x 18 cm
The way in which to configure the location also enables us to find where is a person with whom they have interacted previously. In turn, researchers of the Kyoto University discovered that it is possible to find a user who has hidden their location using triangulation.
Grindr was already the focus of attention this month of April, as it was discovered that it shared its users ‘ information with external companies, among which there were aspects as the name, image, type of body and if you suffer from HIV. These data can be obtained also through the applications above, extract them directly from the profiles.
The web gay Queer Europe has reported that these vulnerabilities make the LGBTI community is exposed to situations of harassment and persecution. Also, have called the attention on the possibility of using these techniques in countries where homosexuality is criminalized.
For its part, Grindr had stated in a communiqué issued at the beginning of the year that you used “leading technologies in the industry,” to protect the privacy of its users, ensuring that the personal data of its users are not reultaban accessible to hackers or even in the cases in which its users were using WiFi networks in public.