Recently, information from five different dating sites have leaked millions of their users’ private data. The sites cover users from the USA, Korea and Japan. On top of this, a variety of other niche dating apps (such as CougarD and 3Somes) had data breaches of their own that exposed hundreds of thousands of users’ profiles in May, including photos and audio recordings. This latter event occurred thanks to a misconfigured and open Amazon S3 storage bucket. Thankfully, the owner of the account quickly moved to secure it properly when they heard from security researchers. We haven’t heard much about dating site breaches since private data from some 30M Ashley Madison users were posted online in 2015.

These data breaches have put online dating sites back in the spotlight, but these sites have other security issues, such as the big business that attracts scammers. The FBI reports that romance fraud was the seventh most popular scam in terms of total money lost by victims. The FTC reported that last year more than $200M was reported in financial losses in 2018 across these scams. There are plenty of guides available that walk readers through how to spot and avoid online dating scams. Psychology Today has other popular tells to recognize scammers in their post.

One series of scams has recently been a focus, and that concerns using artificial intelligence (AI) and other modern automation tools to take advantage of the dating algorithms. Mashable describes how these tools can leverage the dating apps here. Shelly Palmer has also written about using AI tools to create deepfake images that are posted on dating apps. Caveat emptor.

Dating security issues

In this time of the pandemic when more of us are doing everything we can online, dating remains a security sinkhole. This is because by its very nature, online dating means we eventually have to reveal a lot of personal information to our potential dating partners. How we do this is critical for maintaining both information security and personal safety. In this post I provide a bunch of pointers on how to do this properly and provide my own recommendations.

The pandemic comes at a time when dating apps have certainly proliferated in the past decade. Even Facebook now has a separate dating site (only for US users initially). As hinted at in the news about the May breach in the opening paragraph, there are numerous niche sites for various sexual orientations and life interests.

Before I provide some specific suggestions, let’s start with the high-level view. This website compares the various online dating sites with whether they have ways to control what personal data is visible on their sites. All of them supposedly post their safety guidelines and have the ability to report or block abusers. For example, Hinge offers several options for users to control who they see and who sees them. However, none have much in the way of explicit and dating-specific fraud prevention measures. For example, Tinder’s page on “dating safety tips” doesn’t really touch on fraud. Keep that in mind as you dive further into online dating.

Suggestions on setting up your dating and social media profiles

Everyone has different expectations of their privacy. Some of us may feel more vulnerable or at risk and want to guard our information and keep our phone numbers and other personal details from strangers – which means an extra burden when we want to use dating apps.

If you are in this category, the most critical time for keeping your personal infosec private is when you first sign up for a dating app and set up your profile. The trick is that if you want the maximum level of privacy, you are going to have to work hard to keep your dating profile separate from all your other online activities, and be aware of what you are doing and posting all the time you are using your devices. This could be a challenge, particularly if you have been prolific with sharing your life on social media, or if your job means you have a lot of existing online content in your name. My first suggestion is to Google yourself and see what others can easily find out about you. That will provide some context for my suggestions on how to protect your private information that follows.

• Create a specific Google Voice phone number just for your dating contacts and forward this to your actual phone number. If you need to break contact, you can more easily block someone if they don’t know your actual number. Also use an anonymous texting app for protecting that communications channel.
• Don’t use a username that contains your actual name or duplicates a username that you have used on a social media account. To be extra-careful, you might want to pick some random collection of letters that you can remember.
• Create a separate email account just for dating, and make sure this account name doesn’t have any personal clues to your actual name or location. Be careful to vet this, because some choices could have other implications, such as “kygirl@gmail” can denote something other than your Kentucky origins.
• Keep your actual birthday private for now. You can always let your date know what it really is later on if the relationship takes hold. Too many scammers can use your actual birthday to create phishing and other lures with this information. For example, my Internet birthday is January 1. My family and friends know what it really is, and it is amusing to see those posts in my feeds at the beginning of the year. This also means scrubbing your social media for those birthday-related pictures too.
• Use a unique and heretofore unposted selfie for your profile. It is very easy to do reverse image searches to track you down on those photos that you have already posted on your social media accounts.
• Pay attention to geographic settings when you set up your profile and who has access to your specific location. Review any of your photos if they contain geographic clues about where you live, or if they contain metadata with the location you should delete or modify this. This is a lot of extra work, but necessary. As part of this “geographic review” please don’t post or give out the names of places you normally visit, your family members’ locations, or other personal information so quickly to potential dating partners. 

Other privacy settings

• Review your Facebook, Twitter and LinkedIn privacy settings now. All three platforms often change how these settings are presented. Although I wrote about this ten years ago, much of that specific advice still stands. For example, you probably want to use a privacy level that prevents strangers from being able to access your private information without having to become a contact.  (See the screenshot below.)

• Does the dating site actually delete your data after you close your account? Facebook’s main (non-dating) site, for example, is notorious for making it hard to actually remove your data entirely when you part ways. You should check on this before you join up any site: if you are successful with a future relationship, you eventually will want to part ways as cleanly as possible.
• How does the dating site share your private information? This includes which third parties have access to your data.
• Can you opt out of showing your photo for online advertising?

Dating process and pandemic-specific circumstances

Here are some specific tips about dating during Covid times. Basically, what this comes down to is to be especially aware of when you feel uncomfortable -- then, it is time to disconnect and move on. And here are more general tips on what to do in terms of setting up IRL dates to protect yourself.

Finally, know your lingo. If you haven’t brushed up on your online dating vocabulary, now is the time to read Mashable’s article that explains what cloaking (blocking your contact), kittenfishing (exaggerating your interests or using old photos), cushioning (cheating or stringing you along) and others. Mashable has other stories about online dating that are more case studies than actual tips.