Ricerc@Sapienza

Every day we publish an impressive amount of information about ourselves online: Pictures, videos, tweets, posts, and check-ins. These (big) data tell the story of our public lives and, at first, are seemingly innocuous. Nonetheless, they reveal a great deal of information about the things that we wished to remain private too. The goal of this work is to demonstrate how an attacker can exploit these data to jeopardize our privacy. In particular, we focus on Happn, a location-based dating app that counts millions of users worldwide. Happn's goal is to let us find other users in our surroundings. It shows us their first name, age, and gender, their pictures, and their short bio. In addition, it tells us their approximate distance from our current location. By exploiting this information we show how an attacker (a stalker, a data broker, an advertisement company, etc.) can expose the private lives of Happn users and pinpoint their geographic position accurately and in real-time. In fact, we demonstrate how he can get even more detailed knowledge about the users by targeting all the population from a specific region (a city or a country) to discover their daily routines, where they work, where they live, and where they have fun. Finally, we show how to find out the social relationships between the Happn users: Uncovering who their friends, colleagues, relatives, and flatmates are.