Tinder Swipes Right on Encryption – Your Photos and Swipe Actions Are Finally Secure
Tinder has announced encrypting photos sent between its app and servers. The changes were revealed in a letter to Sen. Ron Wyden (D-OR) with Tinder's parent company Match Group announcing that this security feature went live in February. Wyden had written a letter to Tinder earlier this year requesting that the company starts encrypting photos after a public disclosure of an attack.
Tinder announces properly encrypting your photos and swipe data
This crucial security feature was implemented after security researchers demonstrated earlier this year that Tinder app lacked the standard HTTPS encryption when photos were shared. This allowed attackers on the same WiFi network to see any photo that the target user did, inject their own images into their photostream, and also see whether that user swiped left or right.
"We take the security and privacy of our users seriously and employ a network of tools and systems to protect the integrity of our platform, including encryption,” Match Group CEO Jared Sine wrote in the letter (PDF).
"I am happy to report that swipe data has been padded such that all actions are now the same size (effective June 19, 2018), and the images transmitted between the Tinder app and servers are now fully encrypted as well (effective February 6, 2018; images on the web version of Tinder were already encrypted)."
Tinder is only confirming this feature now since it also had to make changes to the security feature that makes all the data the same size. Researchers had revealed how the difference in swipe actions size could be used to differentiate between actions to learn if a user swiped right or left. This particular feature was enabled earlier this month.