CategoriesInternetPrivacySecurity

Tinder: Three Things You Probably Didn’t Know

It all seems very straightforward. Swipe right if you’re attracted to the person on your screen, swipe left if you’re not. Tinder makes the process of finding someone to date seem easy. Individual profiles take only seconds to scan. In under one hour, you could be matched up with someone available to date you tonight. Yet, there’s more to the app than meets the eye. The inner workings of Tinder’s algorithms might leave you a little surprised.

 

 



Tinder has a “desirability” ranking system.

That’s right, Tinder “scores” your desirability based on several factors. You are shown specific matches first, based on these factors. You aren’t able to retrieve these scores for yourself – but a writer, Austin Carr, from Fast Company, was granted access to his score by Tinder executives. This is what he came away with:

“Every swipe is in a way casting a vote: I find this person more desirable than this person, whatever motivated you to swipe right. It might be because of attractiveness, or it might be because they had a really good profile.” Tinder’s engineers tell me they can use this information to study what profiles are considered most alluring in aggregate.” -Carr, Fast Company

Furthermore, Tinder’s VP of product compares the ranking system to that of a World of Warcraft game. He says if someone with a really high score swipes right on you, that’s going to in turn increase your score too. Just like if a high-level player helps a lower-level player level up in Warcraft.

Your Tinder Data may not be Secure.

Yep, it says so right in their TOS: “We do not promise, and you should not expect, that your personal information, chats, or other communications will always remain secure”. With the onslaught of hacked sites and apps in recent years, it’s no wonder they’re taking this precaution.

Since the launch of Tinder, it has been an attractive medium for data scrapers. Scrapers are automated bots or tools that extract data from websites or apps. With over 50 million users on Tinder, these tools provide valuable data to marketers, research firms and potentially to governments. In fact, there have been multiple instances where scrapers were discovered to have harvested a large amount of data from Tinder.

One developer managed to scrape information from over 40,000 profiles and posted it publicly. The purpose for this massive harvesting of profile data was to train AI to recognize gender based on a person’s facial features. The project was called “People of Tinder” and it has since been removed.

Tinder has a Huge Trove of Data on Every User

Last year, Judith Duportail, a writer at The Guardian, asked Tinder for all of the data they had stored on her. Every European citizen is allowed to request their data from companies using the EU data protection law. It turned out Tinder had 800 pages of data stored on her that included information like education, Facebook likes, conversation history, number of Facebook friends, the age-rank and race of men she was interested in, which matches she’d recycled pickup lines with, who she’d ghosted on, and tons more.

The reason Tinder is able to amass so much information on each user, is because most users sign up through Facebook. When someone uses Facebook to login to any app, that app gets access to likes, location information, friend information, public profile information, and often much more (though some of this access may soon be restricted due to the recent Cambridge Analytica scandal). They also study your behaviors while using the app, and then use that behavioral data to help target matches and advertisements. Many users also link their Instagram accounts to the app, which gives Tinder even more data to harvest.

Now that you know Tinder is just as exploitative as other apps and services that have been in trouble for data-mining lately, will you still continue to use it to find dates?

CategoriesHackingNews

Did Another Hacker Steal NSA Exploits from the Shadow Brokers?

A Twitter user who goes by @1×0123 claims to have stolen the data that The Shadow Brokers hacked from the NSA.

nsa hacker

Gizmodo reached out to the hacker and were unable to verify their claims. However, back in April, NSA whistleblower Edward Snowden, gave them praise for reporting a vulnerability which may lend some credibility.

The hacker says they just need “some money to pay bills and stuff” and offered to share 50% of it with Gizmodo if they wanted to make an offer.

CategoriesInternetPrivacySecurity

How Do SSL Certificates Work?

How do you exchange private data over the internet? Part of the answer lies with SSL certificates. Secure Socket Layer (SSL) certificates work by creating a private line of communication in which allows private data to be delivered.

The main problem with communication and security over the internet is eavesdropping. Others may be able to access the data exchange between your computer and the website’s servers. This is also called a main-in-the-middle attack. SSL certificates are a way of ensuring that no one is able to intercept and decrypt this information.

To better understand how SSL certificates work, let’s imagine a boy is being picked up at the train station for the first time by someone who he’s never met. How can he know for sure to trust the person picking him up? The answer is simple. His parents write a letter signed by them stating they trust that individual. By trusting his parent’s authority, the boy can now trust the person picking him up.

This is quite similar to how SSL certificates work. Web sites can create certificates and have them signed by something called a CA or Certificate Authority. An example includes DigiCert. By having them signed, browsers can then identify website and servers by their certificate. They then know if they can trust them. This is the basic concept of how SSL Certificates help to identify and trust the websites we are communicating with.

What about actually communicating? What if two people want to talk in that same train station without worrying if someone else is listening? The answer lies with keys. To illustrate the concept of keys and how they help with encryption, imagine each of the two people have a box and a set of keys. The keys are labeled private and public. They exchange their public keys. Now, each person has a private key, the other’s public key, and a box.

The basic process works like this: One person writes a message and places it into the box. They then lock the box with the other’s public key. They then pass the box along. Once the box is at its destination, only the person holding the private key can open the box locked by its very own public key. If the other person wants to send a message back, they can send back a letter in the box locked with the other’s public key. The entire communication, also called a session, can go back and forth securely using this method.

This is much like how SSL certificates are used to create private and public keys. Web servers send the user a copy of its public key along with the certificate. The browser can then decide to trust the website based on this information. If it does, it can then send messages back and forth simply by encrypting and decrypting keys.

Identifying websites that have and use SSL are easy. Simply look for the lock at the top of the browser. Never exchange private data unless there is a lock up at the top of the browser. If there isn’t, there is not an acceptable level of encryption being used on that site. Anyone who sells anything online needs to have an SSL .All banks and e- commerce sites need to have an SSL to help ensure security.