back to article Bumble fumble: Dude divines definitive location of dating app users despite disguised distances

Up until this year, dating app Bumble inadvertently provided a way to find the exact location of its internet lonely-hearts, much in the same way one could geo-locate Tinder users back in 2014. In a blog post on Wednesday, Robert Heaton, a security engineer at payments biz Stripe, explained how he managed to bypass Bumble's …

  1. Gene Cash Silver badge


    No self-serving PR statement about how highly they value their customers' privacy?

    (Though apparently they do, considering how fast they implemented a fix and didn't argue)

    1. Pascal Monett Silver badge

      Re: What?

      When you're actually doing your job, you don't need to boast : the results speak for themselves.

      1. John Brown (no body) Silver badge

        Re: What?

        If they were actually doing their job, they'd not have repeated the Tinder error in the first place :-)

        This has all the smell of young hipster devs in a startup environment with no past experience to draw on.

  2. Natalie Gritpants Jr

    Take a tip from the audio engineers. Adding a random number (0.0 to 0.99999) and then using floor() is probably better than round().

    1. Anonymous Coward
      Anonymous Coward

      That's the obvious solution, kind of surprised they didn't reach for it first time. But fixed now. Nicely done by our Mr Heaton, and a good writeup here by Thomas - it's almost a textbook example of "hacking", for lack of a better term., deriving information that on first glance doesn't appear to be there.

      My only confusion was finding what I'd always called triangulation is, in fact, something a bit different, and wondering how that Wikipedia page could make something I demonstrated to my 9yo with three bits of string so unfathomably complex.

      1. John H Woods Silver badge

        Math-heavy pages on Wikipedia are way out of whack (technical term) with the tone and level of other technical content. All my attempts to contribute simplifications and explanations have been rejected.

        1. seven of five

        2. Mike 137 Silver badge

          Math-heavy pages

          @John H Woods

          Almost all math texts are written for those who already know the math (or are being stuffed with it on some course). The only well known mathematician who actually explains what the symbolism means is Ian Stewart, and his books are a treat to read for that reason.

          However I don't think this common behaviour is intentional or even voluntary. I have friends who are practicing mathematicians and it's obvious that their minds work very differently from my (enineering) mind. I remember once asking one of them how the Fourier transform worked. Half an hour later the blackboard was covered with symbols but I was none the wiser. It took a conversation with a fellow engineer to impart the principle on which it worked.

      2. John Brown (no body) Silver badge

        "what I'd always called triangulation is, in fact, something a bit different"

        It is different. Triangulation is working out a location using directional information and doesn't require distance information (other than what you generate yourself by moving to a new location to get the next compass bearing.)

        Trilateralization works by knowing distances but not direction, you get the direction by finding the distances from multiple known locations.

        1. phuzz Silver badge
          Thumb Up

          That's a good explanation, thanks.

    2. Ian 55

      All that does is increase the number of samples you need.

      Remember when consumer GPS kit managed to get much better resolution for their location than the then deliberately noisy signal was supposed to allow? They just took averages of the reported locations.

      In the end, the US turned the noise off for everyone.

      1. Ordinary Donkey

        I would have taken a much simpler option. Lie.

        When somebody sets their location, choose a random location within 1 mile of them and store that as their bogus location. Calculate distances to this location and don't care if it leaks because it's fake.

    3. DS999 Silver badge

      It is useless precision

      It would have been fine to say "within 10-20 miles of you" or such, there's no scenario where you are going to say "well I would have swiped right if she was just ONE mile closer!"

      1. Anonymous Coward
        Anonymous Coward

        Re: It is useless precision

        Yeah, there is so much wrong with they way these controls are implemented. Firstly, an improved jigsaw attack combining other information from a persons public data set means a 1 mile location location will probably let you narrow down their IRL identity and location. Second, even with a one mile lock, a stalker will pose a threat to a person. Sure they have to start canvassing the neighborhood, but I don't like the odds of bumping into someone withing a mile of my home, work, etc.

        and a small random number and a floor value won't cut it. It just means that they have to wait till they have more data to do statistical analysis on. Others already pointed to Differential GPS countering the dithering on the public GPS signal.

        Really, the location information should be limited to the largest general metro region people are willing to drive across for a date. Or you know, NONE, which is also an option. Creeps and Catfishers will just fake their location like Pokemon Go raiders.

  3. John H Woods Silver badge

    Optional ize

    Trilateration, surely, otherwise we would use the term triangularization?

    1. T. F. M. Reader

      Re: Optional ize

      +1 for trilateration.

      I am surprised no one mentioned triangulateration yet (here you are!).

      Of the 3 terms only trilateration is, in fact, relevant: no directions are specified and no angle measurement is involved.

      Privacy point: if you use a dating app keep your GPS and WiFi off? Or, at least, never do it from any place you frequent (home, work favourite coffee shop or pub, etc.)?

      1. Chris Evans

        never do it from.....

        "never do it from any place you frequent (home, work favourite coffee shop or pub, etc.)?"

        Sounds like never use a dating app then!

      2. EarthDog

        Re: Optional ize

        I tend to keep location turned off except when using a specific app.

      3. phuzz Silver badge

        Re: Optional ize

        if you use a dating app keep your GPS and WiFi off?

        Why not just deny access to location data, for that particular app?

  4. Pascal Monett Silver badge

    Tipping point

    After reading this article, I'd first like to say that even the Tinder flaw seems to me to be beyond the abilities of Joe Stalker to diagnose. The people who find these flaws are really on the top of their game. Kudos to them.

    That being said, that triangulation thing seems to be a bit difficult to avoid. Even if you fudge the distance a bit, you're still informing a stalker of a distance that is an easy walk away.

    I think such apps should not inform of distance directly, but rather use categories like Close By, Within Driving Distance, Far Away. Category calculated on the server, obviously.

    Maybe that would solve the issue ?

    1. DJV Silver badge

      Re: Far away

      Unless you're talking about cows...

    2. katrinab Silver badge

      Re: Tipping point

      The thing is that you are able to set up a profile with a known location, and find out from that what the ranges for "close by" etc are.

      Another problem with all of these things is:

      If you are for example on the opposite side of a river with no nearby crossing point, it will say that whatever (could be a shop or something, not necessarily a potential date) is close by, when it really isn't.

      If you provided the distance along roads rather than the line of sight distance, it would be more realistic, and also more difficult to triangulate.

      1. adam 40 Silver badge

        Re: Tipping point

        Where is your romance?

        A river would be no boundary to the Milk Tray Man.

        1. Zenubi

          Re: Tipping point

          I upvoted and realised in the same instant that I am old - you are too.

          1. Ubiguchi

            Re: Tipping point

            Hmm, I wonder if I drop in some other old references–say, what's too orangey for crows-then can I do some temporal triangulation to work out your ages...

            1. iron Silver badge

              Re: Tipping point

              Hey! It's just for me and my dog!

              1. Fruit and Nutcase Silver badge

                Re: Tipping point

                Down Shep!

            2. bob42

              Re: Tipping point

              The Reg used to have a comment in the css, many years ago, about not being to orangey for crows. That made me smile

            3. Fruit and Nutcase Silver badge

              Re: Tipping point

              Well, someone here commented about my handle and age - though the age could be 30-99

              (99 - could be higher still, but 99 is conveniently another temporal confectionery reference)

    3. John Brown (no body) Silver badge

      Re: Tipping point

      "After reading this article, I'd first like to say that even the Tinder flaw seems to me to be beyond the abilities of Joe Stalker to diagnose. "

      Lots of technical things are too hard for Joe Stalker or Joe Average. But those who are a bit more clever like to let others know how clever they are and put scripts and apps up on the 'net for others to use. You think Script Kiddies write their own, original scripts from scratch?

    4. EarthDog

      Re: Tipping point

      Given the misogyny in the tech field there going to be a larger overlap between Joe Stalker and Joe Random Hacker than there w/ Joe Average

    5. Anonymous Coward
      Anonymous Coward

      Re: Tipping point

      Yeah, only NO on your first point. You are overstating the difficulty, and also neglecting that the first creeper can sell stalking-as-a-service (The uncooler SaaS) to all of the less technically inclined ones. Just hang out on the chans to watch these dynamics in action. Also, don't assume lots of black hats couldn't/didn't find this because they didn't report it or get caught exploiting it.

      Firms need to be really careful with peoples personal data, and it's very dangerous to look at these issue from the point of view of a single bad actor. Leaks like this have also lead to target killings by state level actors. Your second point is stronger, but just makes a better case for not releasing location information.

      If you have to include location/distance your categories are probably better, especially if fuzz in a decent amount of overlap between them so it's hard to pin down the exact cutoff points. I'd also suggest that the servers only answer that question once. That is to say, don't send a different value every time they check the same profile so they can't easily drive round collecting data points. If they were within driving distance let them stay that way. Also some user choice wouldn't hurt, so that the "close by" option was only available after the other person had chatted with you and enabled it for your profile, and could revoke it if someone went creeper.

      1. Pascal Monett Silver badge

        I don't think I'm overstating the difficulty. It's not because, once one guy has hacked the system he can sell his knowledge, that the system is easy to hack. I might have been able to figure out the Tinder distance hack, if I had any interest in coding on mobile phones, as well as a use for that particular app, but it would certainly have taken me a while. Joe Average is not going to do it.

        As for your refinement of the category idea, I like your point. Indeed, there is no need to recalculate once the answer has been given. And good point as well that users should have some sort of control over whether they wish for that data to be available or not.

  5. Winkypop Silver badge

    Two grand?

    “Our customer’s safety is very important to us, about 2 grands worth actually”

    1. Anonymous Coward
      Anonymous Coward

      Re: Two grand?

      Wow, yeah that's a crap bounty for a precise location bug under professional disclosure.

      But we are talking about Bumble here not Goldman Sachs.

  6. PRR Bronze badge

    > only accurate to within a mile – hardly sufficient for stalking

    A mile in Hong Kong? Or a mile in Steuben Maine USA?

    In the dense part of Steuben we have a house every 0.04 miles (~~25/mile). On the main highway it may be over a mile between houses. And the houses are along the roads, no point beating the woods for a Tinder/Bumble stalkee.

    1. jtaylor

      "no point beating the woods for a Tinder/Bumble stalkee."

      Oh, but those are the best ones!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like