I remember the early days of Tinder when they would allow unauthenticated API calls from anywhere and returned location information accurate to a few feet.<p>This doesn't seem like much has changed.
While no app should ever leak data, I'm skeptical of a lot of those "concerns". Effort / effect seems to be in a non-practical area to justify even an attempt at data-snooping.<p>In general reading infosec news it might seem that everything these days is so insecure and vulnerable to the point where "if you have something valuable to anyone else they'll get it eventually" might seem to be mostly true.<p>On the other hand in real news on the individual level of hacks (not speaking of viruses and the like here) there's almost never anything apart from the occasional "dumb" hack with nothing more sophisticated than a guessed or fished password for instance, without any further effort giving the hacker access to a trough of invaluable data.<p>I don't understand this discrepancy, can someone with the know in the security industry say if anyone without "top secret" data or not being a VIP character even bother about the "concerns" raised in most instances, apart from following basic security practices, i.e. updating often, using strong passwords, not entering data to phishing sites?
While the images over HTTP seems really trivial to fix and can be considered as a "big mistake" from the devs, the other point in this article about the number of bytes is trickier: wondering if any other HTTPS traffic could be "guessed" like that (likes on facebook or instagram? ...), any other known case of that kind? how would one protect against that?
I'm not interested in their product, but if I were, I think the thought of the amount of intimate data that Tinder collects from its users would keep me well away.
I vote the URL be changed to <a href="https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/" rel="nofollow">https://www.wired.com/story/tinder-lack-of-encryption-lets-s...</a> which has a better write up and doesn't have infuriating scroll behavior
I think that it’s possible they realize privacy concerns are not foremost in the minds of people looking to hook up with perfect strangers. I would guess that “random hookup” and “serious about security” will tend to be mutually exclusive.