A website that allowed Gindr ’s homosexual - dating app user to see who blocked them on the overhaul says that by using the company ’s API it was able-bodied to view unread subject matter , email address , deleted photos , and — perhaps most troubling — position data , harmonise to a report published Wednesday .
The website , C*ckblocked , sport of being the “ first and only room to see who blocked you on Grindr . ” The website ’s owner , Trever Faden , recount NBCthat , by using Grindr ’s API , he was able to access a wealth of personal selective information , include the emplacement data of users — even for those who had choose to hide their positioning .
“ One could , without too much difficulty or even a huge amount of technological skill , easily pinpoint a user ’s accurate location , ” Faden told NBC . But before he could access this information , Grindr users first had to supply C*ckblocked with their usernames and countersign , think of that they voluntarily surrendered access to their account .
Grindr pronounce that , once advise by Faden , it moved promptly to conclude the issue . The API that allowed C*ckblocked to officiate was patched on March 23rd , according to the website .
Faden ’s discovery underscores the risk users take by signing into third - party web site using social media credentials , which is notably a common practice among Facebook users . Facebook , of course , isembroiled in an international scandalat the moment over a leak of data belong to at least 50 million Facebook substance abuser . That incident stem from an online quiz tie to Facebook describe that users voluntarily fill out online .
Tod Beardsley , director of research at the Boston - based software firm Rapid7 , noted that data point apps broadly ask users to cede with child quantity of personal data .
“ Regardless of any third - company ’s promise or guarantee , provide a username and password to a third party mean just that : you have hand over your credentials to a third political party , who will be capable to access your account , up to and including data that may not be bring out in the normal interface , ” said Beardsley .
While the potentiality trace by Faden may be shocking , he added , “ it all depend on first collecting a legitimate user ’s data directly through incitation or trickery . ”
Not everyone harmonise that it ’s incumbent on users alone to protect themselves from such exercise .
Cooper Quintin , a surety research worker with the Electronic Frontier Foundation , told NBCthat Grindr was “ cast masses ’s lives at hazard , ” noting there are “ a million reasons why you might not want someone to find your location through Grindr . ”
In Egypt , for example , where homosexuality is criminalized through natural law that deem “ base ” behavior illegal , Grindr usershave been arrested by secret policeand gaol .
[ NBC ]
PrivacySecurity
Daily Newsletter
Get the good tech , science , and culture news in your inbox daily .
word from the future tense , render to your present .
You May Also Like
