This is what a massive online privacy violation looks like




The popular gay-oriented smartphone app “Jack’d” has a security flaw that permits anyone with an Internet connection to easily find the exact location of any Jack’d user currently online.

I just found literally thousands of gay men across Europe, Asia, the Middle East and Africa.

UPDATE: I’ve just received a statement from Jack’d:

Statement by Adam Segel, Jack’d CEO
Jack’d takes the privacy and personal security of its users very seriously. We were informed of this location security issue by a security researcher over the weekend and are currently working as quickly as possible to resolve the situation.

The news of Jack’d’s security problem comes on the heels of a similar flaw that was discovered on another popular gay smartphone app “Grindr.” When the Grindr flaw was initially revealed by an anonymous gay Grindr user in Europe, the company claimed the breach wasn’t a problem.

After a large amount of negative publicity, Grindr turned off its “location” option in countries where being gay is dangerous (Grindr had originally turned off the location function all together, but then turned it back on in many countries.) Which means Grindr users in Europe, America and beyond are still vulnerable.

The exact location of gay men currently on Grindr in Tehran, Iran, a country in which gay men are put to death.

The exact location of gay men on Grindr in Tehran, Iran, a country in which gay men are put to death.

Jack’d’s flaw is reportedly even more serious than Gindr’s.

While Grindr permitted you to find the location of some 50 gay users at a time, using triangulation, Jack’d doesn’t even require triangulation — it simply turns over the exact location of thousands of users at a time, according to the European who discovered the original Grindr problem.

With the click of a mouse, for example, I was able to find every gay Jack’d user in the entire nation of Iran (and a few surrounding countries like Kuwait, to boot). If you zoom in on any of the examples below, you can see what street they’re on, and where they are on the street. (Well, you can’t zoom in, I can via a set-up I won’t be posting online.)

Every Jack'd user online in Iran.

Every Jack’d user online in Iran.

In the past 24 hours in which the security flaw was discovered, the exact location of over 350,000 Jack’d users has been uncovered, including 1,941 users in China, 282 in Iran, 17, 250 in Indonesia, 12,239 in Eritrea, 297 in Russia, 1,499 in Saudi Arabia, 466 in Brunei, 22 in Nigeria, and 2 in Uganda.

Here’s Tehran, where gays can be put to death:

Jack'd users in Tehran, Iran.

Jack’d users in Tehran, Iran.

Here’s a lone gay in Khartoum, Sudan — a country where the law puts gays to death:

Gay Jack'd users in Khartoum, Sudan.

Gay Jack’d users in Khartoum, Sudan.

And here are Jack’d’s users in Riyadh, Saudi Arabia — always a fun place to be different:

riyadh-saudi

Jack’d users in Riyadh, Saudi Arabia.

Yemen:

sana-a-yemen

Moscow:

moscow-jackd

Gaza:

gaza

China:

china-jackd

Brunei:

brunei-jackd

Nigeria:

lagos-nigeria

Uganda:

uganda

And here’s a larger map I created, showing a sampling of the gay men in Europe, Africa and the Middle East who were online simultaneously, and whose exact location I found:

Every gay man online using the Jack'd app in Europe, Africa and the Middle East.

Every gay man online using the Jack’d app in Europe, Africa and the Middle East.

Check out this image of Western Europe alone. Each dot is a different man’s exact location, live. There are so many it blurs the screen. (You can zoom in and see exactly where they live.)

western-europe

And here’s Paris:

paris

London:

london-jackd

And Berlin:

berlin-jackd

It’s hard to imagine, with Europe’s strict privacy laws, that any of this is legal over there.

Suffice it to say, our initial concerns, about this problem stretching across other smartphone apps that check your location, have turned out to be well founded.


CyberDisobedience on Substack | @aravosis | Facebook | Instagram | LinkedIn. John Aravosis is the Executive Editor of AMERICAblog, which he founded in 2004. He has a joint law degree (JD) and masters in Foreign Service from Georgetown; and has worked in the US Senate, World Bank, Children's Defense Fund, the United Nations Development Programme, and as a stringer for the Economist. He is a frequent TV pundit, having appeared on the O'Reilly Factor, Hardball, World News Tonight, Nightline, AM Joy & Reliable Sources, among others. John lives in Washington, DC. .

Share This Post

© 2021 AMERICAblog Media, LLC. All rights reserved. · Entries RSS