Dating apps are now as much a part of modern courtship as going to the movies or buying flowers. But dating apps, like Tinder, Grindr, or Bumble, present significant privacy risks. This Valentine’s Day, take some time to secure your data to avoid falling victim to a Tinder scammer.
Online dating is an info security nightmare because it’s a Catch-22. In the pursuit of romance, you are incentivized to create some feeling of intimacy, but with a person who is a literal unknown. It requires a delicate dance of revealing information about yourself to beguile and accepting information from others with good faith. Our guard is down in these apps.
Scammers know this. They have begun hacking these apps or using social engineering to access people’s most sensitive photos, conversations, and data. When you consider that hundreds of millions of people use dating apps around the world to meet new people, there is a lot of data to be mined. Furthermore, many dating apps have been less-than-responsible stewards of the data entrusted to them.
But don’t give up on love! (It is Valentine’s Day, after all.) There are ways to limit your exposure online.
Dating app data breaches
Dating apps started showing up less than 10 years ago, yet many of the major apps, specifically Grindr and Tinder, have suffered multiple data breaches or have been caught improperly sharing user data. This is important to keep in mind as you decide what personal data to divulge in these apps.
Tinder and Grindr both have long histories of exposing their users’ data to third parties. Back in 2013, cybersecurity experts discovered that Tinder allowed third parties to discover users’ exact location, down to within a few hundred feet. Tinder resolved the issue by only specifying their users’ location in increments of miles, making the location data much less precise. In 2014, experts found the same flaw in Grindr. Grindr claimed to have resolved the issue, but in 2016, researchers in Japan were still able to determine Grindr users’ location through simple triangulation. Then, in 2018, another security expert was able to discover the location of Grindr users, including ones that had opted out of letting Grindr share their location data.
A report by Kaspersky in 2017 examined several dating apps, including Tinder, Bumble, and OkCupid, and found that nearly all the Android versions of these apps stored sensitive data on the Android device without proper protection. Hackers could use Facebook authorization tokens to gain full access to your account. Once a hacker had this access, they could view all the messages sent and received through these dating devices.
In January 2018, the cybersecurity firm Checkmarx discovered that Tinder did not use HTTPS encryption to secure the photos on its iOS or Android apps. If hackers connected to the same WiFi network as a Tinder user, they could see the same photos that user was viewing, whether they swiped right or left, and even insert pictures into that user’s queue. Tinder has since added HTTPS encryption to all their services. Then in April of last year, the Norwegian Consumer Council filed a complaint after they discovered that Grindr was sharing its users’ HIV status with third parties without consent. Under scrutiny, Grindr announced they would stop all sharing of their users’ health information with third parties.
These may seem like big, systems-level vulnerabilities. However, there are things you can do yourself to patch up potential security failures in the dating apps you use.
How to protect your privacy on dating apps
- As with all of your Internet accounts, use a strong, unique password and two-factor authentication, if it’s available.
- Beware of anyone sending you links, and especially links using shortened URLs. Hackers will try to lure you away from the dating app to sites that can more easily harvest your data. This is one of the most common Tinder scams. Rest your cursor over any link before you click it, or copy and paste the link into https://www.checkshorturl.com/.
- Only ever access your dating app on a secure WiFi network. An even better option is to protect the Internet connection of your dating app with a trustworthy VPN. This will add an extra layer of security to the app’s encryption.
Privacy and social engineering
- Never share your full name, address, or place of work in your profile. Tinder, Bumble and Happn all allow users to add information about their job and education. With just this information and a first name, Kaspersky researchers were able to match a dating app profile to a LinkedIn or Facebook account 60% of the time.
- Do not link your account on a dating app to your Facebook account. This makes it easier for hackers to connect your social media profile to your online dating one. It also would expose your data if Facebook were to suffer a data breach.
- Using the same logic, do not link your Instagram, Twitter, or WhatsApp accounts to your dating app or share them in your profile.
- For accounts or relationships based on your email, don’t use your everyday email address. Instead, get a separate, anonymous email just for that specific app or relationship.
- Always disable any location-sharing features in your accounts on dating apps.
- If you are uncomfortable sharing your cell phone number with someone you just met online, you can create a separate phone number with apps like Phoner or Burner. These services give you temporary phone numbers that last a couple of weeks for free or for a small fee. Since they are temporary, it is hard to use such a phone number on your dating app account, but it could give you some time to meet your matches in real life before you trust them with your phone number.
- If an account looks suspicious, try doing a reverse image search of the profile pictures. If your search finds the photo is from a modeling agency or a foreign celebrity, you are likely looking at a fake account.
- Eventually, you will have to share information about yourself. You are trying to convince someone that you are interesting enough to meet. Try to talk more about your interests, ambitions, and preferences and avoid specific information that could identify you. More “I love pizza” than “My favorite pizza restaurant is on the corner of Main St. and 2nd Ave.” Never be afraid to say “no” if someone asks you for personal information that you’re not yet comfortable sharing.
- Avoid sending digital photos to users you do not trust. Digital photos can contain metadata about when and where the photo was taken along with other information that could be used to identify you. If you must share a photo, be sure to remove its metadata first. Also, always keep in mind that any explicit pictures you send could be used for blackmail.
- If you are chatting with someone and they are responding incredibly fast or if their responses seem stilted and full of non-sequitur questions, you should proceed carefully. While it is possible you have enchanted someone so thoroughly that they are struggling to respond coherently, it is more likely you are chatting with a bot. Online bots are getting harder and harder to detect, but one test you can try is to work gibberish into a phrase, like “I love a;lkjasdllkjf,” and see if the bot repeats the non-word or transitions into a non-sequitur question. (If it’s a human, you can always cover by saying your phone slipped.)
- This may seem obvious, but if someone asks you over a dating app to send them money, your answer should always be “No.”
- Do not immediately friend your matches on Facebook. Once someone has access to your Facebook account, they can see your friend and family network along with your past activity and location. Wait until you have been dating for a month or two before friending them. (Or, more ideally, quit Facebook.)
- If you are going to meet someone offline, arrange to meet in a public area and let a friend know that you are going. You should also choose to meet in a neutral place, not the restaurant or cafe you go to every week.
Don’t let this advice scare you off of dating apps! They can be fun, and they’ve helped millions of people find dates, hookups, friends, wives, husbands, etc. Just try not to let Cupid’s arrow lull you into a false sense of security, and always keep in mind that this person who seems too good to be true just might be.
Happy Valentine’s Day!
The ProtonVPN Team
You can get a free ProtonVPN account here.
To get a free ProtonMail encrypted email account, visit: protonmail.com