Connect with us

Culture

Dating App Criticized for Security Flaws That Could Help Police Arrest Stoners

Maureen Meehan

Published

on

When HighThere! hit the market in March, it sounded like a great way for weed lovers to find love and each other. But, now we’re learning this Tinder-style app for stoners could be helping the cops do the finding.

In a story investigating the privacy angle of the app, Mic contacted cyber-security company Synack, which rated HighThere!’s security on the level of a “student project”—basically meaning that anyone with minimal computer skills could gain access to basic information about other HighThere! users, including who’s smoking what, where and when.

In fact, according to Synack hacker Oren Yomtov, who was interviewed by Mic, with the data HighThere! sends through a nearby home router, one could expose and locate any user whose profile is visible.

When Tinder tells you someone is a mile away, the specifics of the person's exact location are stored on a remote server. When HighThere! sends a report on every nearby user and does the math locally on your phone, it means that a bunch of unencrypted info—with exact locations of all users—is constantly floating around for anyone to intercept.

Doesn’t this sound like providing too much information to the police on a cyber platter? What can the cops do with the information, you might ask.

“This is maximum fun for law enforcement—an incredibly useful tool,” said Tony Gambacorta, Synack's vice president of operations.

Gambacorta gave Mic a hypothetical situation in which police pick a target area, watch everyone using HighThere! on a map and identify the dealers by seeing who quickly visits multiple users throughout the day.

This, in addition to the data maps police already use to predict crime, “you could not write a better tool for arresting people,” Gambacorta said.

In addition to sharing your pot habits with the local police station, why allow your profile to be out there in a world where Google Image, LinkedIn and Facebook are often used for job searches or references? Even if HighThere! was secure, why risk being detected?

"If you're going to do something like track people participating in an illegal activity, you need to have superb data privacy on your platform," Gambacorta said.

Contacted by Mic, HighThere! issued a statement that it plans to improve its security in the very near future.

(Photo Courtesy of Elite Daily)

Trending