
Grindr and OkCupid Spread Personal Details, Study Says - doener
https://www.nytimes.com/2020/01/13/business/grindr-apps-dating-data-tracking.html
======
MassiveOwl
Be careful with OKCupid. I'd been using it on and off for a while and recently
I got a notification saying that my email address on my account had been
changed, then 2 minutes later, that my password had. You don't need to confirm
anything to change the email on your account! Not even click an email link!

I was panicking

I was still receiving phone notifications despite not being to log into the
app. I could see that messages were being sent and received but couldn't
access my account. I believe that others are being scammed using my account

I quickly changed all other passwords and contacted OKC immediately. It's been
a week now with no response. OKC have lost a paying customer for life

~~~
easytiger
> You don't need to confirm anything to change the email on your account! Not
> even click an email link!

Same with instagram. If you don't have 2fa on. I've had my account taken over
and couldn't believe it. Utterly pathetic levels of security

~~~
ubercow13
You mean you can change the email without a password? Why would it be a
problem if they require your password but nothing else in order to change your
email?

~~~
easytiger
I'm saying its a problem to change the email without using an email
verification link to do so

~~~
croon
What if you're changing email because you no longer have access to your old
one?

~~~
easytiger
What legitimate scenario would manifest that situation?

That is a by far and away a tiny, minuscule, edge case

------
kresten
Well duh.

OKCupid specifically requires your real name which is beyond stupid for a
dating site.

Anyone whose done online dating knows about stalkers and the need to hide your
identity but these guys want real names.

As for Grindr we’ll isnt that owned by China? What better place to entrust
your most compromising personal information, and what better long term
investment if you want compromising information that one day in the distant
future might be to your advantage.

~~~
lifeisstillgood
This sounds to me more like "better police involvement around the crime of
stalking" than "okcupid are bad"

I can see why having "screen names" is good and why having "Jenny S from NYC"
beats "picture of Jennifer Smith, 32 acadia Avenue Queens" on the site profile
but if it's crime we worry about, it's police we need.

I would be interested in knowing if I am deaf to a much larger problem than I
am aware of.

~~~
tomp
Isn't it better to prevent undesirable behaviour in the first place rather
than place additional burden on the police (for a trivial mostly non-dangerous
behaviour)?

Also, is stalking actually a crime now? When does "wanting to talk to someone"
become a crime? Are recruiters _stalking_ me on LinkedIn? What if they keep
sending me emails and I keep not replying?

I think the bar for putting people in jail should be much higher than that.

~~~
Spacemolte
Eh, we are not really talking about facebook "stalking" with someone looking
at your facebook profile, but about people continually harassing you and
trying to contact you through all sorts of means.

I think the bar for putting people in jail for the above is just right, might
even be too low.

------
sdfjkl
With their multiple-choice questions, OkCupid has a lot of in-depth
personality data that is a total privacy nightmare if leaked to anyone. And
therefore very valuable. Things like diet, sleeping habits, sexual
preferences, religious and political alignment, addictions, everything really.

~~~
astura
"Leaked?" "Privacy nightmare?" Last time I used OkCupid was like a decade ago.
Back then you could view everyone's answers to their multiple choice questions
right on their profile. It's purpose is (was?) literally to be read by others.
Just like the purpose of this HN post is for others to read.

Edit: I think you could view them only if you both gave answers to the same
question.

~~~
ryanmercer
>Edit: I think you could view them only if you both gave answers to the same
question.

Correct, but it would show you the questions you hadn't answered and let you
answer them right then and there to see their response, meaning a couple of
clicks. Scripting that for mining would have been trivial via the website.

------
phigcch
Link to full reports and release: [https://www.forbrukerradet.no/side/new-
study-the-advertising...](https://www.forbrukerradet.no/side/new-study-the-
advertising-industry-is-systematically-breaking-the-law/)

Twitter threads:
[https://twitter.com/finnmyrstad/status/1216988370632695809](https://twitter.com/finnmyrstad/status/1216988370632695809)
[https://twitter.com/maxschrems/status/1216954710248259585](https://twitter.com/maxschrems/status/1216954710248259585)

~~~
floatingatoll
Grindr is section 5.1.5, page 72 of the report PDF:
[https://fil.forbrukerradet.no/wp-
content/uploads/2020/01/202...](https://fil.forbrukerradet.no/wp-
content/uploads/2020/01/2020-01-14-out-of-control-final-version.pdf)

------
busymom0
I think a dating app (especially the ones which have vulnerable groups like
Grindr in this case) should never be ad supported. OkCupid also has a lot of
detailed data about users and that getting leaked to third parties is
absolutely horrible.

~~~
blaser-waffle
> I think a dating app should never be ad supported

Then it's subscription based, which has been shown to be a hard market to work
in. Plus any company that gets paid via subscription has an incentive to keep
users on the site and paying money -- which, if a dating app works, won't do.
Like, if the app is effective then people will find a partner and stop using
it, ending their subscription and cutting costs.

> (especially the ones which have vulnerable groups like Grindr in this case)

I fail to see how their privacy is different from anyone elses. Or how their
kinks are any less or more destructive than others. Grindr is already banned
in Iran, Turkey, and Saudi anyway

~~~
busymom0
Not really. All the match.com's owned apps (Tinder, OkCupid, Hinge etc) have
very successful subscription models. I follow the top grossing apps for iOS
and Tinder, Match, OkCupid are always on the list. It's more so that here, the
Match.com people want to squeeze every dollar out of their users and are
willing to compromise their privacy by supporting ads.

I understand and agree with the point about subscriptions leading to an
incentive to keep users on the app. But this is also true for ads supported
ones. Dating apps have conflicting goals with user goals. That's why Tinder
grosses so much money - because it's a mostly hookup app where quantity
matters. So people keep coming back to the app and Tinder keeps making more
money.

I do think if the data for the vulnerable groups falls in the wrong hands, it
can destroy people's lives. Imagine an international student from Iran
visiting US and having a profile on Grindr. If this info somehow gets leaked
back home, his life is in danger next time they visit back home. This also has
higher chances of being used as blackmail material by someone else.

This is one of the cases which the 2 Nigerian brothers have against Jussie
Smollett's lawyers - the lawyers had made a claim that the brothers were
attracted to Jussie. The brothers make the claim it's not true and that also
puts their life in risk when they visit back home.

------
maxwellito
Sadly this is not new. Back in the days (at least in 2013) I played with
wireshark to find out what dating apps were sharing with advertising platform
to generate banners. There was the following data:

\- OS platform with version

\- Prefered language

\- Career network

\- Current connection (3g/Wifi).

\- Exact position (altitude/latitude/longitude)

\- Sexual orientation

\- Twitter ID and Facebook ID (as long as the app can have access to it).

But all of this over HTTP, not HTTPS!

~~~
the_d00d
> \- Exact position (altitude/latitude/longitude)

Given the context, when I first read this I was like wow! Advertisers want to
know your sexual position? Then, I saw lat, lon and then realized that either
way shouldn't surprise me.

~~~
Jamwinner
I can see it now "We only want to advertise to 'missionaries', we find their
click-through rates are better."

------
pixelpoet
Is there a dating site with reasonable privacy / data security policies?
Asking for a friend, of course...

~~~
JohnFen
I'm not aware of any. But if someone does has a reasonable privacy policy, how
do you know that they actually adhere to it?

I've used dating sites in the past, but more recently I learned that it's much
more fun, and works much better, to engage in real-life activities that get me
around people I don't know, then ask interesting people out directly.

------
La-ang
I was hacked 3 times on okc. Thankfully, all the info there I put was fake, I
somehow sensed their security is wack judging from the user interface and the
constant app crashes and bugs. There are also multiple reports of users who
got hacked. I remember on one occasion my phone number was on a conversation
and was picked up by hackers to text me in person pausing under some
"Jessica".

------
bilekas
Absolutely no surprise..

> The report, “Out of Control: How Consumers Are Exploited by the Online
> Advertising Industry,”

While it seems a bit hyperbolic, its really not.

Out of interest, are there any restrictions/regulations on which parties can
actually purchase that information ?

I could see hate groups taking aim. Then who is at fault ?

~~~
mxcrossb
Perhaps I’m naive, but given Grindr’s very vulnerable user population I
expected more...

~~~
bilekas
I would never assume or blindly expect companies to be dilligent. It's not
like we've ever seen great examples of it.

------
raxxorrax
Exibitionist445 likes that.

Seriously it is probably not restricted to dating sites, but information about
sexual orientation and preference is especially worth it to marketeers. Not
just products but also media companies that might like to know how to cater to
specific audiences and their needs.

------
Chris2048
I don't understand how certain laws exist yet without the obvious steps to
ensure it is followed - no oversight for companies like this? I'm pretty sure
the companies taxes will be checked every year.

~~~
draugadrotten
Pragmatic Solution: Implement a federal tax on data use.

~~~
bottled_poe
How about a ban on establishing a database of individually identifiable user
profiles? Restrict data storage to anonymised statistical usage only. A
technically possible way to achieve this is using a system like Keybase which
could transfer profile data ownership to the individual.

~~~
draugadrotten
> How about a ban ...

A ban costs politicans money to enforce. A tax gives politicans more money
when enforced.

Draw your own conclusions.

~~~
lotsofpulp
Politicians don’t spend any of their own money more than any other taxpayer.
However, the more money politicians can influence to be spent, the more
influence they have.

For example, the ban on marijuana has yielded tremendous returns for
politicians and their associates in the police equipment and prison
businesses.

------
est31
Neither Grindr nor OkCupid are non-profits. As the apps are free as in beer,
if you don't pay with money, you pay with your data. If they didn't sell data,
how would they make money? How would they get those valuations? If paid dating
services do this, which they probably do, I agree it's scandalous. But in this
case, it's more or less implied. Of course it's sad that so few people are
aware of this fact.

~~~
quirkafleeg3
They both make money from premium memberships that give extra functionality
and features. Remember kids, collecting and selling data is never okie dokie.

~~~
est31
Good point. They are a paid/non-paid hybrid then. Paying money for a service
and getting your data sold is extremely shitty.

------
xhruso00
[http://archive.is/pxyUE](http://archive.is/pxyUE)

------
greatpatton
Funny Europe media report more about Tinder being among the worst data abuser,
but the US version mainly talk about the Chinese application Grindr...

