Hornet — Research Shows Dating Apps Can Reveal Users’ Precise Coordinates via Trilateration
An investigation published by Mashable found that geolocation features in dating apps can expose users’ precise locations — a risk that is particularly acute for LGBTQ+ communities. According to Mashable, security researcher Alexey Bukhteyev at Check Point Research demonstrated how trilateration techniques can be used to derive a user’s coordinates despite in-app attempts to mask location data. The Check Point Research report is available here.
How can dating apps expose your location?
Dating apps commonly use location data to connect people nearby, but Bukhteyev’s work shows that convenience can come with serious privacy drawbacks. Using trilateration — a method that calculates an exact position by measuring distances from multiple reference points — Bukhteyev was able to refine a target user’s position to within a few meters in his experiments. The research focused on two popular LGBTQ+ dating apps, including Hornet and a second unnamed app, and involved manipulating reference points and applying geometric calculations to reduce location uncertainty.
Those findings underline the extremes of what a determined actor can do to locate someone via a dating app, and Bukhteyev’s experiment highlights threats that are not merely theoretical. As Mashable notes, state and government actors have previously used dating apps to locate LGBTQ+ people, as reported by The Washington Post. The investigation also points to broader safety concerns: dating platforms have an ongoing predator problem, as detailed by Mother Jones.
For users, the practical takeaway is to be cautious about granting geolocation permissions and to use any in-app location-obfuscation features if available. For developers, the research signals a need to strengthen privacy controls and rethink how proximity features are implemented, especially for communities facing heightened risks. As Mashable and other outlets have observed, the stakes for LGBTQ+ users can be very high in regions where rights are restricted — see reporting on platform risks in those contexts at Wired.
