
Swipe Left: Privacy Practices of Online Dating Apps - benbreen
http://www.royapakzad.co/swipe-left-privacy-practices-of-online-dating-apps/
======
dl904
Privacy practices of "Swipe Left: Privacy Practices of Online Dating Apps":

After clicking on this article, Google, Facebook and LinkedIn will know that
you are interested in the privacy practices of online dating apps.

Privacy Policy and Terms of Use:

    
    
      Facebook collects user data to create profiles that...
    
      Google...
    
      LinkedIn...
    
    

Data Retention:

    
    
      Facebook...
      .
      .
    

\--Sending HTTP requests to Facebook, Google, and LinkedIn results in the
collection of this metadata and possibly data by your national and possibly
foreign government surveillance organizations...

\---Data retention by your national surveillance organization...:

~~~
ozpri
I'm sure this is true, but what if you leverage something like PiHole and
browser extensions like Privacy badger or uBlock? Surely, these offer some
tangible protection against this kind of sharing?

~~~
rhizome
"Did you see what their browser was wearing? No wonder."

------
rdtsc
Wonder if Zoosk in light of this article will check their audit logs and see
who accessed Roya's profile internally then cross reference with employee
onboarding dates then fire the employee.

~~~
homero
Who's roya

~~~
rdtsc
> Who's roya

Roya Pakzad, the article's author. Her name is right at the top of the article
we are discussing.

------
cporios
Very relevant paper: "Hardened dildo.io, A Cryptographically Secure, Usable
Matchmaking Service"

[https://courses.csail.mit.edu/6.857/2016/files/13.pdf](https://courses.csail.mit.edu/6.857/2016/files/13.pdf)

I've actually implemented this paper in a hackathon, but we never launched it.
It's basically like tinder, but no central server has access to anyone's
likes. Yet, by using homomorphic encryption and a calculation performed on the
server (through which no information is revealed), you can know if someone you
liked likes you back. It's pretty cool!

------
wolco
How in the world is logging in using facebook more secure than email. People
can create a facebook account people can create an email.

Author is fooled into false sense of security around facebook profiles. A
facebook account can be just as fake as an email address.

~~~
djsumdog
The App company is piggybacking on Facebook's spam prevention algorithms
instead of implementing or purchasing their own.

------
analogic
Sigh, being paranoid bout this stuff makes it really hard to get laid :/

"Screw [dating app] lets meet with this cryptographically anonymous app
instead" seems like a tough sell for most women tho.

~~~
TeMPOraL
> _" Screw [dating app] lets meet with this cryptographically anonymous app
> instead" seems like a tough sell for most women tho._

"Sure, but please prepare a cryptographically signed recent lab report showing
you've tested negative for all STDs. It would be best if the report was on
blockchain."

~~~
analogic
think i heard a few yc applications just get filed

------
bogomipz
Possibly concerning as well is it looks like Tinder outsources their databases
to a third party provider:

[https://blog.rackspace.com/tinder-swipes-right-for-
rackspace...](https://blog.rackspace.com/tinder-swipes-right-for-rackspace-
managed-cloud)

------
Lewton
Tinder actually let's you verify with a phonenumber instead of a facebook
profile now.

Or at least they claim to

------
the_stc
Our app has a somewhat Tinder-like feel, though it's paid (escorts). I don't
want to go overboard plugging, so see my profile for details. For fun, here's
how we score on the article's items:

1\. No scammers. We require providers to be vetted in some way (references).
Clients are going to need to provide screening to see providers.

2-A. We use our custom login system. Verifying your social media account is
just a read-once thing we do; we don't ever have access to post. In fact, it
is unlikely we'd even get approved for an API key on most platforms.

2-B. For launch we're pretty exclusionary :(. Focusing on cishet couplings,
female provider. We're going to address that as soon as possible. Queer sex
workers face additional challenges for sure.

3\. Data safety. Due to our company's legal status (extrajurisdictional), we
have to deeply hide all data. Our servers don't have persistent storage, RAM
only. (At boot, it's a manual restore from something like Tarsnap.) Only a few
people have root or raw DB access. This does not include most devops people -
they go through a change approval process. Real access is limited to core
members heavily vested in the company with a need-to-know. More at [1], please
ignore the clickbait title.

Another key point: connectivity is heavily restricted. App servers only have
inbound socket from their hidden service, plus outbound to the DB layer hidden
service. DB layer only has that inbound socket. DB requests are rate limited
globally plus per user.

4\. We'll wipe your data shortly after deactivation _if_ there are no abuse
reports on your account. In which case we keep a photo ID and birthdate so you
can't sign up again and get a clean record. This is needed to protect user's
safety. But at least a photo is not so readily searchable. Maybe Facebook can
do it, but if we _were_ to somehow

1: [https://medium.com/@PinkApp/pink-app-trading-latency-for-
ano...](https://medium.com/@PinkApp/pink-app-trading-latency-for-anonymity-
and-other-techniques-815ee21c6da4)

~~~
CPLX
I have to admit, combining prostitution, securities fraud, and blockchain
technology in one single project is impressively ambitious even by normal
startup standards.

~~~
the_stc
Calling it securities _fraud_ is rather unfair if you ask me. Why do you say
fraud? Sure, we do not follow the SEC rules. In fact, the SEC opinion on ICOs
is what galvanized us to go all out and insist on offering real equity to
investors. It's far better than the nonsense ICOs come up with to tokenize
themselves.

People like the Tezos group, asking for donations... it is disgusting that
investors go for that. Demand equity. We always choose morality over legality.
Following SEC rules technically, while ripping off investors ... I'd rather be
in the clear ethically.

The blockchain part is for payments, so not that big of a deal. Though to
raise money, we'd be better off finding a blockchain angle to the platform!
Truthfully though, our app is not breaking new tech ground, apart from privacy
and security (see the link in my original post).

We are ambitious though! I think we'll be the first blockchain-funded unicorn.
Escorting is fragmented and high friction, and we're going to fix it. Our VP
of Product is an active sex worker and very tuned in to the real issues facing
workers and clients.

------
gcb0
this is extremely basic, obvious, and probably below the technical level I'd
expect from a HN fp item :(

it opens suggesting an insider's view, and then just list obvious trivia.

------
jijji
its harder to create email accounts than it is facebook accounts, lately

