It is Still Possible to Obtain the Exact Location of Millions of Men on Grindr
After 5 years of controversies, and in contrast to what Grindr claims, it is still possible to obtain the exact location of millions of cruising men on Grindr. It is also possible to collect their body type, sexual position and HIV status. To protect the LGBTQ+ community, Grindr needs to step up its game.
@Seppevdpll // Blog // September 13th, 2018 //
When an acquaintance told me that he had built a computer program to locate Grindr users on an interactive map, I thought that he had hacked into the company’s private servers. However, soon I learned that anyone can do the same, within a few minutes, and without any coding experience. Because Grindr the between yourself and other users, it is relatively easy to let a computer virtually approach these users from different sides, w their exact location. Desktop applications designed to do so are publicly available online1, and give anyone access to a virtual map, on which you can travel from place to place, from city to city, and from country to country, while seeing the exact location of cruising men that share their distance online.
Mapping Queer Communities
The technique used to locate Grindr users is called ‘trilateration’. Hereby, the distance towards a certain user is measured from three (or more) virtual points nearby them. This can be done by making a call to Grindr’s server, which is accessible via an API (Application Programming Interface)2. After having obtained the distance between users and the three virtual locations nearby them, it is simple to find out where they are located. One only has to calculate where the distances intersect with each other. Computer applications do this automatically and can find the exact location of 600 Grindr users per request within seconds3. Because multiple requests can be made, it is possible to scrape for information about a large amount of users. One can, for example, create a database and collect information about all Grindr users in Amsterdam, with their location saved every minute, during a week-long time period. These users can then be pinpointed on an interactive map, together with their profile name, photo, age, height, weight, ethnicity, body type, tribe, relationship, sexual position and HIV status.
Besides mapping queer communities, it is also possible to search for the location of an individual user, even if you have no idea where this user is at that particular moment. After you have interacted with a user, for example through a chat message, you can continue to geolocate them later, whenever they share their distance online. As an experiment, a friend allowed me to track him during a Saturday night out. While sitting behind my laptop, I could see in which restaurants he was eating, in which cafes he was drinking, and in which nightclubs he was dancing. I could also see that he went to the gay sauna at 1 a.m. and then slept at a stranger’s house at 3 a.m. By making it so easy to track individuals with precision, Grindr makes its users extremely vulnerable to harassment and stalking.
To make things worse, it is also possible to locate Grindr users in countries where gay men are prosecuted and repressed. After security vulnerabilities had been revealed in 2014, Grindr disabled the distance function in some homophobic countries, such as Russia, Nigeria, Egypt, Iraq and Saudi Arabia. However, it is still possible to locate users in many other countries, such as Algeria, Turkey, Belarus, Ethiopia, Qatar, Abu Dhabi, Oman, Azerbaijan, China, Malaysia and Indonesia. The governments of these countries heavily repress LGBTQ+ people and can easily exploit this vulnerability to blackmail individuals or to surveil queer communities. In some of the mentioned countries, homosexual men risk a prison sentence of 14 years or more, and it seems irresponsible and unjustifiable that Grindr enables anyone to obtain the exact location of their users in such environments.
In a recently released statement, Grindr claims that malicious parties cannot obtain information that is transmitted via their app. Grindr would protect its users with ‘industry leading technology‘, and the company would provide an extra layer of security by obscuring the exact locations of individual users. ‘The location used by Grindr is more akin to a square on an atlas – not exactly where you are‘. However, a simple test reveals that this square is smaller than you might expect, and certainly not protecting users from being located with precision. With the use of trilateration, I was able to locate users with a deviation of five to ten meters. But it was also possible to locate users even more accurately, by comparing the outcomes of several trilateration sessions. By doing so, and within a few seconds, I was able to locate cruising men with an accuracy of two to five meters, which is very precise, and accurate enough to determine in which house and room users are located. The reason why these locations can be determined so precisely, is that Grindr uses a geohash4 of 12 characters to locate users, which equals to a ‘square on an atlas‘ of 37×18 centimeters.
In another attempt to provide protection, Grindr introduced the ability to hide your distance from other users. However, researchers from Kyoto University revealed (2016) that it is still possible to locate users, even if they have disabled their distance on Grindr. This is possible because users are displayed left-to-right and top-to-down in an ascending order, regardless of whether they have disabled their distance function or not. The researchers found that ‘as a result, the region in which the victim is located is easily obtained by employing the trilateration model again, but with two circles drawing from the adversary to the two nearest neighbors‘. Of course, this trick does not work in remote areas, or in countries where everyone hides their distance for safety purposes. However, the same researchers found that even when all local members hide their distance, attackers can still geolocate users, by sandwiching them between fake accounts which are specifically designed for this purpose.
Many of the previously described flaws (or ‘features’) have been addressed in the past. The first reports date back to 2014, and after that, controversies followed in 2015, 2016, 2017 and 2018. However, it seems that until today, Grindr has not taken the privacy and security of its users seriously. Anyone can still use Grindr’s servers to collect the location, sexual position and HIV status of cruising men, and if ensuring safety and security is really of ‘paramount importance’ to Grindr, the company should take some radical measures against this. The first thing Grindr can do, is disable the distance function of its users by default. Sharing your exact location with anyone in the world should no longer be the standard, especially in countries that clearly promote homophobia. A second step that Grindr can take, is limit the accuracy of the measured distance between users5. This will create more uncertainty about their exact location. Thirdly, the speed and magnitude of location changes can be limited, to protect users against trilateration techniques and measurement from arbitrary points. To prevent data harvesting on a large scale, Grindr should also protect its API, by limiting the amount of information that can be requested.
To conclude, Grindr should be more explicit about the ways in which information shared by users can be obtained and processed by third parties. When users enable the option to share their distance on Grindr, they do not expect that this can be used to obtain their exact location. And when users share their sexual position or HIV status in their profile, they do not foresee that anyone can collect this information via Grindr’s servers. It is thus crucial that Grindr informs their users about the dangers they might face. Not in an obscure part of its helpdesk, but right away in Grindr’s interface, and from the moment people start to share their information.
Until Grindr has fixed its problems, the best advice is to install a fake-location app, and spoof your location to a place nearby. By doing this, adversaries might still be able to globally identify in which neighborhood you live, but at least they will not find out in which house you stay, or in whose bed you sleep.