News
White House Staffer Seeking Threesomes, According to Data Leak
And Grindr is still leaking your location data.Â
August 09 2019 9:43 AM EST
May 31 2023 7:05 PM EST
By continuing to use our site, you agree to our Private Policy and Terms of Use.
And Grindr is still leaking your location data.Â
Did a hookup app just prove there are White House staffers looking for threesomes?
Technology experts at Pen Test Partners say they were able to hack data from users of the app 3fun and found the software in use by one individual in the White House. Similarly, users could be tracked to the U.S. Supreme Court and to 10 Downing Street, the home of the United Kingdom's prime minister.
An explanation of how the data was obtained was published in a detailed blog post Thursday. Writer Alex Lomas acknowledged it's possible tech-savvy web users could have manipulated the data to make it appear their locations were close to seats of power.
The focus of the post wasn't on the technology-enhanced sex habits of Supreme Court law clerks, but on the continued issues with leaked data and hookup apps.
That includes the ready release of personal information allowing users of Grindr and Romeo to be tracked down from great distances.
"We think it is utterly unacceptable for app makers to leak the precise location of their customers in this fashion," Lomas wrote. "It leaves their users at risk from stalkers, exes, criminals, and nation states."
While the differentiating features for such apps involve the ability to locate other nearby users, developers have faced calls to address flaws in the technology that allows people to access private data and to find the precise location of users from significant distances and then target them.
Pen Test Partners wrote a separate blog post demonstrating how the mathematical technique trilateration can be used to pinpoint the precise location of users all over the world, including in nations with laws hostile to LGBTQ people. The technology team there looked at data from Grindr, Romeo, Recon, and 3fun. An estimated 10 million users were mapped around the world
Recon responded to the information by saying it patched the problem.
Grindr told the BBC users could "hide their distance information from their profiles." The company also said it automatically does this in countries that persecute gay men, and said any users could hide their distance information. The Pen Test Partners mapping, while showing thousands of users in London, found fewer users in the country of Saudi Arabia, where homosexuals can be stoned to death, but there were still app users visible throughout that nation and the Middle East.
Romeo said it has a setting to turn precise geolocation off, though users must dig deep into the app to find it. But Pen Test Partners said there are easy ways around the data obfuscation techniques employed by Romeo.
Ultimately, the 3Fun app showed the most vulnerability, something the hackers described as a train wreck.
Pen Test Partners was able to download personal photos from users' phones. It was also able to discover demographic data about users, such as discerning about four times as many straight men use the app as straight women.
Ultimately, the security problems showed significant privacy issues that the company developers have yet to address.
"The trilateration and user exposure issues with Grindr and other apps are bad," Lomas wrote. "This is a whole lot worse."