Your dating app data might be shared with the U.S. government.

Bill Mount

When you download a dating app, fill out a profile with some of your most private information, and select “allow app to access location” to locate nearby potential love interests, you may feel a little exposed, but you proceed anyway, in order to find those dates. But there is reason […]

When you download a dating app, fill out a profile with some of your most private information, and select “allow app to access location” to locate nearby potential love interests, you may feel a little exposed, but you proceed anyway, in order to find those dates. But there is reason to believe that by using these sites, you may be unknowingly submitting to government tracking—and we can’t know for sure because of all of the secrecy involved with deals that data brokers make with government agencies. It’s yet another demonstration of the need to bring transparency to the data-collection industry.

Dating apps ask users for a variety of highly personal information and retain it indefinitely, potentially forever. This can include photos and videos, text conversations with other users, and information on gender, sexual orientation, political affiliation, religion, desire to have children, location, HIV status, and beyond. Many platforms also collect information regarding preferences in a partner (either through filters or using powerful algorithms that monitor users’ every swipe) and may therefore know about your preferences and deal-breakers with regard to ethnicity, religion, body type, and more. If you connect your dating app with any social media platforms—Facebook and Instagram are common choices—then the dating app company likely also has access to thousands of additional data points, including what kind of content you’ve liked on social media and who you are friends with.

One of the most sensitive forms of information that these apps collect and have access to is location data. Typically, dating app services require users to share their location so that the platform can recommend individuals nearby as potential matches. The precision of this data varies from platform to platform. For example, on Bumble, users share their current city and country with the app. When users are swiping through potential matches, the app will display      more precise location information on each user based on GPS data, such as “2.0 miles away.” This location data is updated every time a user opens the app. Tinder offers a similar feature. Other dating apps, such as Grindr, show even more granular location information. When you open the “nearby” feature on Grindr, the app displays nearby user profiles along with how many feet away they are. Depending on where you are located, you might find people on the same floor of your apartment building or just in the same town. According to Grindr, the company approximates location using a geohash system, rather than pinpointing it. These approximations are still incredibly refined.

Although it is important for dating apps to have access to a user’s location data in order to make relevant recommendations, its collection and possession poses a particular concern if the information is not safeguarded. In 2018, Queer Europe outlined how Grindr was providing such       precise location of their more than 3.6 million active users worldwide that their identities could easily be exposed by other users mapping out their whereabouts via external applications      . Despite this, the company had not implemented any potential solutions.

That same year, BuzzFeed News revealed that Grindr had been sharing sensitive user information, including HIV status, with third-party analytics firms. This data was bundled with information that could easily allow a user to be identified, such as location information, phone ID, and email address. After significant controversy, Grindr announced it would stop sharing HIV status information with third-party analytics firms.

Analysis has shown that Grindr also shares other user information such as ethnicity, “tribe” (or which gay subculture a user identifies with), and sexuality with third-party advertising companies in plain-text format. This type of text formatting is easy to gain access to via hacking, raising further concerns about the safety of user data on such platforms.

There are legitimate concerns around third-party advertising companies and malicious hackers having access to such personal user data. But, given the nature of this precise data, it is also particularly concerning to think of how it can be used if it falls in the hands of government agencies. In some countries where LGBTQ individuals are persecuted, such as Russia, Egypt, Saudi Arabia, and Zimbabwe, Grindr hides the user’s location by default. However, this feature is not widely applied in all countries where LGBTQ users may face retaliation for their sexual identity.

In the United States, user data collected by dating apps is also up for sale, via data brokers. Commercial data brokers are for-profit entities that aggregate private information by scraping the web and buying data from other companies (such as credit card companies). Although the data broker industry is booming, these companies often operate in the shadows. Today, they play a critical role in the data supply chain by compiling and selling our personal information, including our search histories, location data, and what businesses we visit the most, to anyone willing to pay for it. User location data is both among the most sensitive and most profitable data that data brokers compile and sell, leading to the growth of a new location data economy. Due to the lack of transparency surrounding these purchases, we largely do not yet know how many government entities are buying data from brokers, and which dating apps feed their data to those particular brokers. So unfortunately, it is not yet clear how pervasive this problem is, or which dating apps pose the most severe privacy risks.

In one example we do know about, Motherboard recently revealed that a data broker named X-Mode has been compiling geolocation data from popular Muslim dating app Muslim Mingle and selling this extremely private data to the U.S. military through defense contractors. The Department of Homeland Security, Immigration and Customs Enforcement, Customs and Border Protection, and the Internal Revenue Service have been caught using data brokers’ commercial databases with location information (though it’s unclear whether it was sourced from dating websites) to identify, track, arrest, and in ICE’s case, potentially even deport immigrants. Motherboard also identified another network of dating apps that have been sharing user location data with X-Mode, including Iran Social, Egypt Social, and Colombia Social.

Certainly, while dating app users may share their sexual orientation and location in order to find dates, they don’t intend to hand those details over to government and law enforcement agencies. And when the federal government purchases data from these brokers, it’s making an end run around the precedent set in Carpenter v. United States. The Supreme Court recognized in the 2018 Carpenter case that tracking the movements of a specific individual over time is extremely invasive, and individuals have a reasonable expectation of privacy toward that information. Accordingly, the court held that law enforcement must have a warrant to obtain location information on a particular individual for a period of seven days or more. But when the government obtains databases of our personal information from dating apps (via data brokers) without warrants, they are making an end run around these Fourth Amendment requirements.

Policymakers are beginning to catch on to the key role that data brokers play in the ever-expanding surveillance ecosystem in the United States. There is growing consensus among Congress and other policymakers that a comprehensive federal data privacy law is direly needed, and this would be a necessary first step to protect Americans’ privacy, particularly from commercial data brokers, but alone may not be enough. On Feb. 18, a group of members of Congress led by Democratic Reps. Mark Pocan, Ilhan Omar, and Rashida Tlaib sent a letter to the Department of Defense requesting further information on the government’s purchase of data from X-Mode (and indirectly through Muslim Mingle and other dating apps). In 2020,Sen. Ron Wyden announced that, together with colleagues, he is planning to introduce legislation called the Fourth Amendment Is Not for Sale to tackle this specific issue and rein in the government’s warrantless purchases.

Dating apps are privy to some of our most personal information, and we only share it for the purpose of finding romance. But a user should not have to expose their sensitive personal data—least of all to the government—in order to land a date. Users would most certainly swipe left on the government tracking them.

Future Tense
is a partnership of
Slate,
New America, and
Arizona State University
that examines emerging technologies, public policy, and society.

Next Post

USC Computer Science Professor Named to DARPA ISAT Study Group - USC Viterbi

Matarić is a leading researcher in the field of socially assistive robotics. Photo/Florence Hui. The Defense Advanced Research Projects Agency (DARPA) has named USC Professor Maja Matarić to the Information Science and Technology (ISAT) study group. Matarić is the Chan Soon-Shiong Chair and Distinguished Professor of Computer Science, Neuroscience, and […]