Yik Yak, an app that acts as a neighborhood nameless message board, makes it attainable to search out customers’ exact areas and distinctive IDs, Motherboard reviews. A researcher who analyzed Yik Yak knowledge was capable of entry exact GPS coordinates of the place posts and feedback got here from, correct inside 10 to fifteen toes, and says he introduced his findings to the corporate in April.
First launched in 2013, Yik Yak was well-liked on faculty campuses, the place it was typically used to gossip, put up updates, and cyberbully different college students. After waning relevance and failed makes an attempt at content material moderation, the app shut down in 2017, solely to rise from the useless final 12 months. In November, the company said it had handed 2 million customers.
Motherboard spoke with David Teather, a pc science scholar primarily based in Madison, Wisconsin, who raised the safety considerations to Yik Yak and went on to publish his findings in a weblog put up. The app reveals posts from close by customers however shows solely approximate location, akin to “round 1 mile away,” as much as 5 miles, to provide customers a way of the place of their close by neighborhood updates are coming from.
Although Yik Yak guarantees anonymity, Teather factors out that combining GPS coordinates and person IDs might de-anonymize customers and discover out the place folks dwell since many are more likely to be utilizing it from house and the information is correct to inside 10 to fifteen toes. That mixture of knowledge may very well be used to stalk or watch a specific individual, and Teather mentions that the danger may very well be larger for folks dwelling in rural areas the place properties are greater than 10 to fifteen toes aside as a result of a GPS location might slim a person down to at least one tackle.
As Motherboard reviews, the information is accessible to researchers like Teather, who know methods to use instruments and write code to extract info — however the threat was actual sufficient to immediate Teather to carry it to Yik Yak’s consideration.
I found that @YikYakApp is exposing hundreds of thousands of person areas by means of sending exact GPS coordinates of all posts and feedback (correct inside 10-15 toes) to the app, these might be harvested by malicious actors to trace customers areas.https://t.co/pgT809okv7
— David Teather (@david_teather) May 9, 2022
“Since person ids are persistent it’s attainable to determine a person’s each day routine of when and the place they put up YikYaks from, this can be utilized to search out out the each day routine of a specific YikYak person,” Teather writes. He listed different methods the information may very well be abused, like discovering out the place somebody lives, monitoring customers, or breaking into somebody’s house once they’re not there.
Yik Yak didn’t reply to a request for remark from The Verge.
In keeping with Motherboard, the newest model of the app launched by Yik Yak not exposes exact location and person IDs, however Teather says he can nonetheless retrieve that info utilizing earlier variations of the app.
“If YikYak did take this extra significantly they’d prohibit these fields from being returned and break older variations and power customers to improve to a more recent model of the app,” he wrote within the weblog put up.
Supply: The Verge