Tinder is primarily known as a Millennial Hookup App Thanks to some pressure from a 69-year-old, married Baby Boomer Senator, the dating service is safer. Tinder's parent company Match Group announced this week in a letter to the Oregon Democrat Ron Wyden that he will finally encrypt the photos uploaded by his users.
The change, which came into effect for a while, but was done without bickering by Tinder himself, offers a bit more confidence for users who are worried about their privacy while requiring no direct action. You can now rest assured that your photos will be encrypted as they are transferred between the app and Tinder's servers.
According to the letter The Verge spotted by Jared Sine, match group legal advisor, Tinder actually began encrypting photos February 4, 2018. This change occurred after a series of reports detailing the lack of security measures to protect the data of Tinder users.
In January, researchers from the Israeli security firm Checkmarx found out that Tinder could not perform the basic encryption of photos. Theoretically, an attacker could perform a man-in-the-middle attack by connecting to the same Wi-Fi network as Tinder and intercepting the images that came through the app. These include pictures of potential matches. An attacker could even insert their own photos in the app, which could lead to very embarrassing meetings, if a person's game does not look like their photo.
At the time, researchers also pointed out how easy it would be for an attacker to pinpoint what a Tinder user is doing by looking at encrypted data, including the way they wiped. While the data packets containing this information were encrypted, they were transmitted with a different number of bytes which were relatively easy to distinguish from each other. Per Wired was a swipe left to reject a potential make, 278 bytes, a right swipe was 374 bytes, and a match was 581 bytes.
This has also been fixed per matchgroup. In the letter addressed to Senator Wyden, the firm's lawyer said that since June 19, 2018, swipe data and other actions have been padded so that they are all the same size and prevent any kind of snooping that was possible earlier ,
Wyden, a regular advocate of better security practices, persecuted Tinder to make the changes in February. He noted in a letter addressed to the company that Tinder was already using HTTPS encryption on his website and wanted to extend the protection to his app, which is far more popular.
"I urge Tinder to eliminate these serious security holes so as to protect users' privacy and security," wrote Wyden. It's a game!