This year, you and your friend Steve Stevington started a user tracking startup. The business is based on the WhatsApp metadata leak that you discovered. Both of you should still learn management, but still the company has grown into a powerful, albeit unstable company of 65 diverse interns and students, freelancers and unpaid workers on probation. You recently moved to the nifty new office in the 19th-century literature department of the San Francisco Public Library, and you have an enviable reputation in the field of Internet marketing.
But under this glossy and dubious appearance hides rot. You suspect that your good friend, co-founder and co-executive director Steve Stevington, is plotting against you. He runs out of the library all the time in strange times and somewhere disappears for hours on end. When you ask where he is going, he builds a strange grimace, which he probably considers a malevolent grin - and tells you not to worry. You have instructed librarians to follow him several times, but they are all terrible in field work.
You have been living in Silicon Valley for quite some time - and you know what ruthless atrocities happen when a large sum of money and user data is at stake. Steve Stevington is probably trying to convince investors to drive you out of business. You think that Peter Thiel will support you, but it’s hard to say about Aunt Martha. So you need to find out where Steve goes.
Fortunately, he is an avid Tinder user. The Tinder app tracks the location of its users to let potential couples know how far they are from each other. This allows users to make smart decisions: is it really worth driving 13 kilometers to meet a couple at 6 or 6.5 points when they have a bath, ice cream in the refrigerator and work in the morning. In other words, Tinder knows exactly where Steve is heading. And if you choose the right exploit, you will soon find out too.
To determine the direction of your searches, you examined reports of past leaks of location data for Tinder users. There were several of them. In 2013, it was discovered that Tinder servers send the exact coordinates of potential matches to a mobile application. Based on them, the application calculated the distance between users, but did not display the coordinates in the interface. However, an attacker could easily intercept Tinder’s own network traffic, check the raw data, and determine the exact location of the target.
Tinder API response, including exact location
Tinder tried to quietly fix the vulnerability by shifting the distance calculation to the servers instead of the application. After that, network messages sent from the server to the application contained only these pre-calculated distances without actual locations. However, Tinder casually sent distances in the form of unrounded numbers with 15 decimal places.
Tinder API response including accurate distance
This negligence allowed cunning researchers to again determine the exact location of targets using an exploit for trilateration. Researchers sent three fake coordinates to Tinder with different user locations. At each new location, they asked Tinder how far the target was. Then, three circles were drawn on the map with centers in fake coordinates and radii equal to the obtained distances. The intersection point - the coordinates of the target with an accuracy of 30 meters.
Tinder Trilateration Example
The Tinder security team looked at these people who constantly make them work, sighed and quietly fixed the vulnerability. Now Tinder sends distances rounded to kilometers to the application. You can still use the indicated trilateration procedure to determine the coordinates of the target within a kilometer or so. But in the densely populated city of San Francisco, this will not give an answer, where does the sneaky Steve Stevington go.
On Friday afternoon, a steaming grimace reappeared on Steve Stevington's face, indicating a willingness to take various actions in unknown places. You must find out where he is heading before it is too late. You locked yourself in your account - in the reading room of the library on the 4th floor. After fifteen minutes of deep breathing and even deeper reflection, you have a plan for how to reanimate the Tinder trilateration exploit and find out where the Stevenator is heading.
Suppose Tinder now calculates the exact distances on the servers, rounds them to the nearest integer, and then sends the rounded numbers to your phone. You can start a new attack in the same way as with trilateration. We send fake Tinder locations and ask how far the target is. Tinder can answer "8 kilometers", which in itself is of little use. But then you can move one pixel to the north, asking the distance with each step. The server will reply “8 kilometers, 8 kilometers, 8 kilometers, 8 kilometers, 7 kilometers”. If your assumption about the rounding process is correct, then the point at which the answer changes corresponds to the exact distance to the target of 7.5 kilometers. If you repeat this procedure three times and draw three circles, then we will again use the trilateration exploit.
We pass to active actions. While Wilson went to the toilet, borrow his phone for testing - you know that he uses Tinder, and the unlock code is visible on the fingerprint on the screen. Speak to your unpaid interns on a trial period so that they don’t call you on the phone or say anything to Wilson - and hurry to the secluded and uninhabited corner of your office in the department of fiction for high school age. There you open Tinder on both phones. Continue to swipe until you get a match, and then write a short Python script using pynder to spoof Tinder API calls. Place Wilson in the middle of the San Francisco Bay, and then try to determine its coordinates, changing its location pixel by pixel to find the point when the distance between you changes from one rounded number to another.
But something is wrong. Evening has come, dinner has passed, and you have not yet found Wilson. You kind of get close, but not enough. The circles are sometimes painfully close to the intersection, but usually do not give a meaningful answer to where Wilson is. You begin to despair. Right this second, Steve Stevington can sign a new contract with Peter Thiel and Aunt Marta. He may have already updated your company’s LinkedIn page, renamed you “Advisor,” “Assistant,” or “Former CEO.” The library closes - and you move to the pantry. Wilson continues to call, but probation interns don't give you up. Even a fleeting thought skips to give them a job.
Frustrated, you take a step back and hit your head on the lower shelf. When you get out of a pile of cleaning products, you are considering the possibility that assumptions may be wrong. Perhaps Tinder is not just rounding off exact distances. You take a snack from the refrigerator of a library employee to help the thought process. Stop drawing circles and begin to walk along the lines around Wilson’s true location, marking each change in distance.
At the second hour of the night everything becomes clear.
Placing marks on a map based on Tinder distances
Now Tinder is so zealous for the privacy of users that it breaks the boring clips of conventional geometry. He abandoned Euclid. He does not need the haversinus formula. Instead, Tinder uses two innovations when calculating the distance between matches.
First, and most importantly, it divides the city into squares of approximately 1 × 1 mile. When calculating the distance, the location of the target is snapped to the center of the current grid square. Then the estimated distance between you is calculated and returned and this anchored location.
Tinder snaps user locations to a grid
Secondly, it calculates distances as if by its unique formula. To do this, a map of rough, predefined distances is taken - and superimposed on the center of the square of the target. Tinder looks for the location of the attacker in this overlay and returns the corresponding distance. In the normal calculation of the Euclidean distance, this would be a set of concentric circles.
But Tinder seems to use concentric squares with strange curves at the corners as they move away from the target.
Among other things, this means that Tinder often returns slightly incorrect distances. You suspect corner rounding is necessary for adjustments. too wrong distances that are northeast of each other.
Grid binding is a key innovation in the Tinder approach. This means that Tinder will always return the same distance if the target is anywhere within the given grid square. Your trilaterational exploit will not work. And if Tinder correctly implemented mesh binding, then no purely remote exploit will ever work. There is no way to find the location of a target with greater accuracy than the borders of one of the grid squares (approximately) 1 × 1 mile. Even such crude surveillance can make Tinder users wonder. But in fact, this is quite reasonable behavior for the application, the main function of which is to tell strangers where about you are.
You really do not know why Tinder uses such a strange layer of squares with rounded corners. As long as user locations are tied to a grid, Tinder could use the normal Euclidean distance without risking privacy. Perhaps it’s just that a new metric is calculated faster, and despite Gordon Moore’s precepts, computers are still limited. However, all this leads to the conclusion that Tinder is safe - in this very narrow aspect - and you screwed up.
The library is in complete darkness, not counting the green glow of Xerox. You are sad, but diligently sweeping tracks. Put it in the pantry and throw Wilson's phone into the library's industrial shredder. Get out through the main entrance, steal a badly fastened bike and ride home sadly.
The next morning, Steve Stevington gives you one of a couple of co-directors he worked on in his secret afternoon ceramics class. This is completely disgusting. It would be better if he gave you one of a pair of ten-dollar bills and stayed in the office. He worked little and bad, and you had to hold many meetings and lie a lot - usually this is his job. But at least he did not steal your company. You pour Wilson's coffee into your ridiculous mug and wish good health to your good friend.
When you fall asleep at night, thoughts come to your head about what happens to the Tinder grid at the North Pole ...
Your code from this article is published on Github. Please inform yourself if you have any questions or find errors.
How to change location on Android
You can mask your real geolocation using the Hola Fake GPS location application. After the first
Launch will take several minutes to make the necessary settings. But in the future, you can almost instantly change the coordinates in a simple and convenient interface.
After installing Hola Fake GPS location, you must give the program permission to change the geolocation. To do this, first click in the GO application, and then Settings - the "For Developers" section will open. Then find the “Select apps for fictitious locations” item and select Hola Fake GPS location using it.
Next, go to the settings of the device and open the section responsible for the location settings. Here, enable the geolocation detection mode only by GPS satellites.
When you make the above settings, the application will be ready to work. To change the coordinates for all other programs with it, just select the false location on the map and click on the GO button. You can choose any location around the world. To disable the coordinate substitution, press STOP.
False location transmission is running in the background. By enabling Hola Fake GPS location, you can as usual share coordinates on social networks and take new pictures in other programs. But now other users will see not your actual location and not the places where you took the photo, but the selected coordinates.
You can also control the operation of Hola Fake GPS location using a special widget that appears after installing the program in the notification panel.
If you decide to use a false geo-location to unlock services that are not working in your country, you should know that, most likely, nothing will work out for you. VPN services are suitable for this purpose.
After shutting down Hola, other applications can still see the dummy coordinates. In such cases, just restart the GPS module.
The Hola Fake GPS location app is available with a paid subscription or completely free. But in the second case, the program will use the computing power of your device during its idle time and some traffic.
How to change your location on Yelp
Hello! Today we’ll talk about the function that is present even in low-cost smartphones, namely GPS, or the global positioning system, the main purpose of which is to determine the location of the device.
However, this is not the only GPS feature. Such concepts as geo-tagging (the function of adding coordinates of the location of shooting to file information) and geosocial networks, such as Foursquare or Altergeothanks to which a person can be noted in various institutions of his city, as well as see the location of friends on the map.
In fairness, I note that our smarts are equipped not with a full-fledged GPS tracker, but with the A-GPS system. The difference is that to start the work of A-GPS, you need to download data from an Internet server. And this is rather a plus, since the GPS receiver downloads the file in a few minutes, and a smartphone with the A-GPS system in a few seconds (depending on the speed of the Internet connection). But there is a counterbalance to this speed - in the absence of access to the Internet, it will not be possible to determine your location, since maps will not be loaded. True, if the latter are already preinstalled, then there should not be any problems with determining your location.
Do not forget that with the help of GPS, third parties can track your location, which can be qualified as interference in your personal life.
Of course, the use of GPS is not limited to the above examples. Surely you noticed that a certain part of applications during installation requires permission to use your location. Even as simple as a calendar.
In some cases, this requirement is perplexing, but sometimes it becomes necessary to install a specific application, and it turns out to be blocked for your region (probably relevant for the Crimean peninsula). Of course, you can use a VPN, but there is another way to solve the problem that I want to share.
You did not have a question, is it possible to change your location on a smartphone?
To do this, we need two things: changing the settings of your smart and installing an additional application. I chose Fake GPS Location Spoofer Free, as it is popular (about 1 million downloads), free, and it weighs only 2.5 MB.
Install the application, but do not go into it. First we change the settings of the device.
Turn off Wi-Fi or mobile Internet, go to Settingsfurther in Developer Options. Find item Dummy location and activate it.
Then in the Settings we find the parameter Geodatain which we change Detection method on GPS only.
If you do not have developer mode, then the algorithm is as follows: go to Settings, Further About devicethen Software Information and click several times on Build number. Thereafter Developer Options should open (I have not tested this method since the developer mode is already unlocked).
With the settings finished. We turn on the Internet and go to the installed application (the Internet will be needed to download maps, remember about A-GPS). At the entrance, we see instructions on how to use the software and accept the agreement.
We click on the magnifying glass icon, enter the desired city and double-click on the map to select any desired place (who does not know, I'm from Almaty, so I chose Astana).
After all the manipulations, click on the triangle in the lower right corner. Everything is ready, we go into any maps and see that your location has changed in just a couple of minutes.
In order to return everything back, on the notification, click on the white square and return the Detection Method parameter in the Geodata settings. Just in case, check your location.
All operations were carried out on Android 5.1.1 OS
That's all, now you know how to change your location without leaving your home. Like and subscribe if it was interesting!
А для вас старался Михаил Должников, благодарю за внимание и до новых встреч у экранов!
Метод № 1 — использование приложения Fake GPS
Fake GPS отображает карту и позволяет вам установить наше местоположение в любом месте. Все приложения на телефоне обнаружат нас в таком месте, которое мы укажем в приложении Fake GPS. Чтобы приложение работало, сначала необходимо включить соответствующие настройки в телефоне.
Перейдите к «Настройки> О телефоне» и коснитесь окна семь раз «Номер сборки». Это активирует параметры программирования на вашем телефоне.
Now go to “Settings> Programming Settings” and check the box “Simulate Location” in the “Debugging” section.
Download Fake GPS from the Play Store
Install the Fake GPS app and launch it. When the application asks you to access the root, click "Allow". Now you can set your location in the selected location using the map.
We begin to fake the location after clicking the "Start" button on the top panel of the program. Now, every application that uses locations will be based on data provided by Fake GPS.
Method # 2 - Using the Floater App - Fake Location
Fake GPS is a good application, but it has one minus - every time we want to change the location, we have to switch between applications. If you need to change your location on the map every time without leaving the open application, you should use Floater - Fake Location.
Download Floater - Fake Location from the Play Store
Floater displays a small window that is always on top. Inside the window we see a view of Google Maps, where we can change our location at any time. The window is also available when using other applications, so we do not need to switch to a completely different application every time we want to change the location.
As with Fake GPS, Floater also requires that you enable location settings in programming options. Go to "Settings> Programming Settings" and select "Simulate Location." It’s also worth setting the accuracy level to “GPS only” or “Device only” in the phone’s location settings.
After launching the Floater application, a small window will appear, the size and location of which can be changed. If you want to reduce the window, you just need to grab them in the corner and narrow it down. If you want to move the entire window, you must grab them for the black border. To set your location, all you have to do is put a green dot on the map on the map and click the "Play" button in the lower left corner. The program will begin to simulate a location, and each application will read our location according to what Floater shows.