Cupid is Now Online... Is Your Privacy Safe?
The perceptions towards online dating have significantly changed over the last years. We witness how the old-time stigma has been gradually overcome and people now more than ever seem to accept, approve, and use online dating services. Whether in search for The One or for someone with common interests and hobbies, people are increasingly willing to turn to online websites and mobile apps – the 2017 Cupid is holding a smartphone!
A 2015 Pew Research study in the US, for example (‘5 facts about online dating’), shows that 59% of adults agreed that online dating is a good way to meet new people, compared to 44% in 2005. The study reveals that people who are using online dating sites are now less likely to be perceived as desperate, proving that online dating is considered more culturally acceptable than a decade ago. Furthermore, young people seem to have made a huge jump in the use of online dating sites and apps. While in 2013 only 10% of American respondents aged 18-24 reported use of such services, their share expanded to 27% in 2015 - almost threefold increase for a couple of years!
So, it comes as no surprise that online dating sites and apps industry is flourishing. Thousands of relationship-finder websites and mobile apps claim to be the best in finding the love and friendship people are so much craving for. And while some of them are free of charge, they all actually involve a quite high price – our privacy.
Users nowadays are more or less prepared that they need to trade some of their privacy for free online services. Companies, however, are not always clear on their terms of service or fail to present them in user-friendly form and easy to understand language. Clicking ‘I Agree’ with the Terms of Service, that people rarely get to fully understand, is a problem of legal design and of public awareness which will be another LIBRe Story. Such ‘deals’ could go without people being aware of what private information of theirs is revealed and to whom.
Since online dating started to grow rapidly, civil rights activists have been continuously warning on the privacy risks associated with such activities (see: ‘Six Heart-breaking Truths about Online Dating Privacy’, ‘Privacy & the Search for Love: Online Dating Sites’). Online dating advisors and privacy specialists also suggest ways to protect your privacy when dating online. A more recent article (‘Online Dating? 7 Sites That May Be Invading Your Privacy’) even exposes popular dating sites and apps violating users’ privacy.
What is at risk?
The Charter of Fundamental Rights of the European Union provides that ‘Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.’ ‘Personal data’ is defined as ‘any information relating to an identified or identifiable natural person (‘data subject’)’.
Your name, physical or e-mail address, telephone number, geolocation, photos, and other types of personal information (which, being combined, makes you an identifiable person) is subject of protection and may be violated in one way or another while you are focused on finding your perfect match. Find out more on how personal data and privacy are protected in Europe.
The present article is aiming neither at revealing any secrets, nor at judging any business practices but rather summarising the concerns tackled in different publications and trying to once again focus your attention on the risks you should consider when dating online.
When you register with your Facebook account...
Dating apps and sites offer registration through Facebook account. Linking your profiles may seem a good idea to make your life easier and improve your dating profile attractiveness (Yes, you do have some smashing photos on Facebook!). This is also supposed to help the app avoid suggesting you people from your Facebook friends list (those you already know and probably would not like them to be aware of your dating profile).
But linking accounts could make personal data from Facebook visible also on your dating profile (such as a phone number for example). So if you do register for online dating services through your Facebook account, experts advise you to review your Facebook settings upfront.
Now, if you really intend to use online dating apps, be careful with…
Revealing your location
Although it may be convenient to know if potential matches are located nearby, trusting dating apps with your location data might not be a good idea. The problem is you could never be 100% sure that the technology has no security vulnerabilities that would allow stalkers locate you with concerning precision. Such was the 2014 case with Tinder – an extremely popular location-based social search mobile app that facilitates communication between mutually interested users. The Forbes published a security researcher’s finding that ‘Anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user’. The ‘Include Security’ company blog continues: ‘We found a vulnerability that lets you get exact latitude and longitude co-ordinates for any Tinder user’. Following these warnings, Tinder introduced security improvements which, sadly, are still questioned by researchers.
The troubles are not over, though, for Tinder users… Last year the Guardian reported on a new website which, for as little as $5, allows customers to ‘find out whether people they know have an account on the dating app, and even stalk them down to their last known location’. This website, called Swipe Buster gained popularity as a tool to expose cheaters on Tinder. But Swipe Buster’s founder shared with Vanity Fair that his intentions were far more educational: ‘There is too much data about people that people themselves don’t know is available,’ he told the magazine on 4 April 2016. ‘Not only are people oversharing and putting out a lot of information about themselves, but companies are also not doing enough to let people know they’re doing it.’
While we do agree people are generally neglecting the issues of privacy and data protection, the method Swipe Buster chose to raise awareness is still questionable from an ethical point of view.
IT specialists have also been warning on the privacy and security risks associated with dating apps as a specific Geo-spatial category of apps – those encouraging users to share continuous location data. A study on the Dating Risks in Mobile Dating Apps focuses on nine popular proximity-based dating apps and services using GeoSocial Networking (GSN). Researchers apply forensic techniques in order to determine the types of data (deleted or inaccessible) that could be recovered from user devices. A concerning result of the research was that in some cases the details, including location, of any users found nearby could be recovered. And it is even not always necessary for a potential attacker to have physical access to the user’s mobile device! This means trouble not only for the hacked person but also for the entire app community in his or her close vicinity and the users they have communicated with.
This study has more bad news for you…
Your private messages may be not so private
The other critical issue revealed in the above research from 2015 on nine popular dating apps is that private messages could be also easily retrieved from your mobile device. Similarly to location readings, messages and sometimes even photos are stored by the apps on the users’ devices and are surprisingly vulnerable to unauthorised access and violation of user privacy.
And while app developers have a lot to think about in improving the protection of sensitive data, researchers advise it is primarily up to users to protect themselves when selecting an online dating app. But as most users have little or no forensic and security skills, there is not much of guidance provided on what exactly we should base our selection on.
Confused? Well, it’s not getting easier…
Sometimes, acquiring access to private communication in the online dating environment is even not a problem of external attack. Your messages could also be spied on by the app company and even by fellow users!
Such wide dispute over privacy was raised in 2013 addressing the practice of OKCupid.com to invite some of their ‘responsible’ users to become ‘community moderators’. Being in such position the users (moderators) automatically receive forwarded private conversations between other users which are flagged for possible terms of service violations. The story of such a community moderator (told for San Francisco Public Press) reveals that through this practice moderators sometimes see private messages containing personal data which is not publicly visible, such as real names and personal phone numbers. The interviewee shared that: 'Online love-seekers might not be aware of it, but OKCupid has deputized random strangers to gain access to intimate conversations between others — correspondence that many users, as well as Internet privacy experts, assumed to be private.'
As you might imagine, not all moderators are so ‘responsible’ as OKCupid imagined when granting them access to private messages. This is how entire blogs with screenshots of spicy private content were born and went viral.
As a result of this and the raising voices of privacy professionals questioning the practice, it was reported that unofficial change was made in the OKCupid’s course of moderation, even though the platform’s management argued that this kind of moderation was similar to ‘forwarding’ the messages and the company was not doing anything wrong. According to lawyers, though, the issue of moderation was not ‘entirely spelled out in OKCupid’s terms of service’.
No spam please!
And while we are (and we have to be) very conscious when it comes to our location, private communication, or other personal information such as photos, telephone numbers, sexual preference etc., we tend to underestimate the unwanted e-mails received from the company which we let to interfere with our love life. But receiving unwanted e-mail advertorial (or spam) from any company without your agreement (even if you use their services) is also interfering with your privacy.
And just imagine, when it comes to unexpected e-mails from online dating service provider, there are many ways in which your private life could be in trouble.
International and state legislations protect your rights against spam. The EU legislation, for example, provides that even if allowed in some Member States, unsolicited commercial communications by electronic mail should be strictly controlled. The Directive on electronic commerce (Art. 31) states that ‘Member States which allow the sending of unsolicited commercial communications by electronic mail without prior consent of the recipient by service providers established in their territory have to ensure that the service providers consult regularly and respect the opt-out registers in which natural persons not wishing to receive such commercial communications can register themselves.’
Exactly the right to ‘opt-out’ was the problem for the online dating service provider Plenty of Fish (popular primarily in Canada, the United Kingdom, the United States, and Brazil) sanctioned under the strict Canadian anti-spam regulations. In 2015 the Canadian Radio-television and Telecommunications Commission (CRTC) charged Plenty of Fish with $48,000 for violations that happened in 2014. According to the commission, the company failed to provide proper unsubscribe options in emails sent to its users. The e-mails contained “an unsubscribe mechanism that was not clearly and prominently set out, and which could not be readily performed, as required by the legislation” (decision quoted by Global News Canada).
The above mentioned downfalls are just some of the most concerning privacy issues related to the use online dating sites and apps. Our overview is definitely not meant to halt you from finding love and friendship out there, and surely we witness many successful relationships that start online (after all 5% of Americans who are in a marriage or committed relationship say they met their significant other online). But online dating still has security vulnerabilities and privacy risks you might not even be aware or have control of. A rule of thumb is always to read carefully the company’s terms of service and to share as little personal information as possible, not only on your profile but in private messages. Know your rights and do not hesitate to ask for legal or IT advice in any case.
Or maybe, just maybe The One is walking by while you’re browsing your dating app?
Happy Valentine’s Day!
All publications and comments published on the LIBRe Stories platform can be quoted in other websites or in articles in the press subject to the condition of identifying the author, the publishing date and their source (URL address of the publication in question).