Tinder encryption glitch means strangers can see which way you swipe

There were times where we used to ask whether people met at bars, through mutual friends, or even on the bus.

But now, we’re far more likely to pivot the question around whether we met that significant other on Tinder, Grindr, She or even OkCupid.

And while times may be a-changing, one concern has haunted our romantic minds since the dawn of time: does the person I like like me back?

Well, thanks to a bug on Tinder, it’s actually quite easy to find out – and it’s more worrying than heartwarming.

As the Tinder app lacks basic HTTPS encryption for profile pictures, anyone using the same Wi-Fi network as you can see the same profiles you come across on the app, reports The Independent.

Through this, the app produces specific patterns of bytes that are recognisable even in encrypted form.

A left swipe is represented as 278 bytes, a right swipe is 374 bytes and a match shows up as 581 bytes, the researchers say.

And if these security flaws are exploited, it might not just be your romantic interests that are exposed – it might be your personal data too.

“We can simulate exactly what the user sees on his or her screen. You know everything: what they’re doing, what their sexual preferences are, a lot of information,” Erez Yalon, Checkmarx’s manager of application security research, told Wired.

In fact, cybersecurity researchers say an attacker could gather enough sensitive information to blackmail you through the app’s vulnerabilities.


Niiiiiiice.

“We take the security and privacy of our users seriously,” a Tinder spokesperson told The Independent.

“We employ a network of tools and systems to protect the integrity of our platform.

“That said, it’s important to note that Tinder is a free global platform, and the images that we serve are profile images, which are available to anyone swiping on the app.

In the meantime, it’s best to be aware of exactly what you’re sharing on the platform – or of course, you can die alone like the rest of us.