Forgot your password?
typodupeerror
Privacy Security

Major Vulnerability In Tinder Dating App Allowed User Tracking 23

Posted by timothy
from the coming-from-inside-the-building dept.
An anonymous reader writes "Include Security unveiled new research showing that users of the popular online dating app Tinder were at significant risk due to a vulnerability they discovered in the geo-location feature of the application. This vulnerability allowed Tinder users to track each another's exact location for much of 2013. Anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user. This resulted in a privacy violation for the users of the application." Include Security has posted a video that shows how the the flaw could be exploited, before it was fixed last month.
This discussion has been archived. No new comments can be posted.

Major Vulnerability In Tinder Dating App Allowed User Tracking

Comments Filter:
  • tracking (Score:5, Funny)

    by schneidafunk (795759) on Thursday February 20, 2014 @10:36AM (#46294389)

    Bug or feature? I thought the whole point of the app was to stalk people. I must have been using it wrong.

    • It's supposed to be used to find people who are willing to have sex with you: if you're on slashdot and it shows you people, you are indeed using it wrong.
      • Or you are using it right and the app has a serious bug.

        Or the mythical 'nerd-girl' has entered our plane of existence for a visit. She has needs too...

    • Re:tracking (Score:5, Interesting)

      by JoeMerchant (803320) on Thursday February 20, 2014 @11:17AM (#46294705) Homepage

      One of the old dating websites (in the 1990s), used to tell you how far potential dates lived from you - harmless enough, unless you live in Key West or a similar linear settlement, that gives a really big circle on which the person could live.

      However, if you signed up for 3 (free, no verification required) accounts, and gave your different accounts different addresses around town, you could get three distances to the same potential date, giving a rather accurate estimate of their domicile location.... or, at least whatever they input when they signed up - if they were as paranoid as me, they also had three accounts and none of them had an accurate address.

  • and the second mouse always gets the cheese. Time to make a clone app called Timber with pitbull strength security.
  • when the story was broken on another site.

    Our tumbly, 6-sided overlords must be please that we're finally catching up to the likes of Reddit

    • by JoeMerchant (803320) on Thursday February 20, 2014 @11:24AM (#46294761) Homepage

      Well established, /. is not the place for breaking news, it's got an older moderation system that wasn't designed to get stuff to the front page quickly, in internet time. Compared to print media, /. is more or less on par with a good daily newspaper's story reporting speed (is there such a thing as a good daily newspaper anymore?)

      Reddit is pretty good about bubbling up interesting stuff to the front within an hour or two, though the good AMAs always seem to make the front page just after the host has signed off...

      If you want to read about what's going to be on CNN, Fox, et. al. tomorrow, watch the Reuters feeds. The news of the weird stuff usually comes across RSS 5 to 7 days before it makes it out on morning radio shows...

      If you need your news faster than Reddit gets it to you, I think you have to be personally present where it is happening.

      • +1 - (Never have the damn mod points when I need them!)
        Thanks for an informative and lucid reply to an off handed comment.
  • Other services don't provide as accurate data, but with GPS spoffing you can get pretty good idea in not densely populated areas
  • Major Vulnerability In Tinder Dating App Allowed User Tracking

    On reading this headline, I thought this was some app used by scientists to compute carbon dating on tinder found in archeological digs...strangely specific, but I could see it existing. Not a huge user base for it, though, so why the fuss about user tracking? And why bother? "Both of them are in the lab...now they're at the dig site...now they're at the bar. Repeat."

    Clearly my hopes for scientific stories on Slashdot are overly optimistic... :(

    • by ceazare (1029260)
      Meh, I expected an app that would tell you the age of a felled tree by counting the rings. I'd find that useful, being in the business.
  • This is trilateration, not triangulation:

    http://en.wikipedia.org/wiki/T... [wikipedia.org]

  • Considering I'd never even heard of this app until some Olympian young lady made a big deal out of it, I doubt this was much of a breach. All of the app's users were in the Olympic Village and they know where one another are, anyway.

  • So, now we can know which Olympians were hooking up?

    Rule #34 bitches, rule #34.

Your own mileage may vary.

Working...