How do you use Grindr safely

The information portal for safe cell phone use

Grindr is a worldwide dating app for gay and bisexual men. It shows users in the area. By default, each user is shown how far they are from their own location.

An external, desktop-based program called "fuckr" uses this distance information to determine the exact location of users of the gay dating app Grindr.

Grindr has known about the problem for years: a security researcher had already drawn attention to this attack in 2014. Nevertheless, the provider has not yet taken any measures to prevent the attack. The "fuckr" program still works today. The blog Queer Europe reported on this in September 2018.

The source code of the fuckr app had been on the Github program platform since 2015. In response to the report, Github deleted the entry on September 13, 2018. As the site BuzzFeed researched, there are several current clones of fuckr.

This is how the attack works

The "fuckr" program simulates Grindr users at different locations, picks up the distance information from other users and evaluates them. The program uses a method called trilateration: If the distance to three points in the vicinity is known to a target person, their exact location can be calculated.

Since the distance information from the Grindr app is extremely precise, fuckr can determine very precise locations of all Grindr users in a region in this way. You can then click into precisely locatable individual profiles in the program.

Via the app settings, users can disable Grindr from showing the distance to others.

This makes the trilateration attack more difficult, but the protective measure can be undermined, as stated in the Queer Europe blog post. Because Grindr sorts the displayed users according to their distance to their own device. If only one user hides their distance data, their approximate distance could still be easily calculated based on their position in the list.

Review: Grindr endangers its users

The vulnerability is not only an extreme violation of privacy, but can even pose a serious threat to life and limb: the app is also used in countries that criminalize homosexuality. If an app makes it possible to locate users, it can be dangerous for those affected. For example, there have been reports that the police in Egypt are using fake profiles on Grindr to hunt down gay men.

According to experts, it would not be difficult to solve the problem or at least contain it strongly. For example, the QueerEurope blogger suggests the following actions:

  • The fuckr program accesses an interface (API) of the service and uses it to carry out mass queries. Such bulk queries could easily be identified and blocked.
  • The distance display in the app could be deactivated by default and only activated by opting in.
  • Grindr could reduce the accuracy of the distance information.

The app operator has not yet taken any of these measures.

The dating app Grindr has received repeated criticism in the past for its handling of data. Users can enter their HIV status in the app. In the spring of 2018, a Norwegian research institute found that Grindr, in addition to other sensitive data, also passed on the HIV status of users to two analysis services.

Data economy

How to deactivate the display of your distance to other users:>>.

#DatingApps #location #location
Information has changed or do you have a hint for us on this subject?
Write to us: [email protected]