Yik Yak, a program that acts as a local anonymous message board, allows you to find accurate locations and unique user IDs. Motherboard reports. A researcher who analyzed data from Yik Yak was able to access accurate GPS coordinates from where posts and comments came, accurate within 10 to 15 feet, and says he brought. his findings to the company in April.
First launched in 2013, Yik Yak has been popular on university campuses, where it has often been used to gossip, post updates and cyberbully other students. After declining importance and unsuccessful attempts at content moderation, the app closed in 2017, only to rise from the dead last year. In november said the company it has passed 2 million users.
Motherboard spoke with David Teather, a computer science student based in Madison, Wisconsin, who expressed security concerns to Yik Yak and went on to publish his findings in blog post. The app displays posts from nearby users but shows only an approximate location, such as “about 1 mile away”, up to five miles, to give users a sense of where the updates from their nearby community are coming from.
Although Yik Yak promises anonymity, Teather points out that combining GPS coordinates and user IDs could de-anonymize users and find out where people live, as many are likely to use it at home and the data is accurate to within 10 to 15 feet. That combination of information could be used to track or observe a particular person, and Teather mentions that the risk could be higher for people living in rural areas where homes are more than 10 to 15 feet apart because a GPS location could narrow a user down to. one address.
How Motherboard reports, the data is accessible to researchers like Teather who know how to use tools and write code to extract information – but the risk was real enough to prompt Teather to bring it to Yik Yak’s attention.
I found out @YikYakApp exposes millions of user sites by sending accurate GPS coordinates of all posts and comments (accurate within 10-15 feet) to the app, these can be harvested by malicious actors to track user sites.https://t.co/pgT809okv7
– David Teather (@david_teather) May 9, 2022
“Because user IDs are constant, it is possible to find out the daily routine of a user from when and from where they post YikYaks, this can be used to find out the daily routine of a particular YikYak user,” Teather writes. He listed other ways the data could be mishandled, such as finding out where someone lives, monitoring users, or breaking into someone’s home when they’re not there.
Yik Yak did not respond to a request for comment from The Edge.
According to Motherboard, the latest version of the program released by Yik Yak no longer displays accurate location and user IDs, but Teather says he can still retrieve that information using previous versions of the program.
“If YikYak were to take this more seriously, they would limit these fields from being returned and break old versions and force users to upgrade to a newer version of the program,” he wrote on the blog.