Dating websites allow you to see a person in a very intimate context, framing their successes and accomplishments in life to an important audience. The information contained in these profiles often can't be found elsewhere, offering a unique look into the personal life of the user.
If you know where a person hangs out, you can use a GPS-spoofing extension in the Chrome browser to locate their Tinder profile from Windows or macOS.
From the point of view of an open-source intelligence (OSINT) researcher or hacker conducting recon, dating websites are a unique collection of searchable databases. Researching a target via dating websites can reveal a few kinds of information that are useful for a hacker.
People often use the same screen names, and you can often track a person across the internet just from finding a frequently used alias. Since many users also link their Instagram profile, intercepting a screen name can be the key to someone's entire online existence if they tend to reuse the same one.
Another factor that you can use to dig deeper into a person's life is the profile pictures on Tinder. The dating app allows several photos to be posted, thus gives many opportunities to reverse image search each profile photo to locate other accounts, even if they have different screen names. This can lead to a break like another alias or other more official accounts.
Finally, people don't tend to be very creative when it comes to their personal descriptions. Often, they will simply copy and paste them, which can make it easy to use the same mistakes or grammar in the text to locate them on other websites. Most people have mistakes they constantly make while typing, and these can tie them to other accounts when they reuse portions of text with unique misspellings and mistakes with a regular Google search.
While Tinder has long been available as a mobile app, most users aren't aware the site now allows access from a desktop computer in a web browser. We can use this access to quickly spoof our location in Google Chrome, allowing us to appear near where we expect a user to be and begin filtering through profiles. Since we can do this easily from anywhere, the only information we need to start this kind of attack is an idea of what the target looks like and a general idea of where they live, work, or hang out.
While many dating services can be rather creepily abused on the API level, Tinder allows us to do some basic investigations in a web browser that even a beginner can get started with. To get started, you'll need to have downloaded and installed the Google Chrome browser, as well as an extension called Manual Geolocation.
The first step will be enabling our computer to "lie" about its location to Tinder. This is important, as it gives us the ability to search a specific area for a person or persons. If our goal is simply to identify employees of a company, placing ourselves directly on their company headquarters to discover employees on Tinder might be the way we start.
To do this, we'll need to download the Manual Geolocation extension from the Chrome Web Store. Add the extension and accept any permissions it needs, and you'll see an icon appear in the top right of your add-ons bar.
Tapping the icon for Manual Geolocation will open a map that allows us to select the location our browser will report to any website it visits, in this case, Tinder. Select the location your target is in by double-clicking the location on the map.
You can grab the map with the mouse and move it to refine your location. Lastly, click the on/off switch at the top right of the Manual Geolocation window to switch the extension on.
Now our browser will give this information as its location when we visit any website, and Tinder will think we are in the location we've specified. We can also adjust the accuracy here if you're less sure of the area.
When this is done, navigate to Tinder and wait until the page below loads.
Click on "Log in with phone number" to create our account. You can use a Google Voice number here, as services like Burner won't work.
Once you enter your Google Voice number, it will send you a text with a code to confirm you own the number. When you receive it, enter it in this field.
You'll need to consider your target and enter information that will pass without a second glance if you only want to passively surveil the target. If you want the target to interact with you, then it's best to create a profile that will wildly excite them.
Below, you'll see my secret template for the ultimate honeypot profile. In general, men like a woman who is classy, but approachable, experienced, and perhaps a little sad. Make sure to use a free-domain image to do this, as we've picked an image from Flickr that's free to use (photo by Quinn Dombrowski via CC BY-SA 2.0).
Once you've created a profile, click "Continue" to fire up your new identity. Edith hits the streets like a hustler, sweeping up the profiles of nearby lonely hearts and thrillseekers.
Our Edith profile will just grab anyone nearby, so we'll need to let Tinder in on what our profile is interested in seeing. Click on "My Profile" on the top left corner to open our filter settings.
Once we're in our discovery settings, you need to let Tinder know that Edith is here to meet people exactly like your target, so input the age of the person you're looking for here. You'll need to specify a range, so try to put the actual age of the target in the middle.
Set the maximum distance to 1 unless you're monitoring a very large area, as you'll sweep up a lot of random profiles otherwise. Click on the back button in the top left to send Edith on patrol.
We'll start to see the profiles of anyone in the area that meets our filter settings. Each profile will allow you to expand it to see more information, which can be very useful for correlating a person to another site. If we're a hacker monitoring a company for employees in Tinder, this gives us the opportunity to find a variety of different vectors to attack.
If we're searching for a specific person, we'll need to exhaust the options the current filter set gives us until we're sure our target isn't there. We can do this by swiping left or right, it doesn't really matter. The point is to keep looking until we find our target. If we don't, we can also try looking in another location or wait for a while to see if the target logs on.
When we find our target, you can click on their profile to pull up more information. This is where you will find additional photos to reverse image search and link to other profiles. As you can see below, the stock photo we used turned up a lot of results. Finding other places an image exists can also frequently locate screen names and other correlating information that will lead you to other breadcrumbs of online data.
If you made your account interesting enough to the target, your subject may even contact you. This allows you to ask questions or take a more active role in finding information, but that would also make you a catfish. Edith is just here to look, not touch, so once you cross that line, you're no longer conducting passive surveillance.
If, however, you're concerned about a profile being legitimate or not, or if it's simply a torso picture that could be your target, a direct line of contact to test if they are who they say they are might be your best shot to confirm the information you've found. Since this is a more active technique, it falls outside the scope of this guide.
If your target has moved location or updates social media by tagging themselves somewhere known, you can adjust your location on Tinder by clicking the Manual Geolocation extension icon in the browser toolbar again and selecting the new location the way you did before.
Rather than just refreshing, we'll need to close the tab and open a new one. Then, navigate to Tinder again, and your location should be updated with the new location Chrome has supplied it. We can repeat this process to send Edith on a search of each one-mile radius area we suspect the target may be lingering in, pulling in anyone who matches the age of our target.
Anyone can create a Tinder profile, but most people forget that they can be found by anyone interested in them specifically (or somewhere they work). While we covered simply finding a profile in a way that should leave the target no indication they've been found, many hackers see dating profiles as a legitimate point of entry for phishing and social engineering attacks. If someone can find you, they can contact you too.
When writing a profile, ask yourself a few things. Where else do I use this photo? Google image search is a powerful tool. Where else do I use this profile text? And finally, do I mention a screen name that I use in many other places?
If you work somewhere important and mention it, this can also create additional risk. Both hackers and penetration testers love finding a profile stuffed full of information, so don't make yourself an easy target for a malicious stranger.
It's no secret that dating websites have been used by police, spies, criminals, researchers, and various others for things other than originally intended since their inception. This is undesirable behavior on a site like Tinder, but when done in the context of a researcher, a light touch can go a long way in revealing information about a target.
Building a profile to a human target is multi-faceted. The best way to thinking about it is finding far-flung but connected puzzle pieces of data to fill in an overall picture of what that person's actual and perceived life is like.
Some people may feel very differently about their position in life than the data about them suggests, either because they perceive their own situation radically different than it is or because we have incomplete data to understand important details about their outlook. Many times, data found within dating profiles can provide that missing context to understand how a person thinks.
If you're interested in learning more about these kinds of research techniques, check out open-source research (OSINT) resources like "Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information."
The OSINT community is awesome and has inspired me to keep doing these tutorials. The best way to be involved is to be part of the conversation on our Twitter, YouTube, and in the comments below. If you have any questions about this tutorial, feel free to leave a comment or reach me on Twitter @KodyKinzie. We'll be doing more guides on OSINT research techniques, so stay tuned.
Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.