Skip to main content

Tinder finally encrypted everyone’s photos

By

Tinder’s parent company Match Group publicly announced today, in a letter to Sen. Ron Wyden (D-OR), that it is now encrypting photos sent between Tinder’s servers and its app. The changes were implemented in February, following the public disclosure of an attack that could have let hackers view people’s profile pictures and swipe actions.

Wyden wrote a letter to Tinder back in February requesting that the company encrypt photos. It had apparently already done so (the letter says they implemented the feature on February 4th), but it waited to write back to Wyden until it also adjusted a separate security feature that makes all swipe data the same size. The size of the swipe data was used by security researchers to differentiate actions from one another. That change wasn’t implemented until June 19th.

What does this mean for you, the user? Nothing really other than you can rest easy knowing that hackers shouldn’t be able to view your encrypted profile photos. I can’t imagine these photos were super sensitive, anyway, but maybe your topless pic is for Tinder users’ eyes only.



from The Verge - Teches https://ift.tt/2KyBJR1
Labels:

Comments

Post a Comment

Popular posts from this blog

Magic Leap is shipping across (most of) the US

By
As Magic Leap holds the first developer conference for its Magic Leap One mixed reality headset, that headset has started shipping across the contiguous United States, instead of in a set of select markets. The Magic Leap One Creator Edition costs $2,295, just like before, but there’s now an installment plan that starts at $96 per month. All orders are supposed to arrive within 60 days. The Magic Leap One Creator Edition went on sale in early August, and while Magic Leap has touted it as a fully functional device, it’s basically meant for people who want to design apps, games, or art for mixed reality. We were ambivalent toward the hardware, which we found limited, and we noted that Magic Leap hadn’t shown off a lot of material that showcased its potential. The company’s developer conference keynote has revealed several new projects. Among other things, Spider-Man studio Insomniac Games is building an experience that will let you grow a holographic creature on your tabletop, and...
Post a Comment
Read more

US carriers introduce Project Verify to replace individual app passwords

By
Four major US carriers — AT&T, Sprint, T-Mobile, and Verizon — are joining forces to launch a single sign-on service for smartphones. The service, called Project Verify , authenticates app logins so that users don’t need to memorize passwords for all their apps. The companies say their solution verifies users through their phone number, phone account type, SIM card details, IP address, and account tenure. Essentially, your phone serves as the verification method with details that are hard to spoof. Users have to manually grant apps permission to use Verify, and it works similarly to how you might log into some services through Gmail or Facebook instead of using a unique account password. Of course, these apps also have to choose to work with Verify, and the program hasn’t listed any partners or when it intends to launch. The service can serve as your two-factor authentication method, too, instead of an emailed or texted code that can be intercepted. Users might not be totally sa...
1 comment
Read more