Yik Yak Exposes Precise Locations, Unique IDs for Anonymous Users


In August 2021, the anonymous social platform Yik Yak, who rose from the dead, reportedly revealed the exact location and unique ID associated with the user.

the exposed data discovery(Opens in a new window) Written by David Teather, a computer science student at the University of Wisconsin-Madison who published the issue on Yik Yak on April 11th. The company fixed some of the issues on May 8th. Tither revealed the flaw on May 9th.

“I was able to access the exact GPS coordinates (within 10-15 feet) of all posts and comments about YikYak. [sic] platform,” Teather says. 2 million users(Opens in a new window) It’s at risk.” (At least—Yik Yak hasn’t publicly revealed how many users it has since November 2021.)

Teather also discovered that all posts and comments on Yik Yak were associated with a unique user ID. The company released an update on May 8 to address the issue, but according to Teather, someone can de-anonymize a user with “a few minutes guess”.

Teather’s research reveals the problem of accepting ostensibly private services as they are. While some degree of location sharing is expected from services like Yik Yak, users would not expect their exact location to be disclosed or tied to a unique user ID.

Yik Yak did not immediately respond to requests for comment. the company update(Opens in a new window) He said he was working on a new API (probably one affected by these flaws) for the relaunch of the Android app and recently “run into some unexpected hurdles”.

Get the best stories ever!

join what’s new We deliver top news to your inbox every morning.

This newsletter may contain advertisements, deals, or affiliate links. Subscribe to our newsletter Terms of service And Privacy Policy. You may unsubscribe from the newsletter at any time.



Leave a Comment