Thousands of cannabis connoisseurs use the HighThere! app to meet up with like minded people with whom they can share a rig or a jay. The problem is that the people using it to find stoners aren’t just other stoners, they might be 5-0.
The cybersecurity firm Synack recently talked to Mic.com about the risks involved in using HighThere!, especially for marijuana users who purchase or sell their goods through the black market. Among other information, the app asks for the user’s name, photo, and preferred consumption method (smoking, vaporizing, edibles, or “it’s all good).
And how well is all that personal, possibly incriminating information? According to Synack, the app’s security is “student project level.” Information is not encoded or protected. Without having to break into a server or even request additional information, basically anyone using the app could find “the name, photograph, smoking habits and even personal location of nearby users with ease,” according to Mic.
A comparable app like Tinder keeps that kind of information in data centers, where it’s much harder to get at. HighThere! sends it all in raw data to other users’ phones, where anyone can see it. Even, maybe especially, police.
“This is maximum fun for law enforcement — an incredibly useful tool,” said Tony Gambacorta, vice president of operations at Synack. “God bless the criminal who advertises where he is and what he’s doing.”
It’s unlikely (though very possible) that police could use that information to target individual smokers. But a cop with a little bit of brains and time could use that information to find dealers in an area by tracking the behavior and locations of cannabis users throughout the day.
“You could not write a better tool for arresting people than this,” Gambacorta said. “If you’re going to do something like track people participating in an illegal activity, you need to have superb data privacy on your platform.”
Hopefully their security protocols change, as the app has the potential to be a great resource for cannabis enthusiasts. In response to Mic’s piece, HighThere! issued this response:
“HighThere! considers user privacy as a top priority. And for the past several months, we have been working diligently to enhance our current measures of protecting data. This work will be completed in the very near future, with an upcoming release that will include industry standard encryption, throughout all levels of the application.”