Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Vulnerability In Tinder Dating App Allowed User Tracking

Posted by timothy on from the coming-from-inside-the-building dept.

An anonymous reader writes "Include Security unveiled new research showing that users of the popular online dating app Tinder were at significant risk due to a vulnerability they discovered in the geo-location feature of the application. This vulnerability allowed Tinder users to track each another's exact location for much of 2013. Anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user. This resulted in a privacy violation for the users of the application." Include Security has posted a video that shows how the the flaw could be exploited, before it was fixed last month.

23 comments

  1. tracking by schneidafunk · · Score: 5, Funny

    Bug or feature? I thought the whole point of the app was to stalk people. I must have been using it wrong.

    --
    Some people die at 25 and aren't buried until 75. -Benjamin Franklin
    1. Re:tracking by interkin3tic · · Score: 1

      It's supposed to be used to find people who are willing to have sex with you: if you're on slashdot and it shows you people, you are indeed using it wrong.

    2. Re:tracking by JoeMerchant · · Score: 4, Interesting

      One of the old dating websites (in the 1990s), used to tell you how far potential dates lived from you - harmless enough, unless you live in Key West or a similar linear settlement, that gives a really big circle on which the person could live.

      However, if you signed up for 3 (free, no verification required) accounts, and gave your different accounts different addresses around town, you could get three distances to the same potential date, giving a rather accurate estimate of their domicile location.... or, at least whatever they input when they signed up - if they were as paranoid as me, they also had three accounts and none of them had an accurate address.

    3. Re:tracking by Anonymous Coward · · Score: 0

      Bug or feature? I thought the whole point of the app was to stalk people. I must have been using it wrong.

      Either way, I find it pretty fucking funny that damn near every single app that has gained popularity these days promising to mask or hide the user (or their images) in some way has ended in ultimate shame and embarassment as these apps are picked apart to reveal exactly what they were designed NOT to do.

    4. Re:tracking by davester666 · · Score: 1

      Or you are using it right and the app has a serious bug.

      Or the mythical 'nerd-girl' has entered our plane of existence for a visit. She has needs too...

      --
      Sleep your way to a whiter smile...date a dentist!
    5. Re:tracking by Anonymous Coward · · Score: 0

      ...if they were as paranoid as me, they also had three accounts and none of them had an accurate address.

      If they were as paranoid as you, it would be sufficient with a single account with an incorrect location. Having three accounts is only needed if you want to find others.

  2. Early bird gets the worm... by BisuDagger · · Score: 1

    and the second mouse always gets the cheese. Time to make a clone app called Timber with pitbull strength security.

    1. Re:Early bird gets the worm... by Anonymous Coward · · Score: 0

      Call it Timbr and you might just win the Internet, and a restraining order from Ke$ha.

    2. Re:Early bird gets the worm... by interkin3tic · · Score: 1

      Tinder IS at least the second. Blendr was the original straight version of grindr.

  3. Welcome to 2 days ago by mandark1967 · · Score: 0

    when the story was broken on another site.

    Our tumbly, 6-sided overlords must be please that we're finally catching up to the likes of Reddit

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
    1. Re:Welcome to 2 days ago by JoeMerchant · · Score: 4, Interesting

      Well established, /. is not the place for breaking news, it's got an older moderation system that wasn't designed to get stuff to the front page quickly, in internet time. Compared to print media, /. is more or less on par with a good daily newspaper's story reporting speed (is there such a thing as a good daily newspaper anymore?)

      Reddit is pretty good about bubbling up interesting stuff to the front within an hour or two, though the good AMAs always seem to make the front page just after the host has signed off...

      If you want to read about what's going to be on CNN, Fox, et. al. tomorrow, watch the Reuters feeds. The news of the weird stuff usually comes across RSS 5 to 7 days before it makes it out on morning radio shows...

      If you need your news faster than Reddit gets it to you, I think you have to be personally present where it is happening.

    2. Re:Welcome to 2 days ago by kaizendojo · · Score: 1

      +1 - (Never have the damn mod points when I need them!)
      Thanks for an informative and lucid reply to an off handed comment.

    3. Re:Welcome to 2 days ago by Anonymous Coward · · Score: 0

      Me thinks someone with mod points needs to learn that this comment is -not- off-topic.

  4. Seriously by Anonymous Coward · · Score: 0

    Who uses this crap?

    1. Re:Seriously by Anonymous Coward · · Score: 0

      Women who have eyebrows drawn on with a Sharpie, from what I've observed using the app.

  5. other services are similar by K98ksj091j2 · · Score: 1

    Other services don't provide as accurate data, but with GPS spoffing you can get pretty good idea in not densely populated areas

  6. Headline confusion... by CCarrot · · Score: 1

    Major Vulnerability In Tinder Dating App Allowed User Tracking

    On reading this headline, I thought this was some app used by scientists to compute carbon dating on tinder found in archeological digs...strangely specific, but I could see it existing. Not a huge user base for it, though, so why the fuss about user tracking? And why bother? "Both of them are in the lab...now they're at the dig site...now they're at the bar. Repeat."

    Clearly my hopes for scientific stories on Slashdot are overly optimistic... :(

    --
    "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
    1. Re:Headline confusion... by ceazare · · Score: 1

      Meh, I expected an app that would tell you the age of a felled tree by counting the rings. I'd find that useful, being in the business.

  7. Not triangulation by Intrepid+imaginaut · · Score: 1

    This is trilateration, not triangulation:

    http://en.wikipedia.org/wiki/T...

  8. Olympic Village by ShaunC · · Score: 1

    Considering I'd never even heard of this app until some Olympian young lady made a big deal out of it, I doubt this was much of a breach. All of the app's users were in the Olympic Village and they know where one another are, anyway.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  9. LOL ... by gstoddart · · Score: 1

    So, now we can know which Olympians were hooking up?

    Rule #34 bitches, rule #34.

    --
    Lost at C:>. Found at C.