50% OFF

Black Friday starts early this year!

Black Friday

View deals

How to protect your privacy on dating apps

Posted on February 14th, 2022 by in How-to.

 

Back in 2019, we did a deep dive into what you can do to protect your privacy on dating apps while still matching with people. Now that it’s 2022, we have updated this article with the latest news and tips.

Dating apps are now as much a part of modern courtship as going to the movies or buying flowers. But dating apps like Tinder, Grindr, or Bumble, present significant privacy risks. This Valentine’s Day, take some time to protect your privacy on dating apps. 

Online dating is a privacy nightmare because it’s a Catch-22. You are obviously looking to entice someone and therefore want to create a level of intimacy, but you are speaking with someone you have never met. It requires a delicate dance of revealing enough information about yourself to beguile without sharing too much. And you need to accept information from people on the other end of your conversation, hoping they are acting in good faith. 

Scammers know this. They have begun hacking these apps or using social engineering to access people’s most sensitive photos or to trick people into sending payments. According to the US Federal Trade Commission, romance scams have been increasing steadily, and over $547 million was lost to these scams in 2021.

Beyond scammers, many of these dating apps use the data you give them to target you with ads. When you consider that hundreds of millions of people use dating apps around the world to meet new people, there is a lot of data to be mined. Furthermore, many dating apps have been less-than-responsible stewards of the data entrusted to them.

But don’t give up on love! (It is Valentine’s Day, after all.) There are ways to limit your exposure online.

What data do dating apps have?

Most dating apps use the data they collect from you to target you with ads. That’s how they can continue operating while offering their service for free. (It’s also why you often can get access to stronger privacy controls if you pay for a subscription to a dating app.) 

When you consider the types of sensitive information many of these apps require you to share when you create an account, this data collection can be concerning. As an example, before you can use Tinder, you must share:

  • Your phone number or Google or Apple account
  • Your first name
  • Your date of birth
  • Two photos of you
  • Your location by turning on location tracking on your phone
  • Your sexual orientation

And nearly all dating apps encourage you to share more information, from your place of work to your favorite hobbies to your ethnicity. They also monitor any activity in their app, including swipes and conversations. Obviously, a dating app can use any information you share with it to target you with ads. 

Many dating websites also contain dozens of trackers. Ghostery found that Match Group dating services (including Match.com, Tinder, and OkCupid) had up to 36 trackers on their websites, including trackers from Facebook and Google.

Graph of trackers contained on different dating websites. OkCupid and OurTime have 25 and Match.com has 36.

Dating app data breaches

Most dating apps are still relatively new. Tinder launched in 2012, yet it has already suffered several data breaches and has been caught improperly sharing user data. This is sadly the norm among dating apps, which is important to keep in mind as you decide what personal data to divulge in these apps.

Back in 2013, cybersecurity experts discovered trileration attacks ((similar to triangulation) that Tinder allowed third parties to discover users’ exact location, down to within a few hundred feet. Tinder resolved the issue by only specifying their users’ location in increments of miles, making the location data much less precise. In 2014, experts found the same flaw in Grindr. Grindr claimed to have resolved the issue, but in 2016, researchers in Japan could still determine Grindr users’ location. Then, in 2018, another security expert discovered the location of Grindr users, including ones that had opted out of letting Grindr share their location data.

A report by Kaspersky in 2017 examined several dating apps, including Tinder, Bumble, and OkCupid, and found that nearly all the Android versions of these apps stored sensitive data on the Android device without proper protection. Hackers could use Facebook authorization tokens to gain full access to your account. Once a hacker had this access, they could view all the messages sent and received through these dating devices.

In January 2018, the cybersecurity firm Checkmarx discovered that Tinder did not use HTTPS encryption to secure the photos on its iOS or Android apps. If hackers connected to the same WiFi network as a Tinder user, they could see the same photos that user was viewing, whether they swiped right or left, and even insert pictures into that user’s queue. Tinder has since added HTTPS encryption to all its services. 

In April 2019, the Norwegian Consumer Council (NCC) filed a complaint after discovering that Grindr was sharing its users’ HIV status with third parties without consent. Grindr has since announced it would stop sharing its users’ health information with third parties.

The NCC filed another complaint in 2020 after it found that Grindr, Tinder, and OkCupid were sharing data unexpectedly with ad networks and other third parties. This information included users’ ages, genders, GPS location, IP address, and details about their device. 

In January 2021, the dating website MeetMindful.com suffered a data breach that exposed the details of all of its nearly 2.3 million users. The breach exposed geolocation data, full names, email addresses, Facebook IDs, Facebook authentication tokens, and more. Later that year, an engineer discovered that Bumble allowed a trilateration attack (similar to the one that affected Tinder) that could expose a user’s exact location.

The majority of these system-level vulnerabilities have been resolved, but they speak to a culture of playing fast and loose with people’s personal data. Fortunately, there are things you can do yourself to patch up potential security failures in the dating apps you use.

How to protect your privacy on dating apps

Account security

  • Use a strong, unique password and two-factor authentication if it’s available.
  • Beware of links, and especially links using shortened URLs. Hackers will try to lure you away from the dating app to sites where they can more easily harvest your data. This is one of the most common Tinder scams. Rest your cursor over any link before you click it, or copy and paste the link into https://www.checkshorturl.com/
  • Only ever access your dating app on a secure WiFi network. An even better option is to protect the internet connection of your dating app with a trustworthy VPN. This will add an extra layer of security to the app’s encryption.
  • Consider subscribing to a paid plan. Many dating apps give you additional privacy options, like turning off location tracking or hiding your account, if you subscribe to a paid plan. 

Privacy and social engineering

  • Never share your full name, address, or place of work in your profile. Tinder, Bumble, and Happn all allow users to add information about their jobs and education. With just this information and a first name, Kaspersky researchers matched a dating app profile to a LinkedIn or Facebook account 60% of the time.
  • Use a VPN to block dating app trackers and trilateration attacks. Nearly every dating website and app contain trackers that can follow you around the internet. Proton VPN’s NetShield Ad-Blocker stops trackers from even loading, speeding up your internet connection. And, unlike other ad blockers, it can protect block trackers in apps, not just in your browser. 
  • Choose your profile pictures carefully. A lot of information can often be gleaned from what is in the background of a photo, information that could be used to identify you. Also, remember that if you use a photo from one of your social media accounts, a reverse image search could link your dating profile to that account.
  • Do not link your dating app account to other accounts, like Facebook, Twitter, Instagram, etc. This makes it easy for hackers to connect your social media profile to your online dating one. It also would expose your data if Facebook were to suffer a data breach.
  • Don’t use your everyday email for your dating app or to contact new matches. Instead, use an alias or a private email just for that specific app or relationship.
  • Always disable location-sharing features.
  • Give a temporary phone number to your matches. You can use services like Phoner or Burner that give you temporary phone numbers that last a couple of weeks for free or for a small fee. Since they are temporary, it is hard to use such a phone number on your dating app account, but it could give you some time to meet your matches in real life before you trust them with your phone number.
  • Try reverse image searching your match’s profile picture if something feels off. If your search finds the photo is from a modeling agency or a foreign celebrity, you are likely looking at a fake account.
  • Avoid sharing specific information that could identify you. Eventually, you will have to share information about yourself. After all, you are trying to convince someone that you are interesting enough to meet. Try to talk more about your interests, ambitions, and preferences. More “I love pizza” than “My favorite pizza restaurant is on the corner of Main St. and 2nd Ave.” Never be afraid to say “no” if someone asks you for personal information that you’re not yet comfortable sharing.
  • Avoid sending photos to people you do not know. Photos can contain metadata about when and where the photo was taken. If you must share a photo, be sure to remove its metadata first.
  • Beware of chatting with bots. Online bots are getting harder and harder to detect, but one test you can try is to work gibberish into a phrase, like “I love a;lkjasdllkjf,” and see if the bot repeats the non-word or transitions into a non-sequitur question. (If it’s a human, you can always cover by saying your phone slipped.)
  • If someone asks you over a dating app to send them money, your answer should always be “No” unless you want to show up on the next version of The Tinder Swindler
  • Do not immediately friend your matches on Facebook. Once someone has access to your Facebook account, they can see your friend and family network along with your past activity and location. Wait until you have been dating for a month or two before friending them. (Or, more ideally, quit Facebook.)

Physical safety

  • Arrange to meet in a public area and let a friend know that you are going. You should also choose to meet in a neutral place, not the restaurant or cafe you go to every week.

Don’t let this advice scare you off of dating apps! They can be fun, and they’ve helped millions of people find dates, hookups, friends, and partners. Just try not to let Cupid’s arrow lull you into a false sense of security, and always keep in mind that this person who seems too good to be true just might be.

Happy Valentine’s Day!




Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

2 comments

  1. Miley Cryus

    Great Article it its really informative and innovative keep us posted with new updates. its was really valuable. thanks a lot.

  2. Richie Koch

    Thanks! I’m glad you found it helpful (and that you didn’t come in like a wrecking ball).

Comments are closed.

Secure
your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN