Privacy Concerns in Popular Dating Apps: A Deep Dive into Trilateration Risks
A recent investigation conducted by researchers from KU Leuven University in Belgium has revealed significant vulnerabilities associated with six prominent dating applications. According to a report from TechCrunch, these platforms—Hinge, Happn, Bumble, Grindr, Badoo, and Hily—are susceptible to malicious users who can utilize trilateration techniques to determine the approximate location of other users. This alarming discovery has prompted some apps to enhance their security protocols as outlined in the published research paper.
Understanding Trilateration and Its Implications
The term “trilateration” refers to a method involving three reference points used for calculating distances within GPS technology. The six dating applications identified fit into one of three trilateration categories: “exact distance trilateration,” which allows pinpointing a user’s location within a 111m by 111m square (at the equator); “rounded distance trilateration”; or “oracle trilateration,” where radius constraints are applied much like intersecting circles on a Venn diagram.
Classification of Vulnerabilities Among Dating Apps
The findings indicate that Grindr is prone to “exact distance trilateration,” while Happn falls under the category of “rounded distance trilateration.” The remaining apps, including Hinge and Hily—despite attempts to obscure user distances—are classified within “oracle trilateration.” Karel Dhondt, one of the researchers leading this study, explained that an attacker could potentially narrow down another user’s location to as close as “2 meters” through oracle trilateration techniques. This involves making educated guesses about someone’s locale based on their profile and then moving systematically until they establish proximity among multiple positions.
Industry Responses and User Control Measures
Bumble’s Vice President for Global Communication Gabrielle Ferree emphasized that they have swiftly addressed concerns related to their distance filters since last year. In parallel, Dmytro Kononov, co-founder and CTO at Hily acknowledged that while an investigation showed there could be potential for exploiting this vulnerability through trilateration methods, actual successful attacks were deemed impossible.
Kikam Ben Adelmalek—the CEO of Happn—mentioned they engaged in discussions with Belgian scholars about these findings. He pointed out that additional protective measures against access via triangulation had not been factored into their assessment process.
Grindr’s Chief Privacy Officer Kelly Peterson Miranda reminded users that they have control over what locational information is displayed on their profiles; moreover, individuals can deactivate visibility for whereabouts if desired. Meanwhile,Hinge did not provide comments regarding the situation when approached.
Tackling Fake Accounts for Enhanced Safety
Apart from enhancing geographical privacy features, various dating services are taking further actions against fraudulent accounts or spam bots. For instance,Tinder implemented new identity verification protocols earlier this year in several countries—including the US and UK—that mandate users submit both an official identification document (driver’s license or passport) alongside a video selfie during registration processes.
Update – July 31 at 7:55 PM ET: This article was amended to clarify statements relating Badoo’s response; Gabrielle Ferree’s comments essentially cover all brands owned by Bumble.
Source
