No, as long as they send precise distance radius info, a person's location can easily be computed with very very small margin of error.
The easiest fix is just to send less precise location radius. The user does not care whether another user is 6 miles or 6.0000000001 miles away from him anyway.
That doesn't seem to fix anything. Suppose you round to miles. Now I just sample the system until I find the "border" where the reported distance changes from 1 to 2 mile, and then I know the distance is exactly 1.5 mile there (or 2 miles if they round down).
Repeat for two more points and you have the same vulnerability.
that's a good point. if the first guess point (60.000000N, 10.000000W) is a mile away from the wanted point. Then doing binary search on range say [60.001000N, 10.000000W] and [59.999000N, 10.000000W] will most likely to hit a boundary case (leap from 1 to 2 or 1 to 0). If not we then can make the search range a bit larger.
What I don't understand is why the App needs the info, wouldn't it make more sense to change the API so it's just a call to /users?near={co-ord} and a simple list of users is returned without any location information? Sure you could still triangulate by using fake accounts and guestimating the boundaries based on when a user is and is not returned in the list…
EDIT: Ah, just fired up tinder, and saw the "x kilometres away from you" forgot about that haha :D
