We do the research, you get the alpha!
Correction: Tinder has reached out to explain that it was not hacked but that the data was gathered in other ways. A Tinder spokesperson said, “It is a violation of our terms to copy or use any members’ images or profile data outside of Tinder. We work hard to keep our members and their information safe. We know that this work is ever evolving for the industry as a whole and we are constantly identifying and implementing new best practices and measures to make it more difficult for anyone to commit a violation like this.” We apologize for the mistake.
In a well publicized hack, the dating app Tinder was compromised last week. Black hat hackers, apparently hunting for a fresh assortment of catfishing bait, appropriated 70,000 pictures from the app. The breach, which was the first major security incident in Tinder’s history, affected 16,000 users.
With Tinder’s reputation up in flames, a number of critics have pointed out that this could have been avoided via a decentralized system.
Tinder's data breach is the latest in a long line of data foul ups, ranging from Google’s loss of 50 million user’s data in 2018, to last year when Facebook’s unsecured server jeopardized over 400 million user’s phone numbers. For Tinder the key problem was that it held the files in one, centralized location, making it easy for hackers to bag such a big loot.
More centralization, more problems.
"Centralization is the apex of vulnerability. When all of the data is stored in one location, usually all it takes is one ‘key’ to access the files on the server,” said Jeff Kirdeikis, the CEO of Uptrennd—a decentralized social media platform. “We've seen this vulnerability exploited with Equifax, Facebook, Myspace, and even major government agencies. If it's centralized, it's vulnerable, and it likely will get breached."
It didn’t used to be like this. During the Internet's infancy, nascent applications, such as email, were designed within a distributed model, with no single point of failure. Now, many companies such as Facebook, Google, and Twitter operate on predominantly centralized architecture. That allows the likes of Facebook to be exposed to a host of attack vectors, including the classic distributed denial of service (DoS/DDoS) assault, where a bad actor overwhelms a server with a flood of traffic, crashing the website.
Centrally held servers are inherently fragile. In Facebook’s second most infamous scandal, the platform allowed access to over 400 million user phone numbers—all due to unprotected databases. So, other than effective password management, what's the solution?
A better way
In Kirdeikis' opinion, there is only one way to combat this central issue: distribute and decentralize data.
Decentralization allows for fractional amounts of data to be stored in multiple locations.
Imagine if a photo were split up into one hundred pieces, and then servers around the world hosted one of those pieces each. If one of those servers was hacked, your photo would not be vulnerable as they would only have a fraction of the information.
"This is similar to if someone found a single shred of a shredded credit card. It would be useless without the rest," Kirdeikis noted.
Sam Pajot-Phipps, Head of Strategy at The Open Application Network, explained to Decrypt how decentralized systems keep data secured:
“Depending on the type of product and data, leveraging a decentralized data storage protocol can provide consumer applications with increased security through a global network of independent operators that manage and secure the data and with verifiable guarantees as to how the data is stored, accessed and managed.”
Not a cure-all for everything
However, decentralization isn't without its faults. These systems frequently oblige more effort from the end-users hands, often requiring the need to install software. For some, the slack that centralized entities take up more than compensate for the issues they present. Moreover, the fragmentation of data over several locations heightens costs and increases complications.
Pajot-Phipps argues that for a decentralized utopia to come to fruition, education, technology, and ergonomics need to come up to scratch.
“In a future state where decentralized data protocols support every-day consumer applications we are shifting certain requirements and responsibilities from specific entities to individuals. While this moves us towards a more self-sovereign future it also requires novel technical solutions, education and changes to standard user-experiences.”