After claims that Egyptian police used gay hook-up apps to track down gay people and arrest them in 2014 (penalty for same-sex sexual activity in Egypt can lead to imprisonment for up to 17 years), Grindr, the mother of all sex hookup apps, took measures to keep its users safe.
The company revealed that “any user who connects to Grindr in these countries will have their distance hidden automatically by default, which include Russia, Egypt, Saudi Arabia, Nigeria, Liberia, Sudan and Zimbabwe.” It also added a feature in which users from all other countries can hide their location by going to “settings” and turning the “show distance” feature off, in case they wish to hide their location data.
The incident was brought to light by security firm Synack on a 2014 case-study exposing Grinder’s vulnerabilities. The report showed how easy it was to pinpoint the location of an app user, by a method called trilateration, which of course, affects all mobile social networking apps with geo-location functionality, like Scruff, Jack’d and Hornet. Trilateration is the “process of determining absolute or relative locations of points by measurement of distances using the geometry of circles,” and it can be done by just about anybody with a little high-school geometry.
Researchers at the Graduate School of Informatics of Kyoto University in Japan have recently tweaked the trilateration method and were able to track down Grindr users even if their “show distance” feature was disabled, as they wrote in a paper entitled “Your Neighbors Are My Spies: Location and other Privacy Concerns in GLBT-focused Location-based Dating Applications,” and published last week.
The new, fancier name of the method is colluding-trilateration, and it is just as simple: to calculate users positions, researchers used two fake accounts on two different Android OS-running machines and created “fake-GPS so that their positions can be freely set to any corner of the world.”
To prove their point, they were able to tell, within 15 minutes, the exact Brooklyn location from where Wired Magazine’s Andy Greenberg was using the app, as he reported for the magazine. Greenberg then reached out to Grindr to let the company know about the new findings, but said the response was vague, and that the spokesperson to the largest gay mobile app community in the world (two million daily active users in 196 countries) simply told him that “Grindr takes our users safety extremely seriously, as well as their privacy,” and that “we are working to develop increased security features for the app.”
Greenberg also contacted representatives of Jack’d and Hornet, which were also mentioned on the Kyoto researcher’s papers, and who said they take different measures to ensure their users privacy, although “neither of the companies’ obfuscation techniques prevented [Kyoto University researcher] Hoang from tracking WIRED’s test accounts.”
Another popular app also acknowledges the limitations of location-based apps, and the problems they might bring to users in countries where sex between gay men is criminalized. SCRUFF, considered by many as the bear version of Grindr, launched the SCRUFF Gay Travel Advisory (GTA) earlier this year, a guide for men living in or traveling to those countries. As of its last update in April of 2016, GTA had 86 countries listed.
Privacy concerns are hardly a new issue. In 2013 a study called “Grindr Application Security Evaluation Report” conducted by the Graduate School of Informatics at the University of Amsterdam reported that “serious flaws were discovered, which threaten the privacy and account security of Grindr’s users.” But with the increase in popularity of GPS-based hook-up apps, failure in protecting users can sometimes mean a jail sentence, or even death, for gay men who are just looking for some quick fun.