Online dating platforms: privacy challenge and open data gold mine
The open user data provided by online dating sites can be a blessing and a curse. With more and more people turning to them during the lockdown, the privacy risks are heightened.
With Covid-19 restrictions still in place and spring approaching, many Britons are turning to online dating sites as a way to get back into the mating game.
A user survey on the UK online dating platform buzz suggested that many started using it after a pandemic-related breakup. User behavior has also changed. There is now a tendency to leave more data on these platforms.
User analyzes for some platforms suggest that messages sent back and forth have become longer and more frequent since the start of the pandemic. This has helped ratings from platforms like Bumble and its plans for a public debut where it was reportedly reported looking to increase. over $ 1 billion.
In the world of open data, online dating apps have both risks and benefits. Needless to say, the increased interest is a boon to the operators of these sites. For users, the benefits in times of social distancing and limited personal interaction also seem obvious. Instead of meeting people in now closed bars, technology is helping singles connect.
Users can create elaborate profiles and charm the opposite sex via Tinder, Bumble, Hinge, OkCupid, Once, or same sex flirtation via Scissr, Grindr, or Her.
All of these platforms are now plagued with extremely sensitive private user data. A paper on unexplored open source intelligence data sources in IEEE Access Log Put it this way: “Unlike other social networks, where many users restrict their personal data, more intimate aspects are usually revealed here. Tinder or Badoo are useful for investigating basic information, personal character, interests, preferences or behavior of the target.
This open data can have transparency benefits and help protect singles who don’t know who is contacting them. Open data investigators and citizen journalists can use it to feel safer after verifying that the person they’re flirting with is genuine.
One example is Tinder, for which people have started writing open source intelligence guides. Even without a profile, these allow you to query usernames through the URL. Using DuckDuckGo, for its ability to respect user privacy, you can search for a username. Since people often use their real name as their username, anyone with browser access can give it a try. To research http://tinder.com/@> then play with the search query. False positives are possible, so keep that in mind.
However, data, which is a photo (or multiple photos), name, age and profession, is often sufficient to verify an identity. Reverse image and face search platform, as well as face comparison platforms such as Microsoft facial image tool, can connect the points to other open data repositories on the web. There are also Exif data tools that can be used for images that examine the GPS location of where they were taken. Exfiltool Examining Exif data is one example, but be aware that crooks can embed fake data as well.
Open data from other open repositories allows us to perform “rough” background checks. One of these tools is Truthfinder.com, which allows information to be added about individuals based in the United States.
There are risks associated with publishing this data. Bad actors or stalkers, as one blogger explains here, can actually write code for a bot program to cycle through various variations of usernames – in this case, a name that contains a number, like Ashley1, Ashley2, and so on.
Hackers and impersonators could use the data or the image for nefarious causes. Tactics involving crooks and cat fishermen during lockdown have increased in Hong Kong’s online dating market, the the BBC reported.
Anyone with the knowledge could write code to query open data APIs from dating platforms and geolocate other users. a python tutorial that explains “for educational purposes” how to do this for Tinder warns that it gives user location information to all other users and is “dangerous to user privacy”.
Open data would allow anyone [with a verification token accessing the Tinder API] to misuse data for malicious purposes, which “seems like a big problem as we live in an age where Internet harassment is a serious problem,” the blogger writes.
Users can try to spoof their location on Tinder using an emulator like Genymotion that allows them to access GPS settings and change position while on the move. There is also Bluestacks that does a similar job.
Why would anyone want to do this? Manipulating your Tinder location can allow you to reveal the location of military personnel in secret or isolated military bases. If you set your phone’s GPS to where you expect your target to be, you will be able to identify the soldiers on a military base (if they use Tinder locally, of course). This may be one of the reasons the Indian military is now banning its personnel from using platforms like Tinder (see a leaked list from last year, below).
A Python library called Pünder is a Tinder API client. Its authors warn that registered requests may contain personal data.
One final thought is how to resolve these privacy issues. Examples such as Ashley Madison Data Breach show that the data can be exploited and shared freely. Perhaps less surprisingly, it also shows that there is a high percentage of fake accounts on these platforms.
Open data can be a blessing and a curse. A godsend if you want to check if the person you’re flirting with is real. It is often a curse when it comes to your own privacy. What is the answer to the dilemma? A start would be to hold dating apps accountable for encouraging excessive sharing. Forbes, cybersecurity columnist Joe Gray criticized that “the [dating] sites can ask questions that are too invasive or possibly allow this excessive level of sharing ”. This is something that dating operators need to resolve, even if it means being a jerk for some users.
Sign up for E&T News email to get great stories like this delivered to your inbox every day.