‘Tinder’, ‘Match.com’, And Other Dating Apps Are Collecting Data From Your Chat History

Privacy advocates and tech researchers found out that Match.com and Tinder are collecting more data from users than they are aware of.Tinder's privacy policy states that the app is reading your chats. Photo: Ithmus | Flickr | CC BY 2.0

Dating apps have been growing in popularity, especially among millennials, but it appears that with a new study, dating apps aren’t just building new relationships; they’re also sneakily collecting data from users and selling them to third parties.

A ProPrivacy.com survey revealed that more than 70% of users of the popular dating website, Match.com, are vulnerable to data mining. But the researchers said that, amidst the risks that come with signing on to dating apps and websites, users still do it because they are unaware of how much data these apps are collecting from them and how they use it.

Match.com is one of the pioneers in the online dating service, which was first launched in 1995, and has already amassed more than a million paid subscribers, data from Statistica reveals. Its holding company, InterActiveCorp (IAC), also owns rival platforms, like OkCupid and PlentyOfFish, and Tinder, the app that revolutionized online dating and introduced the popular “swipe right” and “swipe left” feature.

The researchers and privacy groups are concerned of IAC’s privacy policies and are urging users to become aware of the security risks that entail using services from the company. For example, Match.com is collecting information beyond the typical demographic profile of their users like age, gender, and relationship status citing that that information is needed for their system to create an accurate “match” for each user. According to ProPrivacy.com, because of this policy from Match.com, users are required to submit personal and sensitive information to the platform without any idea of the implications of sharing that information will be.

They are reading your chat history

The biggest concern on IAC’s privacy policy is their collection of chat history. A lot of personal information is being shared through their chat services, including real names, addresses, and phone numbers, and the company has access to them as pointed out in their privacy agreement.

As ProPrivacy points out, the Match.com app’s privacy policy states: “We collect information about your activity on our services, for instance how you use them (e.g., date and time you logged in, features you’ve been using, searches, clicks, and pages which have been shown to you, referring webpage address, advertising that you click on) and how you interact with other users (e.g., users you connect and interact with, time and date of your exchanges, number of messages you send and receive).”

Similarly, Tinder, another app produced by IAC is also included in its privacy policy the collection of chat information and data. “Of course we also process your chats with other users as well as the content you publish, as part of the operation of the services,” Tinder’s privacy policy states.

Clearly, messages are being read by the platform and this doesn’t sound good for users especially if they are not careful of what information they share with their matches over the platform. And since the company is storing that information in their system, breaching into their firewalls can open up a plethora of cyber attack vulnerabilities for the users.

Hackers can exploit their systems to gain access to your data

For instance, once a hacker can get access to the system of Match.com, they will also have access to private information, intimate messages, and sensitive images shared by users across the platform. If this information gets into the hands of wrong people, they can use them to blackmail and extort money from the victims, similar to what happened in the 2015 Ashley Madison attack that exposed 36 million users of the dating site for cheaters. Worse, these data can also be used by sophisticated criminals to launch high profile and believable phishing campaigns against their victims.

Three months ago, lesbian dating app Rela, popularly used in China, was discovered by Victor Gevers, a tech researcher from GDI. Foundation, to have exposed the data of more than five million users, including their private and intimate status updates, which some contains some form of personal identification. Geolocations, for those who allowed the app to access, were also exposed in the database that was not protected by a password.

In a private chat, Gevers told Z6Mag that the dating app, Rela, had a “serious security issue for years.” He said that the database with all the user data was freely accessible to anyone, including cybercriminals and anti-gay movements, with Elasticsearch via a web browser.

“The privacy of people is very important. And I assume that for people who use these services, they should not be worried about their privacy and safety. But we have seen countless examples of dating apps for LGBTQ which were not secured at all,” Gevers told Z6Mag.

Meanwhile, the researchers from ProPrivacy.com are also raising concern on the lack of specificity on data handling in the IAC apps. “The privacy policy seems vague by design,” he said in an interview. “They don’t explicitly state what services need this information, and they don’t state what they mean by ‘processing.’ If you look at the EU’s definition of data processing, it means any operation performed on data – so in that context, they have created a clause that allows them to do anything with that personal data.”

When asked for comment regarding the privacy issues raised by ProPrivacy.com, an IAC spokesperson said that the company has “no comment.”

Be the first to comment on "‘Tinder’, ‘Match.com’, And Other Dating Apps Are Collecting Data From Your Chat History"

Leave a comment

Your email address will not be published.