Hook up sites without membership
Since we got this far, probably we can go even farther.
At this point — I started writing this Medium post because I realised that their security does not seem to be marvellous.
If you are not a technical person, jump to Moral of the Story below.
I thought, first thing I can do is to see the network traffic coming in and out of the app. So I installed a proxy on my Mac, Charles, and ran the i Phone’s Wi Fi through that proxy. But wait, did they just send the girl’s full profile over non-secure HTTP?
In one of the POST requests that happened after I sent the message, the payload was: Websocket.
Oh Damn, the chat is happening over websockets (I should’ve expected that). Moving over to websocket filtering in Chrome Network tab, gladly there was only one websocket to monitor.
I have tried few of the most famous online dating apps and they did not appeal to me. That really intrigued me into seeing how this works.
With the greater awareness, people will start to hesitate to supply information about themselves that may be unnecessary for the services to work, and companies will be forced to be more transparent about how they are using the data.
Remember that with GDPR, you can request a copy of your data in human readable format from any service provider, and that this request must be fulfilled in 72 hours.
Hmm…There is a list of blurry photos, but I couldn’t get access to the non-blurred photos easily. All important requests seem to be happening on SSL.
I activated Charles SSL Proxy, and installed Charles SSL certificate on my i Phone but that just didn’t work, and the app could not connect anymore.
You’d register, answer tens of questions about yourself, then they’d show you some matches with blurred photos, telling you that they have something like 95% compatibility with you.