On the App Store many location based apps help you to get in touch with people that you don’t know yet. By using a mobile dating app, for example, you can see the nearby people that you may want to meet.
If somebody knows that you are nearby, thanks to some easy tricks there is a chance he can also find out exactly where you are. Finding where someone is seems to be difficult, since a group of users close to target person have to share the information about where she is.
This procedure can also be done automatically by creating and using fake users. Our experiments on a real mobile dating app show that you can find the position of the target person in a few seconds.

This leads to some further implications:
  • Given a specific place, it is possible to find which users are actually at that location.
  • Given a specific target user, it is possible to find her location independently from where she is.
  • It is also possible to follow and track her displacements in time.
We didn’t violate or hack any system. We simply communicate with the server pretending to be a real user. We showed that current location based dating apps fail to protect your privacy. This is true for many location-based apps. Technical solutions to offer a much higher level of privacy exist and should be applied. For example, the ones used in EveryWare Technologies’ PCube app (pcube.everywaretechnologies.com).

Do you plan to release the "Stalking Machine" software?

"Stalking machine" has been developed to study and show the weaknesses of current location based dating services. It can harm the users' privacy and thus it will not be released to the public.

Is there any way to safely use location based dating services?

Different location based dating services are vulnerable to attacks like the one shown in the video. However, other services never report the user's exact position, but only a generalized one (the ZIP code, for example). Using these services it could be impossible to discover the exact user's position through an attack. Still, other privacy problems may arise. For example, it could be possible to discover the ZIP code where a user is located, even if she/he is not close by. Moreover, keep in mind that service providers obtain and usually store on their servers your precise location and not all of them are trustable in the use they will make of your data and on the protection they have on their servers.

So, is there any safe location based service?

There are some location based services that follow the "privacy-by-design" principle. For example, PCube (developed by EveryWare Technologies) is a location based friend-finder that adopts advanced cryptographic techniques to protect user's privacy and allows users to finely tune their privacy preferences. We are not aware of any location based dating service that offers a similar privacy protection.

If you have any question

Feel free to contact us by email at info@ew-tech.it.

This video is based on research conducted by:

EveryWare Lab, University of Milan - EveryWare Technologies, spin-off of University of Milan

The Stalking Machine software has been developed by:

Laser Lab, University of Milan

Video design and production by:

EveryWare Technologies, spin-off of University of Milan

Andrea Battaglia

Mattia Di Mauro

With partial support by the "Enforce" research project

Enforce logo

This video features the song
“Drops of H2O (The Filtered Water Treatment)"

by J.Lang / CC BY 3.0

Main voice: Alessia Rossi