Jack'd exec Letourneau added that "We encourage our members to take all necessary precautions with the information they choose to display on their profiles and properly vet people before meeting in public."The Kyoto researchers' paper has only limited suggestions about how to solve the location problem.
They suggest that the apps could further obscure people's locations, but acknowledge that the companies would hesitate to make that switch for fear of making the apps far less useful.
For anyone in that neighborhood, my cat photo would appear on their Grindr screen as one among hundreds of avatars for men in my area seeking a date or a casual encounter.
Within fifteen minutes, Hoang had identified the intersection where I live. In fact, the outline fell directly on the part of my apartment where I sat on the couch talking to him.
"You draw six circles, and the intersection of those six circles will be the location of the targeted person," says Hoang.(That's the simpler but slightly less efficient method Hoang used to pinpoint my location.)To respond to Grindr's obscuring of the exact distance between some users, the Kyoto researchers' used a "colluding" trilateration attack.They spoofed the location of accounts under their control and placed those fake users in positions that reveal narrow bands in which the victim "V" must be located.Hoang advises that people who truly want to protect their privacy take pains to hide their location on their own, going so far as to run Grindr and similar apps only from an Android device or a jailbroken i Phone with GPS spoofing software.As Jack'd notes, people can also avoid posting their faces to the dating apps.ago, I warned my wife that the experiment I was about to engage in was entirely non-sexual, lest she glance over my shoulder at my i Phone. I set my profile photo as a cat, and carefully turned off the "show distance" feature in the app's privacy settings, an option meant to hide my location.A minute later I called Nguyen Phong Hoang, a computer security researcher in Kyoto, Japan, and told him the general neighborhood where I live in Brooklyn.(Most Grindr users do show their faces, but not their name.) But even then, Hoang points out that continually tracking someone's location can often reveal their identity based on their address or workplace.Even beyond location leaks, the Kyoto researchers found other security problems in the apps, too.By adjusting the spoofed location of those two fake users, the researchers can eventually position them so that they’re slightly closer and slightly further away from the attacker in Grindr's proximity list.Each pair of fake users sandwiching the target reveals a narrow circular band in which the target can be located.