Lorenzo Franceschi-Bicchierai reports:
The anonymous message board app Yik Yak is designed in a way that it is possible to get the precise location of a user’s post, and see users’ unique IDs, potentially allowing someone to dox and stalk users, according to a researcher.
[…]
In April, David Teather, a computer science student, analyzed what kind of data Yik Yak exposes by intercepting data sent and received by his Yik Yak app using a free and open source tool called mitmproxy and by writing “code that pretended to be the Yik Yak app to extract information from it.” By doing that, he realized that Yik Yak sent the precise GPS coordinates of every post to his app, as well as a user’s unique ID—nrCi213RA3SncY6mVLZzuGUIJ2T2 for example—which could have allowed him to track users’ posts by looking at where they posted over time, opening up the possibility to de-anonymize and stalk users, according to a blog post he published this week.
Read more at Vice.