NDTV Gadgets reports that an unknown person has sent warnings to thousands of Grindr users in countries with anti-gay laws. The tipster warns that the user’s exact location or address can be triangulated, putting them at risk of being found by authorities or gay-bashers.
The anonymous spammer, who is presumably acting altruistically, includes links to a Twitter account, YouTube video and Pastebin text dump, which contain more information. He or she claims to have used a secondary flaw to be able to send messages to over 100,000 users in 70 countries with anti-gay laws. The messages and posts express concern that Grindr users might be targeted, persecuted or even murdered. Homosexuality is punishable by death in several countries and violence against LGBT people and those who support them is routine and even encouraged in many places, which makes users extremely vulnerable. According to the Pastebin dump, “officials at Grindr have been informed several times within the past months about these issues, which would seem to imply that the concept of ‘social responsibility’ is lost upon Grindr” (sic). “Knowing that Grindr-Users in countries such as these are being put unnecessarily at a high risk should be reason enough for Grindr to change its system,” the author continues. The location data is allegedly so accurate that someone exploiting the flaw would be able to tell “if you were using Grindr in the bathroom or on the couch”. While the app only shows users the distance between them and other users, specific location data can be extrapolated by querying Grindr’s servers from three different places and triangulating the information received. This process can also be automated using commonly available tools, and the resulting coordinates can be overlaid on a map.
Grindr has responded to Pink News:
Grindr told PinkNews via email: “We don’t view this as a security flaw. As part of the Grindr service, users rely on sharing location information with other users as core functionality of the application and Grindr users can control how this information is displayed. “For Grindr users concerned about showing their proximity, we make it very easy for them to remove this option and we encourage them to disable ‘show distance’ in their privacy settings. “As always, our user security is our top priority and we do our best to keep our Grindr community secure.” Grindr users do have the option of turning off location information. The app has more than five million active users worldwide.
Commenters at Pink News claim that turning off the “show my location” function does not prevent triangulation. In the clip below, the tipster demonstrates how the triangulation can be used.