You may be hiding your location or distance on any of a multitude of dating, hook-up, or other social location based applications, but the people around you are revealing your location to anyone who knows where to look!

Not too long ago the popular gay “hook-up” app Grindr was criticized for broadcasting their users’ distances from other users in plain text, without authentication, down to the millimeter. While, this may not seem like a big deal at first glance, with a technique such as “trilateration“, one could locate any user of the app down to mere feet or even inches.  Grindr has not been the only app to do this or something similar — practically every app that shows nearby users, either explicitly broadcasts the GPS coordinates of their users, or indirectly reveals their users’ locations by revealing details like users’ distance from a known location, or other user.

In response to safety and privacy concerns, Grindr now allows users to “opt-out” of showing their distance from other users, they even go as far as removing the distance field itself from the REST API responses of the application.  Many other applications have adopted this exact method, and some have taken additional steps to maintain user location anonymity.  These changes may make trilateration or multilateration difficult or impossible, but still do not hide users’ locations.  Due to the accuracy issues inherent to the trilateration algorithm, the following method may even make a more accurate position fix possible in some cases!

The key to the method I will be discussing is the ordinal listing of users from nearest to farthest, as well as the non-hidden distances of other users from one another.  With just that information all users can be located to within a few meters or fewer, depending on time and the amount of positional data collected.

Let’s take a look at a typical, but hypothetical, API response from a social location app:

Image of hook-up API response text

In the above API response, each user is identified by an “id” field, with the “distance” field representing how far each user is from the person requesting the list.  You will also notice that the users are listed from nearest to farthest, which is the convention for most if not all “hook-up” apps.  Two of the users have chosen not to disclose their distance information to maintain their privacy.  Despite these efforts their positions can still be found!

When you view another user’s profile and it shows that they are 5 miles away, those 5 miles could be in any direction.  If you were to draw a circle around your current position with a radius of 5 miles you can be assured that the user is somewhere within that area.  Taken further, if you start checking the profiles from nearest user to farthest, and you see that:  “user1” is 4 miles away; and the next user, “user2”, has hidden their distance; but the user immediately after the hidden user, “user3”, is 6 miles away — you can safely assume that “user2” is somewhere between 4 and 6 miles away, in any direction.  If you were to do that at different known positions, simply recording the distances of the users before and after a user, who has hidden their distance information, you would end up with an image similar to the one below:

Several red circles showing user location radii

The red filled-in circles are the areas covered by the users who appear before the hidden user.  I have chosen to fill them in with red, because they represent where we know the user is not located.  Since the users are listed in order nearest to farthest, we can surmise that the hidden user will not be located in the red shaded area since they are located some distance greater than the user listed before them.  The blue circles represent the distance information of the user who appears after the hidden user, which tells us that the hidden user is definitely somewhere inside of the blue circles, using the same logic as before.  If we consider only areas within the blue circles that are not covered with red, we are left with something like the image below:

Image shows purple letter X in between red covered circles

The purple “X” represents the actual location I used to create the user data for this demonstration, which after a little bit of zooming can be seen within the only area both inside of the blue circles and not covered by red.

You can now see that using only the distance information of other less private users from known GPS coordinates, we were able to determine a “hidden” user’s location to within 10 meters, with just 5 known location coordinates!  Keep in mind that while this is a somewhat idealized example, if we were to make several more requests at other locations, we would increase the number of circles and potentially the accuracy of the hidden user’s location.  Even if several users in a row have hidden their locations, this method still works to individually locate them, all that you need is a known distance from a known point, before and after the person you want to find!  You may also have noticed that the largest circle in the one image above has a wider distance between the blue and red circles than the others.  That is because when I got to that position I ended up with the “hidden” user of interest, and the user immediately after them being “hidden” as well, widening the gap, but barely hindering the method.

This may all seem very complicated, but with intermediate programming, reverse engineering, and math skills it can be implemented and automated for any application API in a day or so.  A person could collect the position data of thousands to millions of users in less than that time, or a subset of users in real-time, depending on API limits and connection speeds (a discussion for a different post).

Developers have tried many different approaches (a discussion for another post) to combat location/position disclosure.  One of the most popular, which usually works well is to report user distances with low precision by rounding to the nearest whole number, such as 1 mile, which could mean 1.3 miles or 0.89 miles away.  However, this technique can also be defeated with a few small modifications to the method presented here.  Another method would be to not list users in order from nearest to farthest, which would make using the app to find nearby “hook-ups” at best confusing and at worst unusable.

The only truly secure way to protect user locations would be to not report distances at all, but to instead take the approach of a few applications which list users by area, such as town or city — or any other type of arbitrary grouping method.

You can choose to hide your distance or location for whatever reason, but unless everyone around you chooses to do the same, your fellow application users are helping to disclose your position, despite your best efforts!