No self-serving PR statement about how highly they value their customers' privacy?
(Though apparently they do, considering how fast they implemented a fix and didn't argue)
Up until this year, dating app Bumble inadvertently provided a way to find the exact location of its internet lonely-hearts, much in the same way one could geo-locate Tinder users back in 2014. In a blog post on Wednesday, Robert Heaton, a security engineer at payments biz Stripe, explained how he managed to bypass Bumble's …
That's the obvious solution, kind of surprised they didn't reach for it first time. But fixed now. Nicely done by our Mr Heaton, and a good writeup here by Thomas - it's almost a textbook example of "hacking", for lack of a better term., deriving information that on first glance doesn't appear to be there.
My only confusion was finding what I'd always called triangulation is, in fact, something a bit different, and wondering how that Wikipedia page could make something I demonstrated to my 9yo with three bits of string so unfathomably complex.
@John H Woods
Almost all math texts are written for those who already know the math (or are being stuffed with it on some course). The only well known mathematician who actually explains what the symbolism means is Ian Stewart, and his books are a treat to read for that reason.
However I don't think this common behaviour is intentional or even voluntary. I have friends who are practicing mathematicians and it's obvious that their minds work very differently from my (enineering) mind. I remember once asking one of them how the Fourier transform worked. Half an hour later the blackboard was covered with symbols but I was none the wiser. It took a conversation with a fellow engineer to impart the principle on which it worked.
"what I'd always called triangulation is, in fact, something a bit different"
It is different. Triangulation is working out a location using directional information and doesn't require distance information (other than what you generate yourself by moving to a new location to get the next compass bearing.)
Trilateralization works by knowing distances but not direction, you get the direction by finding the distances from multiple known locations.
All that does is increase the number of samples you need.
Remember when consumer GPS kit managed to get much better resolution for their location than the then deliberately noisy signal was supposed to allow? They just took averages of the reported locations.
In the end, the US turned the noise off for everyone.
Yeah, there is so much wrong with they way these controls are implemented. Firstly, an improved jigsaw attack combining other information from a persons public data set means a 1 mile location location will probably let you narrow down their IRL identity and location. Second, even with a one mile lock, a stalker will pose a threat to a person. Sure they have to start canvassing the neighborhood, but I don't like the odds of bumping into someone withing a mile of my home, work, etc.
and a small random number and a floor value won't cut it. It just means that they have to wait till they have more data to do statistical analysis on. Others already pointed to Differential GPS countering the dithering on the public GPS signal.
Really, the location information should be limited to the largest general metro region people are willing to drive across for a date. Or you know, NONE, which is also an option. Creeps and Catfishers will just fake their location like Pokemon Go raiders.
+1 for trilateration.
I am surprised no one mentioned triangulateration yet (here you are!).
Of the 3 terms only trilateration is, in fact, relevant: no directions are specified and no angle measurement is involved.
Privacy point: if you use a dating app keep your GPS and WiFi off? Or, at least, never do it from any place you frequent (home, work favourite coffee shop or pub, etc.)?
After reading this article, I'd first like to say that even the Tinder flaw seems to me to be beyond the abilities of Joe Stalker to diagnose. The people who find these flaws are really on the top of their game. Kudos to them.
That being said, that triangulation thing seems to be a bit difficult to avoid. Even if you fudge the distance a bit, you're still informing a stalker of a distance that is an easy walk away.
I think such apps should not inform of distance directly, but rather use categories like Close By, Within Driving Distance, Far Away. Category calculated on the server, obviously.
Maybe that would solve the issue ?
The thing is that you are able to set up a profile with a known location, and find out from that what the ranges for "close by" etc are.
Another problem with all of these things is:
If you are for example on the opposite side of a river with no nearby crossing point, it will say that whatever (could be a shop or something, not necessarily a potential date) is close by, when it really isn't.
If you provided the distance along roads rather than the line of sight distance, it would be more realistic, and also more difficult to triangulate.
"After reading this article, I'd first like to say that even the Tinder flaw seems to me to be beyond the abilities of Joe Stalker to diagnose. "
Lots of technical things are too hard for Joe Stalker or Joe Average. But those who are a bit more clever like to let others know how clever they are and put scripts and apps up on the 'net for others to use. You think Script Kiddies write their own, original scripts from scratch?
Yeah, only NO on your first point. You are overstating the difficulty, and also neglecting that the first creeper can sell stalking-as-a-service (The uncooler SaaS) to all of the less technically inclined ones. Just hang out on the chans to watch these dynamics in action. Also, don't assume lots of black hats couldn't/didn't find this because they didn't report it or get caught exploiting it.
Firms need to be really careful with peoples personal data, and it's very dangerous to look at these issue from the point of view of a single bad actor. Leaks like this have also lead to target killings by state level actors. Your second point is stronger, but just makes a better case for not releasing location information.
If you have to include location/distance your categories are probably better, especially if fuzz in a decent amount of overlap between them so it's hard to pin down the exact cutoff points. I'd also suggest that the servers only answer that question once. That is to say, don't send a different value every time they check the same profile so they can't easily drive round collecting data points. If they were within driving distance let them stay that way. Also some user choice wouldn't hurt, so that the "close by" option was only available after the other person had chatted with you and enabled it for your profile, and could revoke it if someone went creeper.
I don't think I'm overstating the difficulty. It's not because, once one guy has hacked the system he can sell his knowledge, that the system is easy to hack. I might have been able to figure out the Tinder distance hack, if I had any interest in coding on mobile phones, as well as a use for that particular app, but it would certainly have taken me a while. Joe Average is not going to do it.
As for your refinement of the category idea, I like your point. Indeed, there is no need to recalculate once the answer has been given. And good point as well that users should have some sort of control over whether they wish for that data to be available or not.
> only accurate to within a mile – hardly sufficient for stalking
A mile in Hong Kong? Or a mile in Steuben Maine USA?
In the dense part of Steuben we have a house every 0.04 miles (~~25/mile). On the main highway it may be over a mile between houses. And the houses are along the roads, no point beating the woods for a Tinder/Bumble stalkee.