It has been discovered that Grindr is guilty of a shocking security breach after a blog called Queer Europe, along with the help of another gay dating app called F*ckr, used a technique called trilateration to hack into the app’s API (Application Programming Interface).
They found that they were able to pinpoint Grindr user’s exact location.
Queer Europe posted a video to Twitter demonstrating how it was done, writing that “applications designed to locate Grindr Users are publicly available online.”
Applications designed to locate Grindr users are publicly available online, and give anyone access to a virtual map on which you can travel from city to city, and from country to country, while seeing the exact location of cruising men that share their distance online. pic.twitter.com/0IumD6laAE
— Queer Europe 🏳️🌈 (@QueerEurope) September 13, 2018
Upon the discovery, Queer Europe wrote on their website:
“While sitting behind my laptop, I could see in which restaurants he was eating, in which cafes he was drinking, and in which nightclubs he was dancing. I could also see that he went to the gay sauna at 1 am and then slept at a stranger’s house at 3 am. By making it so easy to track individuals with precision, Grindr makes its users extremely vulnerable to harassment and stalking.”
The Inquirer also reported that F*ckr users could “uncover up to 600 Grindr users within minutes.”
This is not the first time the app has been found to have major security flaws, as of March this year it was found that a site called C*ckblocked allowed users to “enter their Grindr info and see who had blocked them on the app.”
The developer of C*ckblocked, Trevor Faden, told NBC that he could then identify user’s locations, even if they had their location settings switched off, and that he could also view deleted pictures, unread messages and email addresses.
Similarly, it was discovered in 2014 that Grindr user’s exact locations could be identified, resulting in Grindr pulling out of countries such as Russia, Nigeria, Egypt, Iraq and Saudi Arabia, where it could be potentially life-threatening to be exposed as gay. Although, Queer Europe reported that it was still available in countries such as Algeria, Turkey, Belarus, Ethiopia, Qatar, Abu Dhabi, Oman, Azerbaijan, China, Malaysia and Indonesia, where being exposed as gay can be just as risky.
Since the exposé, F*ckr has been disabled by its host GitHub, while Grindr CEO Scott Chen made a statement, promising that the app “will continue trying to evolve and improve our platform.”
© 2018 GCN (Gay Community News). All rights reserved.
For 30 years GCN has been a vital, free-of-charge information service for Ireland’s LGBT+ community. We want to go on providing this community hub in print and online, helping countless individuals across the country, but the revenue from advertising across the media is falling.
GCN needs your support. If you value having an independent LGBT+ media in Ireland, you can help from only €1.99 per month. Support Ireland’s free, independent LGBT+ media.