Dating platforms

From Gender and Tech Resources

Revision as of 10:47, 17 March 2017 by Alistair (Talk | contribs)

What are dating platforms?

Dating platforms are pages or applications oriented to facilitate meeting and encounters with other people, sometimes with the purpose of finding a partner or engage into sexual encounters. Usually these services are databases that collect information from users through a profile that can contain personal data, images, locations. There are many types of dating platforms, and all have different interfaces and features. Some are free and others offer payment options which in some cases enlarge the possibility to view more profiles. Sometimes, the use of free platforms implies that users that no not provide a lot of personal data get restrained in their possibilities to view and access other profiles.

Broadly speaking these platforms are divided into two types: those that work through matching and those that focus on dating. "Matching" platforms seek to link profiles of users that are compatible, so they request a large amount of information about their preferences, customs, personal characteristics, hobbies, social status, etc. Platforms that concentrate on dating do not request so much personal and identity information because they focus more on the physical aspects and the immediate encounter between two persons. In both cases, platform's databases can be organized through users 'preferences (who choose other users) or algorithmically, based on the users' registered criteria.

There are platforms that work as web pages and others like mobile phone apps. Some even combine both options. The expansion of these platforms through mobile apps has been a supplement to the services previously offered through websites, and has made the interaction with those platforms (and their users) constant, emphasizing a lot in their geolocation.

Privacy policies of dating websites and apps

Privacy policies change and evolve over time! That is to say that when accepting the terms of use and privacy policies of a platform does not ensure that those remain always the same. It will be necessary to review these periodically as many platforms do not inform their users about changes in their policies. Unfortunately it is difficult to generalize with respect to the privacy policies of these platforms. Many platforms handle the users' personal information without encrypting it, so it can be easily retrieved by third parties. But even, in general, it is the same privacy policies that state that the information entered in the databases can be accessed by third parties.

Most of these platforms become proprietary of the images that are shared or upload, as well as the personal information that has been configured in the profile. This applies even once the account has been closed, so you have to be very sure about the data you want to share in these spaces since there seems to be no turning back. Finally, to be able to know each of the platforms in terms of its privacy policy, it would be important to run a textual cleaning exercise as the analysis of different social networks that has been achieved by the project lost in Small Print from My Shadow for the following platforms: Google, Facebook, Twitter, Linkedin, Instagram and Whasapp.

Information requested by the platforms

Gender, sexual orientation and practices

Many of these platforms require to provide a gender option, genres that are often mutually exclusive (you can only be male or female). If it is oriented towards gays or lesbians, a gender identity is always requested, almost always offering only binary options. Many of these platforms are used for exchanges and contacts between LGTBI people, and since in many cases these practices are illegal, prohibited or would harm the user in case of becoming public information, data shared in these platforms is very sensitive. In general, gender and sexual choices are felt as sensitive information.

Images and avatars

Several dating platforms request photos (sometimes through profiles of other social networks, such as Facebook) as a participation requirement. Without sharing these images it will not be possible to access other profiles or to access the databases of contact. This also happens because many platforms use credentials such as Facebook to open a profile. In that sense, it is not clear how much information from the social network profile the meeting platforms can manage. Several of the apps incorporate much more information from Facebook than the user may have been informed when logging in the dating platform, information such as videos shared in other commercial platforms (such as Youtube or Vimeo), or pages that have been marked with likes. You can read more on the privacy risks on the mobile dating apps.

Geolocation

Many platforms, especially if they are applications for the mobile phone, ask about your location to allow the encounter with other people. This has its logic, as one of the objectives is to facilitate casual and immediate encounters, it is necessary to know who is near in real time and who can be around at the exact moment in which the app is consulted. Therefore, for severeal of these applications, users in some way depend on the distance being shown in relation to other profiles, but this is also what makes them potentially exposed to the risk of being located by someone with whom they had not planned a meeting. Despite of these risks, most users of these platforms based on casual and instant encounters share their real-time location on a daily basis with these apps. This could even allow to determine the user's physical address, track their movements and routine and enable to harass them during the day. Localization information along with other information commonly shared on these platforms such as height, weight, age, habits and customs may serve to locate potential victims.

All these data can be used both by "legal" surveillance (governments, police forces, judiciary among others), or for illegal and malicious purposes (crime, robbery, sexual assault among others). All the information obtained through these platforms could also be used for the purpose of extorting the user. You can read more information on these risks in the following article “Privacy Risks in Mobile Dating Apps”.

From the above we understand that the vulnerability of users when sharing their personal information in these platforms can easily expand to the physical terrain. Many apps allow you to detect the exact location from the triangulation of a profile (sometimes even when the exact geolocation option is turned off), making it easy to found and attack the person behind a specific profile.

You can read a comparative study of three mobile dating apps here.

Other data that can be extracted

Until now, we have referred to potential vulnerabilities driven by authorities or criminals,, however, most of the information of the users that circulates through these platforms can also be acceded by third parties for advertising purposes.

Because, the data is not encrypted in practically all of these platforms , third parties are able to access and collect information regarding user's device, its operating system, the applications is using, its location, its internet provider, and even sometimes its credit card details among others.

Besides that, because many dating platforms are linked to other applications and social networks causes third parties to cross databases in order to increase their knowledge about you air order to better know "what you need." An example could be the possible relationship between fertility and menstrual applications and dating applications. Through knowing your hormonal cycles, third parties could send you advertising information or "right" contacts for the time of the cycle in which you are.

On the other hand, it is possible that your information will be used to extort you. Platforms sometimes can not control what they make available. One example is when Tinder was sharing more information than they should, you an read about it here. There is also the Ashley Madison case where users got extorted in order to not publish their personal information and more specifically not publishing how they use that extra-matrimonial dating platform, you can read more here.

Erasing your profile

Although many dating services offer the possibility of deleting your profile, they do not ensure the removal of the information immediately and many will keep that data forever. In general, platforms displace the responsibility for privacy on the users themselves, as they are not generally very clear about the limitations of their own privacy policies.

In the current state of privacy policies (which could change at any time), developers should consider the different types of sensitive data being collected and stored on mobile devices that could be subject to unauthorized access (whether physical Or remotely), and evaluate how this data could be more protected. For example, by encrypting sensitive information stored on a mobile phone. Although it will probably not solve the problem of unauthorized access, it will at least provide an extra layer of difficulty in front of a physical attack. Providers could also implement technical procedures to detect incorrect storage of sensitive data on mobile devices during the app's initial validation process. But as underlined before, the ultimate responsibility lies in the users, who must protect themselves from apps that store their sensitive information without taking the appropriate security and privacy measures. Users should be cautious when selecting apps, particularly those they use to store and transmit personal information.

Recomendations

When you create a profile on a dating platform, try to protect your identity and personal information as much as possible

- Choose a username that does not let anyone know who you are. Do not include your last name or information such as your place of work, address of your house, etc.

- If you can do not include your personal e-mail or your phone number in your profile.

- Regarding images, try to share the ones you do not care that anyone in the world can see.

Regarding passwords and your security when using these platforms:

- Be careful when you access the platforms from a shared device, and also be careful if you do it from a public wi-fi since third parties could intercept your data.

- Do not open attachments that have been sent to you by unknown people (or that you have recently known through the platform)

Regarding how to communicate with new contacts

- After contacting someone you can try to use another type of platform to communicate with that person. Look for an encrypted communication medium, for example Signal

Once you are using other means, outside the dating platforms, you can follow some recommendations of the collective Coding Rights

- Use secure channels: You need an app based in free software that offers encryption at all levels, which allows you to block screenshots, send images that self-destruct on both the device from which they were sent and on the server, do not ask for a related phone number, a real name or an email. Unfortunately the app that does all the above does not exist yet. Keep that in mind.

- Use your head: Do not do sexting via SMS, Whatsapp, Telegram, Facebook or Tinder as those platforms enable to identify ou and download your pictures. Wickr, for example, encrypts end-to-end and causes the photos to be erased after being viewed. However Wickr is not open source so its code can not be audited and reviewed. Last not least, do not synchronize your dating apps with any social network.

- And Telegram?: Although it is safer than other apps, it saves your photos during 24 hours on the server and ask you to register.

- Who can see me naked ?: Basically governments and private companies (especially if they have servers) can do it. And, in addition, if you use a public wi-fi, anyone who knows how to intercept the traffic.

- Erase or hide well: Saving encrypted photos is a good security measure, but erasing those is another alternative. Remember that your mobile stores photos in different folders so use programs like CC Cleaner to erase pictures. Think that your mobile can be lost and fall into bad hands, so doing a general erasure/cleaning from time to time is a good idea. If you decide to save them, remember that the PGP suite allows you to encrypt very well those contents.

- Ask for help: If your photos become public it is not a problem meanwhile it is your decision, but if it is not, then you will need to take action. Sometimes it is enough to send an email to the server that hosts the page, others you will need to look for a lawyer. But above all, seek help of trusted friends. Check the following websites for further information about what to do withoutmyconsent.org and takebackthetech.net/know-more.


Interesting readings

Security comparison from Electronic Frontier Foundation: https://www.eff.org/es/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites

Nguyen Phong HOANG, Yasuhito ASANO, Masatoshi YOSHIKAWA, "Your Neighbors Are My Spies: Location and other Privacy Concerns in GLBT-focused Location-based Dating Applications" https://arxiv.org/pdf/1604.08235v1.pdf

Security comparison for dating platforms in USA between 2005 and 2013: http://www.secretintelligenceservice.org/wp-content/uploads/2016/02/PIP_Online-Dating-2013.pdf

Margaret Feltz "The Security of Tinder. A Mobile App That May Be More Intimate Than We Thought": http://www.cs.tufts.edu/comp/116/archive/fall2015/mfeltz.pdf

Other Statistics: http://www.datingsitesreviews.com/staticpages/index.php?page=Online-Dating-Industry-Facts-Statistics

Platforms

1.- Tinder http://www.forbes.com/sites/anthonykosner/2014/02/18/tinder-dating-app-users-are-playing-with-privacy-fire/#1388ac786758

Privacy Policy https://www.gotinder.com/privacy

2.- Bumble, feminist alternative? http://www.semana.com/gente/articulo/tinder-su-competencia-feminista/439477-3

3.- Grindr https://nakedsecurity.sophos.com/2014/09/01/grindr-app-has-privacy-issues-whos-surprised/

4.- KickOff http://www.fmbox.cl/2016/05/25/kickoff-la-nueva-app-de-citas-que-la-esta-rompiendo-en-latinoamerica/

5.- WooPlus http://latam.askmen.com/noticias-dating/2027/article/wooplus-la-app-de-citas-para-quienes-gustan-de-las-chicas-co

6.- Wapa (before called Brenda) https://play.google.com/store/apps/details?id=com.wapoapp.wapa&hl=es_419

What are dating platforms?

Dating websites and apps are widely used, but can often put their users at risk. Dating websites and apps collect large amounts of highly sensitive information from their users - consciously in some cases, for example age, physical characteristics and photos, and in some cases unknowingly, for example geo-location to show people nearby. This guide covers the basic issues you should be aware of when you use a dating website or app.


Privacy policies of dating websites and apps

Dating website and apps frequently change their privacy policies and often without informing their users. If you've joined one or more dating websites or apps check the privacy policies regularly.

When you check the privacy policy of a dating webisite or app you should check for these issues in particular:

Data Storage - many websites store sensitive data unencrypted so third parties can easily access it. Many dating services will also state that the data will be shared with third parties

Intellectual property: Many dating services will claim ownership on any images uploaded and often the data entered when configured to their system.

Account deletion: Many dating services will not commit to removing all your data when you close or delete your account.


Information requested by the platforms

Gender, sexual orientation and practices

Many of these platforms require you to enter a binary gender (you can only be male or female). If they are oriented towards gay men and/or lesbians, a gender identity is always requested, almost always offering only binary options.

Any information on gender and sexual choices is of course highly sensitive, particularly in contexts where LGBTQI prcactices are illegal or would harm the user if publicly known.

Images and avatars

Several dating platforms require photos (sometimes through profiles of other social networks, such as Facebook) to join or to access other profiles.

Many platforms also use accounts from other services, such as Facebook, to create a profile. For these services, it is often not clear how much profile information is accessed from other services. Some apps incorporate much more information from say Facebook than the user may have been informed about when signing up, for example videos shared in other commercial platforms (such as Youtube or Vimeo), or pages that have been marked with likes. You can read more on the privacy risks on the mobile dating apps.

= Geolocation

Many dating websites, and especially dating phone apps, access your location so you can meet other people nearby in real time. This may be the desired outcome, but sharing detailed and current location data could put people at risk of being located by anyone. This information could potentially reveal a person's physical address, their movements and routine. Many apps allow you to detect the exact location from the triangulation of a profile (sometimes even when the exact geolocation option is turned off), making it easy to find a person behind a specific profile.

The data from online dating services can be used both for "legal" surveillance (governments, police forces, judiciary among others), or for illegal and malicious purposes (harassment, crime, robbery, sexual assault among others). All the information obtained through these platforms could also be used for the purpose of extorting the user. You can read more information on these risks in the following article “Privacy Risks in Mobile Dating Apps”.

You can read a comparative study of three mobile dating apps here.

Other data that can be extracted

Sensitive personal data in dating websites and apps is not just of interest to legal authorities and criminals, however, it can also be accessed by advertisers and data brokers.

Because virtually all dating services do not encrypt their data , third parties are able to access and collect information such as a user's device information, its operating system, the installed applications, its location, its internet provider, even sometimes the user's credit card details and potentially much more.

By linking with other services, dating websites and apps can enable other companies to cross reference your personal data with other services to build a more detailed social profile of you to understand "what you need". An example could be the possible relationship between fertility and menstrual applications and dating applications; through knowing your hormonal cycles, third parties could send you advertising information for a specific point in your menstrual cycle.

Furthermore, it is possible that your information could be used to blackmail you. Platforms sometimes can not control what they make available. One example of this was Tinder more information than they should, you an read about it here. There was also the hack of the Ashley Madison extra-martial dating website. Users were blackmailed to prevent their personal data and activities on the website being published, you can read more here.

Erasing your profile

Although many dating services offer the possibility of deleting your profile, they often do not ensure the removal of the information immediately and many will keep that data indefinitely. In general, platforms place the responsibility for privacy onto the users themselves as they are generally very unclear about the limitations of their own privacy policies.

In the current state of privacy policies (which could change at any time), developers should consider the different types of sensitive data being collected and stored on mobile devices that could be subject to unauthorized access (whether physical or remotely), and evaluate how this data could be more protected.

For example, encrypting sensitive information stored on a mobile phone, although not offering complete protection, will at least provide an extra layer of security against physical attack. Providers could also implement technical procedures to detect incorrect storage of sensitive data on mobile devices during the app's initial validation process. But as underlined before, the ultimate responsibility currently lies with the users, who must protect themselves from apps that store their sensitive information without appropriate security and privacy measures. Users should be cautious when selecting apps, particularly those they use to store and transmit personal information.

Recomendations

When you create a profile on a dating platform, try to protect your identity and personal information as much as possible

- Choose a username that does not let anyone know who you are. Do not include your last name or information such as your place of work, address of your house, etc.

- If possible do not include your personal e-mail or your phone number in your profile.

- Only upload photos you are comfortable sharing with anyone, anywhere.

Regarding passwords and your security when using these platforms:

- Be careful when you access the platforms from a shared device, and also be careful if you log in using public wi-fi since third parties could intercept your data.

- Do not open attachments that have been sent to you by unknown people (or that you have recently met through the platform)

Regarding how to communicate with new contacts

- After contacting someone suggest using another chat app with that person as soon as possible. Look for an encrypted tool, for example Signal

Once you are using a secure chat app, you can follow some recommendations of the collective Coding Rights

- Use secure channels: You need an app based on free software that offers encryption at all levels, which allows you to block screenshots, send images that self-destruct on both the device from which they were sent and on the server, do not ask for a related phone number, a real name or an email. Unfortunately the app that does all the above does not exist yet. Keep that in mind.

- Use your head: Do not sext via SMS, Whatsapp, Telegram, Facebook or Tinder, as those platforms enable you to be identified and your pictures to be downloaded. Wickr, for example, encrypts end-to-end and causes the photos to be erased after being viewed. However Wickr is not open source so its code can not be audited and reviewed. Last but not least, do not synchronize your dating apps with any social network.

- And Telegram?: Although it is safer than other apps, it saves your photos for 24 hours on the server and also requires you to register.

- Who can see me naked ?: Basically governments and private companies (especially if they have servers) can. And, in addition, if you use a public WiFi, anyone who knows how to intercept WiFi traffic.

- Erase or hide well: Saving encrypted photos is a good security measure, but deleting photos is a better option. Remember that your mobile stores photos in different folders, so use programs like CC Cleaner to erase pictures. Remember that your mobile can be lost and can fall into the wrong hands, so doing a general erasure/cleaning from time to time is a good idea. If you decide to save your photos, remember that PGP suite allows you to encrypt them securely.

- Ask for help: If your photos become public without your consent, you will need to take action. Sometimes it is enough to send an email to the server that hosts the page, in other situations you may need to look for a lawyer. But above all, seek help of trusted friends. Check the following websites for further information about what to do withoutmyconsent.org and takebackthetech.net/know-more.


Useful reading

Security comparison from Electronic Frontier Foundation: https://www.eff.org/es/deeplinks/2012/02/comparing-privacy-and-security-online-dating-sites

Nguyen Phong HOANG, Yasuhito ASANO, Masatoshi YOSHIKAWA, "Your Neighbors Are My Spies: Location and other Privacy Concerns in LBGT-focused Location-based Dating Applications" https://arxiv.org/pdf/1604.08235v1.pdf

Security comparison for dating platforms in USA between 2005 and 2013: http://www.secretintelligenceservice.org/wp-content/uploads/2016/02/PIP_Online-Dating-2013.pdf

Margaret Feltz "The Security of Tinder. A Mobile App That May Be More Intimate Than We Thought": http://www.cs.tufts.edu/comp/116/archive/fall2015/mfeltz.pdf

Other Statistics: http://www.datingsitesreviews.com/staticpages/index.php?page=Online-Dating-Industry-Facts-Statistics

Platforms

1.- Tinder http://www.forbes.com/sites/anthonykosner/2014/02/18/tinder-dating-app-users-are-playing-with-privacy-fire/#1388ac786758

Privacy Policy https://www.gotinder.com/privacy

2.- Bumble, feminist alternative? http://www.semana.com/gente/articulo/tinder-su-competencia-feminista/439477-3

3.- Grindr https://nakedsecurity.sophos.com/2014/09/01/grindr-app-has-privacy-issues-whos-surprised/

4.- KickOff http://www.fmbox.cl/2016/05/25/kickoff-la-nueva-app-de-citas-que-la-esta-rompiendo-en-latinoamerica/

5.- WooPlus http://latam.askmen.com/noticias-dating/2027/article/wooplus-la-app-de-citas-para-quienes-gustan-de-las-chicas-co

6.- Wapa (before called Brenda) https://play.google.com/store/apps/details?id=com.wapoapp.wapa&hl=es_419