Well, this is rather alarming.
Apparently, Grindr has been exposing the exact locations of its users for years. Not only that, but developers have reportedly known about the glitch for a while now, but they haven’t done anything to fix it.
The discovery was made last week by the blog Queer Europe with the help of a third-party app called app called F*ckr, which found a way to to hack into Grindr’s private API and use a technique called trilateration to pinpoint users’ preciselocations.
Here’s a terrifying video of just how easy it is:
Applications designed to locate Grindr users are publicly available online, and give anyone access to a virtual map on which you can travel from city to city, and from country to country, while seeing the exact location of cruising men that share their distance online. pic.twitter.com/0IumD6laAE
— Queer Europe ???? (@QueerEurope) September 13, 2018
The Inquirer reports:
The site found that using a third-party app–the unimaginatively named “F*ckr”–users could uncover up to 600 Grindr users within minutes. That may sound similar to the main app, except that F*ckr deobfuscates the location, bringing it to an accuracy of six to 16 feet. Given the app can also leach the photograph, this is an early Christmas present to stalkers, opening to the potential to tie down users to a single room of a house.
If that’s not creepy enough, F*ckr can also access a user’s most sensitive sexual information, including HIV status, last HIV test date, and, oh yeah, all those photos you thought were private.
Queer Europe adds:
After security vulnerabilities had been revealed in 2014, Grindr disabled the distance function in some homophobic countries, such as Russia, Nigeria, Egypt, Iraq and Saudi Arabia. However, it is still possible to locate users in many other countries, such as Algeria, Turkey, Belarus, Ethiopia, Qatar, Abu Dhabi, Oman, Azerbaijan, China, Malaysia and Indonesia. The governments of these countries heavily repress LGBTQ+ people and can easily exploit this vulnerability to blackmail individuals or to surveil queer communities.
Since the story broke, F*ckr has been disabled by its host, GitHub. Meanwhile, Grindr President and CEO Scott Chen rushed out a statement saying the app “will continue trying to evolve and improve our platform”; however, he didn’t offer any specific improvements or any timeline for when the improvements will be implemented.