Proton VPN homepage
ProtonVPN

Dating apps are now as much a part of modern courtship as going to the movies or buying flowers. But dating apps like Tinder, Grindr, or Bumble, present significant privacy risks. This Valentine’s Day, take some time to protect your privacy on dating apps.

Online dating is a privacy nightmare because it’s a Catch-22. You are obviously looking to entice someone and therefore want to create a level of intimacy, but you are speaking with someone you have never met. It requires a delicate dance of revealing enough information about yourself to beguile without sharing too much. And you need to accept information from people on the other end of your conversation, hoping they are acting in good faith. 

Scammers know this. They have begun hacking these apps or using social engineering to access people’s most sensitive photos or to trick people into sending payments. According to the US Federal Trade Commission, romance scams have been increasing steadily(new window), and over $547 million was lost to these scams in 2021.

Beyond scammers, many of these dating apps use the data you give them to target you with ads. When you consider that hundreds of millions of people use dating apps around the world to meet new people, there is a lot of data to be mined. Furthermore, many dating apps have been less-than-responsible stewards of the data entrusted to them.

But don’t give up on love! (It is Valentine’s Day, after all.) There are ways to limit your exposure online.

What data do dating apps have?

Most dating apps use the data they collect from you to target you with ads. That’s how they can continue operating while offering their service for free. (It’s also why you often can get access to stronger privacy controls if you pay for a subscription to a dating app.) 

When you consider the types of sensitive information many of these apps require you to share when you create an account, this data collection can be concerning. As an example, before you can use Tinder, you must share:

  • Your phone number or Google or Apple account
  • Your first name
  • Your date of birth
  • Two photos of you
  • Your location by turning on location tracking on your phone
  • Your sexual orientation

And nearly all dating apps encourage you to share more information, from your place of work to your favorite hobbies to your ethnicity. They also monitor any activity in their app, including swipes and conversations(new window). Obviously, a dating app can use any information you share with it to target you with ads. 

Many dating websites also contain dozens of trackers. Ghostery(new window) found that Match Group dating services (including Match.com, Tinder, and OkCupid) had up to 36 trackers on their websites(new window), including trackers from Facebook and Google.

Graph of trackers contained on different dating websites. OkCupid and OurTime have 25 and Match.com has 36.

Dating app data breaches

Most dating apps are still relatively new. Tinder launched in 2012, yet it has already suffered several data breaches and has been caught improperly sharing user data. This is sadly the norm among dating apps, which is important to keep in mind as you decide what personal data to divulge in these apps.

Back in 2013, cybersecurity experts discovered trileration attacks ((similar to triangulation) that Tinder allowed third parties to discover users’ exact location(new window), down to within a few hundred feet. Tinder resolved the issue by only specifying their users’ location in increments of miles, making the location data much less precise. In 2014, experts found the same flaw in Grindr(new window). Grindr claimed to have resolved the issue, but in 2016, researchers in Japan(new window) could still determine Grindr users’ location. Then, in 2018, another security expert discovered the location of Grindr users(new window), including ones that had opted out of letting Grindr share their location data.

A report by Kaspersky in 2017(new window) examined several dating apps, including Tinder, Bumble, and OkCupid, and found that nearly all the Android versions of these apps stored sensitive data on the Android device without proper protection. Hackers could use Facebook authorization tokens to gain full access to your account. Once a hacker had this access, they could view all the messages sent and received through these dating devices.

In January 2018, the cybersecurity firm Checkmarx discovered that Tinder did not use HTTPS encryption(new window) to secure the photos on its iOS or Android apps. If hackers connected to the same WiFi network as a Tinder user, they could see the same photos that user was viewing, whether they swiped right or left, and even insert pictures into that user’s queue. Tinder has since added HTTPS encryption to all its services. 

In April 2019, the Norwegian Consumer Council (NCC) filed a complaint after discovering that Grindr was sharing its users’ HIV status with third parties(new window) without consent. Grindr has since announced it would stop sharing its users’ health information with third parties.

The NCC filed another complaint in 2020 after it found that Grindr, Tinder, and OkCupid were sharing data(new window) unexpectedly with ad networks and other third parties. This information included users’ ages, genders, GPS location, IP address, and details about their device. 

In January 2021, the dating website MeetMindful.com suffered a data breach(new window) that exposed the details of all of its nearly 2.3 million users. The breach exposed geolocation data, full names, email addresses, Facebook IDs, Facebook authentication tokens, and more. Later that year, an engineer discovered that Bumble allowed a trilateration attack(new window) (similar to the one that affected Tinder) that could expose a user’s exact location.

In 2022, “anti-vax dating” site Uninjected left its entire unencrypted database exposed, and in April 2023, Have I Been Pwned? founder and maintainer, Troy Hunt, reported data breaches(new window) affecting two dating websites –  CityJerks and TruckerSucker – that exposed highly personal information about their users. 

Just days later, a federal judge ordered that a class action against Bumble(new window) be sent to arbitration(new window), following complaints that Bumble harvests a huge amount of sensitive data from its users. It does this without their knowledge or consent, and shares it with third parties such as Facebook and Instagram. The plaintiffs argued that the case was “even more egregious,” due to a massive data breach in 2020 that potentially affected some 95 million Bumble  users(new window)

And if you like to be spooked, Hulu is now (2024) streaming a three-part documentary(new window) about the infamous dating site for cheaters, Ashley Madison(new window), that was devastatingly hacked in 2015(new window) and where personal details of more than 2,500 unfaithful (or would-be unfaithful) users were published online. 

The majority of these system-level vulnerabilities have been resolved, but they speak to a culture of playing fast and loose with people’s personal data. Fortunately, there are things you can do yourself to patch up potential security failures in the dating apps you use.

How to protect your privacy on dating apps

Account security

  • Beware of links, and especially links using shortened URLs. Hackers will try to lure you away from the dating app to sites where they can more easily harvest your data. This is one of the most common Tinder scams. Rest your cursor over any link before you click it, or copy and paste the link into https://www.checkshorturl.com/(new window)
  • Only ever access your dating app on a secure WiFi network. An even better option is to protect the internet connection of your dating app with a trustworthy VPN(new window). This will add an extra layer of security to the app’s encryption.
  • Consider subscribing to a paid plan. Many dating apps give you additional privacy options, like turning off location tracking or hiding your account, if you subscribe to a paid plan. 

Privacy and social engineering

  • Never share your full name, address, or place of work in your profile. Tinder, Bumble, and Happn all allow users to add information about their jobs and education. With just this information and a first name, Kaspersky researchers matched(new window) a dating app profile to a LinkedIn or Facebook account 60% of the time.
  • Use a VPN to block dating app trackers and trilateration attacks. Nearly every dating website and app contain trackers that can follow you around the internet. Proton VPN’s NetShield Ad-Blocker(new window) stops trackers from even loading, speeding up your internet connection. And, unlike other ad blockers, it can protect block trackers in apps, not just in your browser. 
  • Choose your profile pictures carefully. A lot of information can often be gleaned from what is in the background of a photo, information that could be used to identify you. Also, remember that if you use a photo from one of your social media accounts, a reverse image search could link your dating profile to that account.
  • Do not link your dating app account to other accounts, like Facebook, Twitter, Instagram, etc. This makes it easy for hackers to connect your social media profile to your online dating one. It also would expose your data if Facebook were to suffer a data breach(new window).
  • Don’t use your everyday email for your dating app or to contact new matches. Instead, use an alias(new window) or a private email(new window) just for that specific app or relationship.
  • Always disable location-sharing features.
  • Give a temporary phone number to your matches. You can use services like Phoner or Burner that give you temporary phone numbers that last a couple of weeks for free or for a small fee. Since they are temporary, it is hard to use such a phone number on your dating app account, but it could give you some time to meet your matches in real life before you trust them with your phone number.
  • Try reverse image searching your match’s profile picture if something feels off. If your search finds the photo is from a modeling agency or a foreign celebrity, you are likely looking at a fake account.
  • Avoid sharing specific information that could identify you. Eventually, you will have to share information about yourself. After all, you are trying to convince someone that you are interesting enough to meet. Try to talk more about your interests, ambitions, and preferences. More “I love pizza” than “My favorite pizza restaurant is on the corner of Main St. and 2nd Ave.” Never be afraid to say “no” if someone asks you for personal information that you’re not yet comfortable sharing.
  • Avoid sending photos to people you do not know. Photos can contain metadata about when and where the photo was taken. If you must share a photo, be sure to remove its metadata(new window) first.
  • Beware of chatting with bots. Online bots are getting harder and harder to detect, but one test you can try is to work gibberish into a phrase, like “I love a;lkjasdllkjf,” and see if the bot repeats the non-word or transitions into a non-sequitur question. (If it’s a human, you can always cover by saying your phone slipped.)
  • If someone asks you over a dating app to send them money, your answer should always be “No” unless you want to show up on the next version of The Tinder Swindler(new window)
  • Do not immediately friend your matches on Facebook. Once someone has access to your Facebook account, they can see your friend and family network along with your past activity and location. Wait until you have been dating for a month or two before friending them. (Or, more ideally, quit Facebook(new window).)

Physical safety

  • Arrange to meet in a public area and let a friend know that you are going. You should also choose to meet in a neutral place, not the restaurant or cafe you go to every week.

Don’t let this advice scare you off of dating apps! They can be fun, and they’ve helped millions of people find dates, hookups, friends, and partners. Just try not to let Cupid’s arrow lull you into a false sense of security, and always keep in mind that this person who seems too good to be true just might be.

Happy Valentine’s Day!




Related articles

A lock with the colors of the Dutch flag
We ran a survey in the Netherlands and found that 51% of Dutch adults are worried about their online privacy. See the rest of the results.
s AliExpress reliable?
  • Privacy basics
Chinese shopping platform AliExpress is undoubtedly cheap. But is it also safe and reliable, or you are likely to get scammed?
How to fix a 502 error
In this article, we explain what a 502 bad gateway error is and explore possible ways to fix it as a visitor to a website.
Watch Thanksgiving Day football with Proton VPN
Here's how you can live stream this year's Thanksgiving football games using Proton VPN, whether you're watching from home or abroad.
Where to watch Macy's Thanksgiving day parade
Here's how and where to watch Macy's Thanksgiving Day Parade live from anywhere in the world with Proton VPN.
What we've been up to, and what's next
Here are the main things Proton VPN delivered this spring and summer and the exciting changes that lie ahead on our product roadmap this winter.