Back to news

There’s no morning-after pill for using dating sites without encryption

March 20, 2018    |    Cyber Security    |    Lauren Elkins

Swipe right if you’re attracted to cyber threats.

If you use Tinder, which touts itself as “the world’s most popular app for meeting people,” you might expect that it encrypts its data. I mean, as you use the app, you’re rejecting people over and over again. That’s sensitive stuff. But what if the stranger sitting at the coffee table on your right is watching your mobile-app dating escapades? All they need to do it is to be on the same public WiFi.

Researchers at the security firm Checkmarx publicized how your Tinder actions can be hacked. You may not be giving up credit card information or handing over your social security number, but the company that runs the globally popular app should be accountable for basic privacy practices.

How can the hacking happen? According to Checkmarx, the problem lies in the profile pictures lacking basic HTTPS encryption. With an app that’s driven by visual judgment, that’s a big deal. Every profile you look at, you check out their pictures.

A user on the same WiFi network as any Tinder user (iOS or Android) can potentially see each photo the user sees. They can even inject their own images into the Tinderer’s photo stream. The Checkmarx “researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.” Would you want the world to know your Tinder tastes?

The media company The Hustle did some digging on other dating apps and found problems with another popular player: Grindr. In addition to issues with unencrypted photos, this one also leaks all up and down the plumbing system in that it allows third parties to “track the app users’ location down to the foot, even if they opt out of location sharing in the user settings.”

Almost a year ago, we hit the landmark of encrypting half of the internet. More likely than not, the pages you visit are coming to you via HTTPS rather than HTTP. This matters and it’s not just for situations where snoopers can watch you swipe around Tinder. HTTPS also helps block, to an extent, internet service providers and the government from seeing what you’re reading and posting on the web.

Have you moved your business site to HTTPS yet? What about your mobile apps? As more and more business and personal sites convert over, the ones who haven’t will be flagged. In fact, web browsers are making it more obvious and noticeable when you’re on sites that aren’t encrypted. Make sure you’re sending the right message to your customers: that you can be trusted.

Better Safe Than Sorry