Tinder hack tricks men into unknowingly flirting with each other

library
crime | hacking | security

In yet another example of how very hackable Tinder is, a programmer rigged the app with bait profiles, identified men who “liked” the phony female photos, and set them up to fling lust-filled come-ons at each other.

Cue the hilarity and loss of reading comprehension.

Screenshots of the confused conversations that followed were provided to The Verge, which already maintains a chat room that’s dedicated to the curation of staffers’ Tinder misadventures – a “bleak landscape,” Michael Zelenko writes.

Now, the publication has a new genre to add to its Tinder compilation: the baffled but ever-hopeful male Tinder user.

The prank was set up by a California-based computer engineer who created a program that identified two men who “liked” one of his bait profiles.

One of the profiles featured a photo of a vlogger named Boxxy and one used the photo of an acquaintance who had given her consent.

The program relayed the men’s messages – “some aggressive, others mundane, but all of them unabashedly flirtatious” – back and forth through the dummy profile.

The engineer – The Verge gave him the pseudonym of “Patrick” – used to be a Tinder user and in fact met his current girlfriend there.

He was inspired to create the prank program by listening to women friends complain about their incoming Tinder messages:

The original idea was to throw that back into the face of the people doing it to see how they would react.

First, he started to build a Twitter bot to tweet out every first message received by a female friend, but Tinder was more amenable to the prank, he said.

That’s because Tinder’s API is notoriously vulnerable to being exploited.

Not only has it been used to promote a movie, it’s also been abused to expose users’ locations and to auto-like all female profiles.

(For what it’s worth, that last one’s not just a homemade hack anymore. Indiscriminate “likers” now have an app for that.)

The creator of the dude-on-dude hack told The Verge that pwning Tinder is a snap:

As long as you have a Facebook authentication token, you can behave as a robot as if you were a person.

“Patrick” said he finds the ethics of the exploit to be ambiguous.

Although he developed code to scramble phone numbers and otherwise prevented real-world meetings from taking place, he says he can’t help but think that the men he pranked kind of deserved it, given how eager they were to meet their new “girl” friends and how blind they were to obvious red flags:

They ignore all the signs, they ignore all the weird things. When someone is so quick to meet up without any detail or know anything about the person at all – maybe it’s deserved.

That sounds a bit like like victim-blaming to me. Regardless of how lustfully clueless the men were, they were still unwitting victims of a prank.

But Patrick has a good point. The exploit is yet another example of how people – or bots, in this case – can hide behind a fabricated persona online.

That’s why we warn people against accepting friend requests from people they don’t know on Facebook, and it’s why we tell people to be cautious about meeting in person someone they’ve only met online.

People tend to think of women and children as being potential victims, but this advice applies to all.