Yik Yak, an app that acts as a neighborhood nameless message board, makes it potential to seek out customers’ exact areas and distinctive IDs, Motherboard stories. A researcher who analyzed Yik Yak knowledge was in a position to entry exact GPS coordinates of the place posts and feedback got here from, correct inside 10 to fifteen ft, and says he introduced his findings to the corporate in April.
First launched in 2013, Yik Yak was in style on school campuses, the place it was typically used to gossip, submit updates, and cyberbully different college students. After waning relevance and failed makes an attempt at content material moderation, the app shut down in 2017, solely to rise from the useless final yr. In November, the corporate mentioned it had handed 2 million customers.
Motherboard spoke with David Teather, a pc science scholar based mostly in Madison, Wisconsin, who raised the safety considerations to Yik Yak and went on to publish his findings in a weblog submit. The app reveals posts from close by customers however shows solely approximate location, equivalent to “round 1 mile away,” as much as 5 miles, to provide customers a way of the place of their close by group updates are coming from.
Although Yik Yak guarantees anonymity, Teather factors out that combining GPS coordinates and consumer IDs might de-anonymize customers and discover out the place individuals stay since many are more likely to be utilizing it from house and the info is correct to inside 10 to fifteen ft. That mixture of data may very well be used to stalk or watch a selected particular person, and Teather mentions that the chance may very well be increased for individuals residing in rural areas the place properties are greater than 10 to fifteen ft aside as a result of a GPS location might slender a consumer down to 1 tackle.
As Motherboard stories, the info is accessible to researchers like Teather, who know the way to use instruments and write code to extract data — however the danger was actual sufficient to immediate Teather to carry it to Yik Yak’s consideration.
I found that @YikYakApp is exposing thousands and thousands of consumer areas by means of sending exact GPS coordinates of all posts and feedback (correct inside 10-15 ft) to the app, these may be harvested by malicious actors to trace customers areas.https://t.co/pgT809okv7
— David Teather (@david_teather) Might 9, 2022
“Since consumer ids are persistent it’s potential to determine a consumer’s each day routine of when and the place they submit YikYaks from, this can be utilized to seek out out the each day routine of a selected YikYak consumer,” Teather writes. He listed different methods the info may very well be abused, like discovering out the place somebody lives, monitoring customers, or breaking into somebody’s house after they’re not there.
Yik Yak didn’t reply to a request for remark from The Verge.
In keeping with Motherboard, the most recent model of the app launched by Yik Yak not exposes exact location and consumer IDs, however Teather says he can nonetheless retrieve that data utilizing earlier variations of the app.
“If YikYak did take this extra severely they might prohibit these fields from being returned and break older variations and drive customers to improve to a more moderen model of the app,” he wrote within the weblog submit.