IF AN EXPERT SAYS IT CAN'T BE DONE GET ANOTHER EXPERT.
Couchsurfing is one of the best products I have used in the last couple of years. It helped me to meet many people from all over the world, to host them or surf their couch and I am very thankful for that!
Privacy is an important thing. After exposing privacy issues with the Tinder app almost 2 years ago, I have started to doubt more and more different applications that require my personal information.
Couchsurfing allows people to see their users' private information such as:
More information below.
The Couchsurfing app seems to expose the Facebook profile of users who logged-in with their Facebook accounts.
After installing mitmproxy and setting up all the above you will have to follow those steps:
On Couchsurfing's website a user can fill-in a form to write down who should be his emergency contact. On the form it says:
Emergency Contact information can ONLY be seen by administrators. It will be used if we need to get in touch with someone other than you in case of emergency. This could be a family member or close friend. Please include name, relation, phone number and email address.
It seems like this information can be seen by ANYONE.
Using the form from the picture above it will be possible to see the detail in the HTTP response:
I am not sure if Couchsurfing's privacy issues are critical as Tinder's but in my opinion those are problems that should be fixed as I wouldn't want people to find my Facebook profile and SPAM or annoy me. Having said that, I think that promising your users a safe service requires the company to put more cautious and be as responsible as it claims to be.
The above was tested using Couchsurfing for iOS version 3.4.