Yik Yak, an app that acts as a neighborhood nameless message board, makes it potential to seek out customers’ exact locations and distinctive IDs, Motherboard reports. A researcher who analyzed Yik Yak information was capable of entry exact GPS coordinates of the place posts and feedback got here from, correct inside 10 to fifteen toes, and says he introduced his findings to the corporate in April.
First launched in 2013, Yik Yak was in style on faculty campuses, the place it was typically used to gossip, publish updates, and cyberbully different college students. After waning relevance and failed makes an attempt at content moderation, the app shut down in 2017, solely to rise from the lifeless final yr. In November, the company said it had handed 2 million customers.
Motherboard spoke with David Teather, a pc science scholar primarily based in Madison, Wisconsin, who raised the safety issues to Yik Yak and went on to publish his findings in a blog post. The app exhibits posts from close by customers however shows solely approximate location, akin to “around 1 mile away,” as much as 5 miles, to provide customers a way of the place of their close by neighborhood updates are coming from.
Though Yik Yak guarantees anonymity, Teather factors out that combining GPS coordinates and person IDs might de-anonymize customers and discover out the place folks dwell since many are prone to be utilizing it from residence and the info is correct to inside 10 to fifteen toes. That mixture of data could possibly be used to stalk or watch a specific individual, and Teather mentions that the danger could possibly be increased for folks dwelling in rural areas the place properties are greater than 10 to fifteen toes aside as a result of a GPS location might slender a person down to 1 handle.
As Motherboard reviews, the info is accessible to researchers like Teather, who know the way to use instruments and write code to extract info — however the threat was actual sufficient to immediate Teather to deliver it to Yik Yak’s consideration.
I found that @YikYakApp is exposing tens of millions of person locations by sending exact GPS coordinates of all posts and feedback (correct inside 10-15 toes) to the app, these could be harvested by malicious actors to trace customers locations.https://t.co/pgT809okv7
— David Teather (@david_teather) May 9, 2022
“Since user ids are persistent it’s possible to figure out a user’s daily routine of when and where they post YikYaks from, this can be used to find out the daily routine of a particular YikYak user,” Teather writes. He listed different methods the info could possibly be abused, like discovering out the place somebody lives, monitoring customers, or breaking into somebody’s residence after they’re not there.
Yik Yak didn’t reply to a request for remark from The Verge.
According to Motherboard, the newest model of the app launched by Yik Yak not exposes exact location and person IDs, however Teather says he can nonetheless retrieve that info utilizing earlier variations of the app.
“If YikYak did take this more seriously they would restrict these fields from being returned and break older versions and force users to upgrade to a newer version of the app,” he wrote within the weblog publish.