Anonymous bulletin board app Yik Yak reveals exact locations of its users

Yik Yak, an application that acts as a local anonymous message board, helps find users’ precise locations and unique IDs, Motherboard reports. A researcher who analyzed data from Yik Yak was able to access precise GPS coordinates of the origin of posts and comments, accurate to within 10 to 15 feet, and says he brought his findings to the company in April.

First launched in 2013, Yik Yak was popular on college campuses, where it was often used to chat, post updates and cyberbully other students. After losing relevance and failed attempts at content moderation, the app shut down in 2017, only to rise from the dead last year. In November, the company said it had passed 2 million users.

Motherboard spoke with David Teather, a computer science student based in Madison, Wisconsin, who reported security issues to Yik Yak and later published his findings in a blog post. The app displays posts from nearby users, but only shows approximate location, such as “about 1 mile”, up to 8 km away, to give users an idea of ​​where updates are coming from of their nearby community.

Although Yik Yak promises anonymity, Teather points out that the combination of GPS coordinates and user IDs could anonymize users and find out where people live, as many are likely to use it from home and the data is accurate. within 10 to 15 feet. This combination of information could be used to stalk or monitor a particular person, and Teather says the risk could be higher for people living in rural areas where homes are more than 10 to 15 feet apart, as a GPS location could narrow a user down to an address.

Like Motherboard reports, the data is accessible to researchers like Teather, who know how to use tools and write code to extract information — but the risk was real enough to prompt Teather to bring it to Yik Yak’s attention.

“Because user IDs are persistent, it is possible to determine a user’s daily routine, i.e. when and from where they post YikYaks, this can be used to discover a user’s daily routine Particular YikYak,” writes Teather. He listed other ways to misuse data, such as finding out where someone lives, monitoring users, or breaking into someone’s house when they’re not there.

Yik Yak did not respond to a request for comment from The edge.

According to Motherboard, the latest version of the app released by Yik Yak no longer exposes precise location and user IDs, but Teather says it can still retrieve this information using previous versions of the app.

“If YikYak took this more seriously, it would prevent these fields from being returned and break older versions and force users to upgrade to a newer version of the app,” he wrote in the blog post. .


Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button