Researchers in Japan have proven how easy it is figure out the exact location of users of Grindr and other gay dating apps, even if they turn off the “show distance” feature on the apps’ privacy settings.
Last week, computer-security expert Nguyen Phong Hoang and his colleagues at Kyoto University published a report in Transactions on Advanced Communications Technology, explaining how easy it is.
“You can easily pinpoint and reveal a person,” says Hoang. “In the U.S. that’s not a problem but in Islamic countries or in Russia, it can be very serious that their information is leaked like that.”
There have been complaints about location information on hookup apps before, but the standard response has always been to turn off your location information. Since Hoang were able to locate users regardless of their privacy settings, it poses a serious risk.
How does it work? By something called a “colluding trilateration attack.”
“If Grindr or a similar app tells you how far away someone is—even if it doesn’t tell you in which direction—you can determine their exact location by combining the distance measurement from three points surrounding them,” explains Andy Greenberg of Wired.
Greenberg worked with Hoang to see if his location could be determined, even after he disengaged the “show distance” feature on Grindr.
Within 15 minutes, Hoang had identified the intersection where I live. Ten minutes after that, he sent me a screenshot from Google Maps, showing a thin arc shape on top of my building, just a couple of yards wide. “I think this is your location?” he asked. In fact, the outline fell directly on the part of my apartment where I sat on the couch talking to him.
Hoang was also able to pinpoint Greenberg’s location using Jack’d and Hornet, as well.
Of course, this issue isn’t specific to gay hookup sites: A colluding trilateration attack could be used on any app that lists users’ locations by proximity. But the risks are higher in the gay community, where being pinpointed could mean getting robbed, arrested or worse.
In some parts of the world, homophobic gangs have been known to hunt gay men using the technology.
Grindr currently disables its distance feature in high-risk countries like Saudi Arabia and Russia, and says it is “working to develop increased security features.”