Yik Yak, an application that acts as a local anonymous message board, makes it possible to find accurate locations and unique user IDs, Motherboard References. A researcher who analyzed Yik Yak data was able to access the exact GPS coordinates of the posts and comments, with an accuracy of 10 to 15 feet, and says he brought his findings to the company in April.
Yik Yak was first released in 2013, and was popular on campus, where it was often used for gossip, posting updates, and bullying other students’ cyberbullying. After relevance and failed content surveillance efforts, the app closed in 2017, only to rise from the dead last year. In November, said the company had exceeded 2 million users.
Motherboard spoke with David Teather, a computer science student based in Madison, Wisconsin, who raised security concerns with Yik Yak and went on to post his findings in a blog post. The app displays posts from nearby users, but only displays an approximate location, such as “about 1 mile away”, up to five miles, to give users a sense of where their community updates are coming from.
Although Yik Yak promises anonymity, Teather points out that the combination of GPS coordinates and user IDs could remove user anonymity and find out where people live, as many are likely to use it from home and the data is accurate at a distance of 10 to 15 meters. This combination of information could be used to track or track a specific person, and Teather reports that the risk could be higher for people living in rural areas where houses are more than 10 to 15 feet apart because a GPS location could restrict the user to an address.
As Motherboard The data is reportedly accessible to researchers like Teather, who know how to use tools and write code to extract information – but the risk was real enough to push Teather to bring it to Yik Yak’s attention.
I found out @YikYakApp exposes millions of user sites by sending accurate GPS coordinates of all posts and comments (accurate within 10-15 feet) to the app, these can be collected by malicious agents to track users’s locations.https: //t.co/pgT809okv7
– David Teather (@david_teather) May 9, 2022
“Because user IDs are persistent, it is possible to understand a user’s daily routine of when and where they post YikYak, this can be used to find out the daily routine of a particular YikYak user,” Teather writes. List other ways to misuse data, such as finding out where someone lives, tracking users, or breaking into someone’s home when they are not there.
Yik Yak did not respond to a request for comment The lip.
According Motherboard, The latest version of the app released by Yik Yak no longer reveals the exact location and user IDs, but Teather says it can still retrieve that information using earlier versions of the app.
“If YikYak took this more seriously, it would limit the return of these fields and break up older versions and force users to upgrade to a newer version of the application,” he wrote in the blog post.