Phòng gay chat
Bạn đang xem: Phòng gay chat
A few days ago, I warned my wife that the experiment I was about to engage in was entirely non-sexual, lest she glance over my shoulder at my iPhone. Then I installed the gay hookup tiện ích Grindr. I set my profile photo as a cat, và carefully turned off the "show distance" feature in the app's privacy settings, an option meant to hide my location. A minute later I called Nguyen Phong Hoang, a computer security researcher in Kyoto, Japan, and told him the general neighborhood where I live in Brooklyn. For anyone in that neighborhood, my mèo photo would appear on their Grindr screen as one among hundreds of avatars for men in my area seeking a date or a casual encounter.
Within fifteen minutes, Hoang had identified the intersection where I live. Ten minutes after that, he sent me a screenshot from Google Maps, showing a thin arc shape on top of my building, just a couple of yards wide. "I think this is your location?" he asked. In fact, the outline fell directly on the part of my apartment where I sat on the couch talking lớn him.
Hoang says his Grindr-stalking method is cheap, reliable, and works with other gay dating apps lượt thích Hornet & Jack'd, too. (He went on lớn demonstrate as much with my chạy thử accounts on those competing services.) In a paper published last week in the computer science journal Transactions on Advanced Communications Technology, Hoang và two other researchers at Kyoto University describe how they can track the phone of anyone who runs those apps, pinpointing their location down to a few feet. & unlike previous methods of tracking those apps, the researchers say their method works even when someone takes the precaution of obscuring their location in the apps’ settings. That added degree of invasion means that even particularly privacy-oriented gay daters---which could include anyone who perhaps hasn't come out publicly as LGBT or who lives in a repressive, homophobic regime---can be unwittingly targeted. "You can easily pinpoint & reveal a person," says Hoang. "In the US that's not a problem
A map showing a basic trilateration attack, in which learning the distance from three points to a target allows the victim "V" to be pinpointed.
The Kyoto researchers’ method is a new twist on an old privacy problem for Grindr và its more than ten million users: what’s known as trilateration. If Grindr or a similar phầm mềm tells you how far away someone is---even if it doesn’t tell you in which direction---you can determine their exact location by combining the distance measurement from three points surrounding them, as shown in the the image at right.
In late 2014, Grindr responded to security researchers who pointed out that risk by offering an option to lớn turn off the app’s distance-measuring feature, and disabling it by default in countries known lớn have “a history of violence against the gay community,” lượt thích Russia, Egypt, Saudi Arabia & Sudan. Hornet and Jack’d have options lớn obscure the exact distance between users’ phones, adding noise to obscure that trilateration attack.
The lingering issue, however, remains: All three apps still show photos of nearby users in order of proximity. And that ordering allows what the Kyoto researchers hotline a colluding trilateration attack. That trick works by creating two fake accounts under the control of the researchers. In the Kyoto researchers' testing, they hosted each tài khoản on a virtualized computer---a simulated điện thoại thông minh actually running on a Kyoto University server---that spoofed the GPS of those colluding accounts’ owners. But the trick can be done almost as easily with android devices running GPS spoofing software lượt thích Fake GPS. (That's the simpler but slightly less efficient method Hoang used to pinpoint my location.)
To respond lớn Grindr's obscuring of the exact distance between some users, the Kyoto researchers' used a "colluding" trilateration attack. They spoofed the location of accounts under their control và placed those fake users in positions that reveal narrow bands in which the victim "V" must be located.
Xem thêm: Game Chiến Thuật Tào Tháo Truyện Hd Cho Android, Tao Thao Truyen
By adjusting the spoofed location of those two kém chất lượng users, the researchers can eventually position them so that they’re slightly closer và slightly further away from the attacker in Grindr's proximity list. Each pair of nhái users sandwiching the target reveals a narrow circular band in which the target can be located. Overlap three of those bands---just as in the older trilateration attack---and the target’s possible location is reduced khổng lồ a square that’s as small as a few feet across. "You draw six circles, and the intersection of those six circles will be the location of the targeted person," says Hoang.
Grindr's competitors Hornet and Jack'd offer differing degrees of privacy options, but neither is immune from the Kyoto researchers' tricks. Hornet claims lớn obscure your location, and told the Kyoto researchers that it had implemented new protections lớn prevent their attack. But after a slightly longer hunting process, Hoang was still able to identify my location. And Jack'd, despite claims to lớn "fuzz" its users' locations, allowed Hoang to lớn find me using the older simple trilateration attack, without even the need khổng lồ spoof dummy accounts.
In a statement khổng lồ bommobile.vn responding khổng lồ the research, a Grindr spokesperson wrote only that "Grindr takes our users safety extremely seriously, as well as their privacy," & that "we are working lớn develop increased security features for the app.” Hornet chief technology officer Armand du Plessis wrote in a response khổng lồ the study that the company takes measures lớn make sure users" exact location remains sufficiently obfuscated to protect the user’s location." Jack'd director of kinh doanh Kevin Letourneau similarly pointed khổng lồ the company's "fuzzy location" feature as a protection against location tracking. But neither of the companies' obfuscation techniques prevented Hoang from tracking bommobile.vn's test accounts. Jack'd exec Letourneau added that "We encourage our members to lớn take all necessary precautions with the information they choose to lớn display on their profiles và properly vet people before meeting in public."1
Hoang advises that people who truly want to protect their privacy take pains to lớn hide their location on their own.
The Kyoto researchers' paper has only limited suggestions about how to solve the location problem. They suggest that the apps could further obscure people's locations, but acknowledge that the companies would hesitate khổng lồ make that switch for fear of making the apps far less useful. Hoang advises that people who truly want to lớn protect their privacy take pains to hide their location on their own, going so far as khổng lồ run Grindr và similar apps only from an apk device or a jailbroken iPhone with GPS spoofing software. As Jack'd notes, people can also avoid posting their faces to lớn the dating apps. (Most Grindr users do show their faces, but not their name.) But even then, Hoang points out that continually tracking someone's location can often reveal their identity based on their address or workplace.
Even beyond location leaks, the Kyoto researchers found other security problems in the apps, too. Grindr và Jack'd both fail lớn encrypt data that reveals the user is running the app by name, leaving that sensitive data open to any snoop on the same Wi-Fi network. Grindr, according to their paper, fails to lớn even encrypt the photos it transmits to & from phones.
All these bugs & leaks, Hoang says, likely aren't limited khổng lồ gay dating apps. The location tracking attack in particular would seem to lớn work with any tiện ích that lists users' locations in order of proximity. Tinder also tracks users' locations, for instance, though the one-photo-at-a-time interface it shows daters instead of Grindr's page full of ordered pictures makes a colluding trilateration attack more difficult, Hoang says.
But Hoang says the Kyoto team focused on gay dating apps in part because of the vulnerability of the LGBT population lớn online surveillance. Their paper points to Syrian gay men lured into "dates" by members of ISIS, who are then arrested và stoned lớn death. In Russia, too, gay men have similarly been trapped & beaten by thugs in countless incidents. For the global LGBT community, they write, it's no hyperbole khổng lồ state, as Apple's openly gay CEO Tim Cook did last year, that "privacy is a matter of life & death."
Andy Greenberg is a senior writer for bommobile.vn, covering hacking, cybersecurity và surveillance. He’s the author of the new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. His last book was *
Chuyên mục: Tin Tức
