Dating apps are now as much a part of modern courtship as going to the movies or buying flowers. But dating apps like Tinder, Grindr, or Bumble, present significant privacy risks. This Valentine’s Day, take some time to protect your privacy on dating apps.
Online dating is a privacy nightmare because it’s a Catch-22. You are obviously looking to entice someone and therefore want to create a level of intimacy, but you are speaking with someone you have never met. It requires a delicate dance of revealing enough information about yourself to beguile without sharing too much. And you need to accept information from people on the other end of your conversation, hoping they are acting in good faith.
Scammers know this. They have begun hacking these apps or using social engineering to access people’s most sensitive photos or to trick people into sending payments. According to the US Federal Trade Commission, romance scams have been increasing steadily(новое окно), and over $547 million was lost to these scams in 2021.
Beyond scammers, many of these dating apps use the data you give them to target you with ads. When you consider that hundreds of millions of people use dating apps around the world to meet new people, there is a lot of data to be mined. Furthermore, many dating apps have been less-than-responsible stewards of the data entrusted to them.
But don’t give up on love! (It is Valentine’s Day, after all.) There are ways to limit your exposure online.
What data do dating apps have?
Most dating apps use the data they collect from you to target you with ads. That’s how they can continue operating while offering their service for free. (It’s also why you often can get access to stronger privacy controls if you pay for a subscription to a dating app.)
When you consider the types of sensitive information many of these apps require you to share when you create an account, this data collection can be concerning. As an example, before you can use Tinder, you must share:
- Your phone number or Google or Apple account
- Your first name
- Your date of birth
- Two photos of you
- Your location by turning on location tracking on your phone
- Your sexual orientation
And nearly all dating apps encourage you to share more information, from your place of work to your favorite hobbies to your ethnicity. They also monitor any activity in their app, including swipes and conversations(новое окно). Obviously, a dating app can use any information you share with it to target you with ads.
Many dating websites also contain dozens of trackers. Ghostery(новое окно) found that Match Group dating services (including Match.com, Tinder, and OkCupid) had up to 36 trackers on their websites(новое окно), including trackers from Facebook and Google.
Dating app data breaches
Most dating apps are still relatively new. Tinder launched in 2012, yet it has already suffered several data breaches and has been caught improperly sharing user data. This is sadly the norm among dating apps, which is important to keep in mind as you decide what personal data to divulge in these apps.
Back in 2013, cybersecurity experts discovered trileration attacks ((similar to triangulation) that Tinder allowed third parties to discover users’ exact location(новое окно), down to within a few hundred feet. Tinder resolved the issue by only specifying their users’ location in increments of miles, making the location data much less precise. In 2014, experts found the same flaw in Grindr(новое окно). Grindr claimed to have resolved the issue, but in 2016, researchers in Japan(новое окно) could still determine Grindr users’ location. Then, in 2018, another security expert discovered the location of Grindr users(новое окно), including ones that had opted out of letting Grindr share their location data.
A report by Kaspersky in 2017(новое окно) examined several dating apps, including Tinder, Bumble, and OkCupid, and found that nearly all the Android versions of these apps stored sensitive data on the Android device without proper protection. Hackers could use Facebook authorization tokens to gain full access to your account. Once a hacker had this access, they could view all the messages sent and received through these dating devices.
In January 2018, the cybersecurity firm Checkmarx discovered that Tinder did not use HTTPS encryption(новое окно) to secure the photos on its iOS or Android apps. If hackers connected to the same WiFi network as a Tinder user, they could see the same photos that user was viewing, whether they swiped right or left, and even insert pictures into that user’s queue. Tinder has since added HTTPS encryption to all its services.
In April 2019, the Norwegian Consumer Council (NCC) filed a complaint after discovering that Grindr was sharing its users’ HIV status with third parties(новое окно) without consent. Grindr has since announced it would stop sharing its users’ health information with third parties.
The NCC filed another complaint in 2020 after it found that Grindr, Tinder, and OkCupid were sharing data(новое окно) unexpectedly with ad networks and other third parties. This information included users’ ages, genders, GPS location, IP address, and details about their device.
In January 2021, the dating website MeetMindful.com suffered a data breach(новое окно) that exposed the details of all of its nearly 2.3 million users. The breach exposed geolocation data, full names, email addresses, Facebook IDs, Facebook authentication tokens, and more. Later that year, an engineer discovered that Bumble allowed a trilateration attack(новое окно) (similar to the one that affected Tinder) that could expose a user’s exact location.
In 2022, “anti-vax dating” site Uninjected left its entire unencrypted database exposed, and in April 2023, Have I Been Pwned? founder and maintainer, Troy Hunt, reported data breaches(новое окно) affecting two dating websites – CityJerks and TruckerSucker – that exposed highly personal information about their users.
Just days later, a federal judge ordered that a class action against Bumble(новое окно) be sent to arbitration(новое окно), following complaints that Bumble harvests a huge amount of sensitive data from its users. It does this without their knowledge or consent, and shares it with third parties such as Facebook and Instagram. The plaintiffs argued that the case was “even more egregious,” due to a massive data breach in 2020 that potentially affected some 95 million Bumble users(новое окно).
And if you like to be spooked, Hulu is now (2024) streaming a three-part documentary(новое окно) about the infamous dating site for cheaters, Ashley Madison(новое окно), that was devastatingly hacked in 2015(новое окно) and where personal details of more than 2,500 unfaithful (or would-be unfaithful) users were published online.
The majority of these system-level vulnerabilities have been resolved, but they speak to a culture of playing fast and loose with people’s personal data. Fortunately, there are things you can do yourself to patch up potential security failures in the dating apps you use.
How to protect your privacy on dating apps
Account security
- Use a strong, unique password(новое окно) and two-factor authentication(новое окно) if it’s available. Proton Pass can generate strong passwords for you, and can also generate secure 2FA codes.
- Beware of links, and especially links using shortened URLs. Hackers will try to lure you away from the dating app to sites where they can more easily harvest your data. This is one of the most common Tinder scams. Rest your cursor over any link before you click it, or copy and paste the link into https://www.checkshorturl.com/(новое окно).
- Only ever access your dating app on a secure WiFi network. An even better option is to protect the internet connection of your dating app with a trustworthy VPN(новое окно). This will add an extra layer of security to the app’s encryption.
- Consider subscribing to a paid plan. Many dating apps give you additional privacy options, like turning off location tracking or hiding your account, if you subscribe to a paid plan.
Privacy and social engineering
- Never share your full name, address, or place of work in your profile. Tinder, Bumble, and Happn all allow users to add information about their jobs and education. With just this information and a first name, Kaspersky researchers matched(новое окно) a dating app profile to a LinkedIn or Facebook account 60% of the time.
- Use a VPN to block dating app trackers and trilateration attacks. Nearly every dating website and app contain trackers that can follow you around the internet. Proton VPN’s NetShield Ad-Blocker(новое окно) stops trackers from even loading, speeding up your internet connection. And, unlike other ad blockers, it can protect block trackers in apps, not just in your browser.
- Choose your profile pictures carefully. A lot of information can often be gleaned from what is in the background of a photo, information that could be used to identify you. Also, remember that if you use a photo from one of your social media accounts, a reverse image search could link your dating profile to that account.
- Do not link your dating app account to other accounts, like Facebook, Twitter, Instagram, etc. This makes it easy for hackers to connect your social media profile to your online dating one. It also would expose your data if Facebook were to suffer a data breach(новое окно).
- Don’t use your everyday email for your dating app or to contact new matches. Instead, use an alias(новое окно) or a private email(новое окно) just for that specific app or relationship.
- Always disable location-sharing features.
- Give a temporary phone number to your matches. You can use services like Phoner or Burner that give you temporary phone numbers that last a couple of weeks for free or for a small fee. Since they are temporary, it is hard to use such a phone number on your dating app account, but it could give you some time to meet your matches in real life before you trust them with your phone number.
- Try reverse image searching your match’s profile picture if something feels off. If your search finds the photo is from a modeling agency or a foreign celebrity, you are likely looking at a fake account.
- Avoid sharing specific information that could identify you. Eventually, you will have to share information about yourself. After all, you are trying to convince someone that you are interesting enough to meet. Try to talk more about your interests, ambitions, and preferences. More “I love pizza” than “My favorite pizza restaurant is on the corner of Main St. and 2nd Ave.” Never be afraid to say “no” if someone asks you for personal information that you’re not yet comfortable sharing.
- Avoid sending photos to people you do not know. Photos can contain metadata about when and where the photo was taken. If you must share a photo, be sure to remove its metadata(новое окно) first.
- Beware of chatting with bots. Online bots are getting harder and harder to detect, but one test you can try is to work gibberish into a phrase, like “I love a;lkjasdllkjf,” and see if the bot repeats the non-word or transitions into a non-sequitur question. (If it’s a human, you can always cover by saying your phone slipped.)
- If someone asks you over a dating app to send them money, your answer should always be “No” unless you want to show up on the next version of The Tinder Swindler(новое окно).
- Do not immediately friend your matches on Facebook. Once someone has access to your Facebook account, they can see your friend and family network along with your past activity and location. Wait until you have been dating for a month or two before friending them. (Or, more ideally, quit Facebook(новое окно).)
Physical safety
- Arrange to meet in a public area and let a friend know that you are going. You should also choose to meet in a neutral place, not the restaurant or cafe you go to every week.
Don’t let this advice scare you off of dating apps! They can be fun, and they’ve helped millions of people find dates, hookups, friends, and partners. Just try not to let Cupid’s arrow lull you into a false sense of security, and always keep in mind that this person who seems too good to be true just might be.
Happy Valentine’s Day!