Looking through dating apps and connected sex toys featured in Mozilla's *Privacy Not Included buyer's guide
Upon the emergence of the Covid-19 pandemic, online dating suddenly became the only “safe” way to date. But, unfortunately, it turns out it might not be as safe as we thought it was — at least when it comes to privacy and security for our personal data. That’s according to two *Privacy Not Included guides from the Mozilla Foundation, which help consumers find tech tools and software that are secure and respect user privacy. The latest closely reviewed 24 dating apps and 26 connected sex toys for privacy and security issues. Nearly 70 percent (21 of the 24) of the dating apps got the “*Privacy Not Included” label, meaning they’re not private or secure. Interestingly, the sex toys were much more secure, with only seven of the 26 failing to make the cut. “Connected sex toys, go for it!” *Privacy Not Included lead researcher Jen Caltrider tells Avast. “Dating apps on the other hand, holy cow. They’re awful.” Caltrider, whose background is in artificial intelligence, points out that many dating apps claim that the personal information equals better matches. As a result, people share incredibly personal facts — from their sexual preferences to whether their parents are still married to whether or not they use drugs to what type of car they drive — with these companies. “I don’t know how convinced I am about that,” Caltrider says, when it comes to the claim that this type of information will lead to a better and more fulfilling love life. It will, however, contribute to a vast trove of data about you that can then potentially be packaged and sold. For example, Grindr — the dating app for gay, bisexual, and trans men — was fined for nearly $12 million in January 2021 for alleged illegal data sharing under the GDPR. “Grindr is so bad,” Caltrider says. “It’s so incredibly bad. It shouldn’t be on anyone’s phone.” Additionally, Caltrider points out, there’s no transparency about the algorithms these companies use behind the scenes. According to her, that means “you don’t know what’s being collected or why or how it’s affecting how you date.” This means that you don’t know, for example, that if you linger for a bit longer on a blonde woman’s photo instead of a brunette's, you might literally never see a woman with dark hair on your screen again. Caltrider asks, “Who’s creating these apps? Who’s creating these algorithms?” The *Privacy Not Included guide also found that many dating apps ask for unnecessary permissions. For example, both Christian Mingle and JDate require permission to access your phone flashlight. “Even more concerning,” Caltrider says, Christian Mingle asks for the ability to disable your lock screen. There’s no clear reason why a dating app would need either of those abilities and, as privacy-concerned customers know by now, asking for unnecessary app permissions is one of the surest signs of a sketchy company. Most of these companies aren’t doing a great job when it comes to keeping all of that personal data safe and secure, either. “Almost all of the major ones have had their data compromised at some time,” Caltrider says. She points to the 70,000 images of women from Tinder that are for sale on the Dark Web as an example of what can happen when that data leaks. Speaking of data leaks and data sharing, many dating apps either require or give the option of signing up with your Facebook login. The reason for not using Facebook logins for dating apps is the same reason to not use it for other services: It means that the app can and will share data with Facebook — and vice versa. In other words, you’re making it easier for two corporations to collect data on you. And you’re opening yourself up to further security risks if the dating app leaks your Facebook credentials. “It’s convenient — ‘I can sign up with Facebook and it’s really easy!’” Caltrider says. “Don’t. Use a phone number if that’s an option. That’s something that’s easy to do and it’s a better alternative.” For people who want to keep dating online but who want to hold onto their privacy and security, Caltrider says that there was only one app that she feels good about: Lex. However, Lex has a very specific user base. It is, according to their website, “For queer, trans, gender non-conforming, two spirit, and non-binary people. For meeting lovers and friends.” For people who don’t fall into those categories, Caltrider says that eHarmony and Happn are “not perfect, but better.” “I wish there was a Lex for every community,” Caltrider adds. When it comes to connected sex toys, the *Privacy Not Included guide found that most were doing a pretty good job, with a few notable exceptions. The most glaringly problematic toy is the Qiui Cellmate, a male chastity device that has made news in recent months for users getting hacked and being forced to pay a ransom in order to unlock their genitals. Other toys that got dinged include the Sex Doll Genie, Realdoll X, toys from the luxury brand Je Joue, The Cowgirl, and Motorbunny & Link Controller. On the flip side, toys from Lovense, Vibease, WeVibe, and OhMiBod — all brands that have been in the sextech game for a long time — made the privacy cut. The one piece of advice that Caltrider has for people using connected sex toys? Change the name of your Bluetooth connection. “If it shows up as ‘The Cowgirl,’ change to ‘toothbrush,’” Caltrider says. “People are less likely to hack ‘toothbrush.’”