A few weeks ago Grindr suffered a severe security issue that exposed highly sensitive information of it‘s users. These security issues could expose personal data for their 3 million daily users of the gay dating app, according to an NBC OUT report .

This is not the first time Grindr is having these kind of problems – their history of incidents begins early 2012. This time, the problem was a more serious one. A third-party platform discovered flaws, exposing sensitive information like HIV status of a huge amount of users all around the world. And the issue became even bigger as users who had opted out of sharing data were also involved. Grindr data leak is way more scary then what‘s going on with Facebook.

But there are alternatives to Grindr & co. that take security real serious. u2nite has been designed from the ground up with three concepts in mind: beauty, simplicity, and protecting privacy & security of our users. In order to protect privacy, we identified the following key areas to focus on:

• data transport security
• user authentication
• user profile data
• location data
• meeting people

Data Transport Security
Every data transfer between the u2nite app on a user’s device and a u2nite service endpoint is end-to-end encrypted using TLS 1.2 and better.

User Authentication
We built a public key infrastructure (PKI) to authenticate users and authorize access to u2nite services. As opposed to traditional username-password schemes, this offers a few benefits:

• No weak passwords. Our users are not prone to choose weak passwords. Instead, a algorithm generates unique and secure key pairs for each of them.

• No forgotten passwords. Our users are not involved with authentication issues, things just work out of the box. For the past years, u2nite did not receive a single support request with regard to login issues.

• Anonymous users. u2nite do not ask for email addresses or personal contact data. Users are free to use the services without exposing themselves.

• No credentials on servers. With private keys being stored exclusively in a protected area of device storage, where only the u2nite app has access to, there is no easy way for attackers to compromise user authentication data. Even with physical access to a device, private keys are invisible and can only be exposed with the help of highly sophisticated hacking tools. This gives u2nite a leading edge when it comes to protecting our users and services from attackers. Without any connection to real-world names or email addresses, users are unlikely to be identified from their virtual presence only.

User Profile Data
In the light of data breaches becoming a new lucrative business, u2nite ensure that no data leaves the u2nite platform. The dating app achieve this by implementing the following steps:

The app does not store user profile data on servers. Each user’s profile data is being stored exclusively on his device.

Mutable only by the owner. Each user profile is mutable only by the person owning the device on which the profile is stored.

Visible-only when present. After signing in, u2nite app sends a user’s profile data to its backend. The user is considered present for a defined period of time. While present, a user’s profile is visible to other users of u2nite. Once the presence period comes to an end, the user’s profile is erased from all services and becomes non-existent to anything but the user’s device.

• Anonymized photo storage. Profile photos of the users are hosted in the cloud. They are stored in several distinct places, accessible only by anonymized URLs, unrelated to their owner.

Compared to most competitors who store private user data on the servers, u2nite drops every knowledge about users once their presence period ends. So even when breaking in our servers, attackers ever only see a minimal subset of profile data – data that does not contain leads to the person in the real world.

Location Data
Most of u2nite‘s competitors advertise their ability to work with ‘precise location’ data. Needless to say, u2nite does work with precise location data, too. But when it comes to the location of the users, this dating app introduce a so-called blur factor:

• Blur factor. A 300m x 300m box drawn around the precise location of a user. The blur factor algorithm puts a user’s location marker randomly within the bounds of the box before making it visible to other users of u2nite. The blur factor prevents the users to accidentally expose their location to attackers and malicious people. Again, other apps put their users at risk of having uninvited people showing up. This is very critical particularly in countries where gay people are victims to persecution and torture.

Meeting People
The u2nite app offers a dating button which, once activated, connects two people interested in a meeting. In order for them to stay safe until they know who they are dealing with, the u2nite app suggests public places as meeting spots, found automatically by the app by referring to public venue data. Such meeting spots can be cafes, museums, galleries etc. This way, none of our users has to expose his precise location before getting a first impression on the person to meet.

Long story short, u2nite is easy and fun to use and u2nite is as safe as it gets!

Back to Grindr; The app became the #1 dating app for gay men who thought it was a safe space where users were free to just be themselves, away from judging eyes. A place where you could be comfortable and understood. Unfortunately for their users, this turned out to be wishful thinking.

In contrast to most existing gay dating and boy chat apps, the security concepts of the new gay dating and boy chat app u2nite are a great leap forward for the community. Best of all: the app is 100% free to use.
For more information check out our website: http://www.u2nite.com