Dating Apps & Privacy: Update
I mentioned my concerns about dating apps at the beginning of last month, and I wanted to quickly reflect on my findings.
Dating apps are difficult to use if you’re trying to hide personal information.
Let’s discuss the irony and futility of this first. By function, dating apps are not meant to keep your information private. Sharing information about yourself with the world is the name of the game.
However, The fact that you choose to share your pictures and general location does not mean you automatically want to share other things, such as your browsing habits, your dynamic location throughout the day (even when you don’t use the app), or your phone number. Yet, this is the kind of information these apps give out to third parties by default. You give all of that up almost automatically as soon as you open the app on your phone.
My goal was to reduce the amount of authentic information such apps have on me to a minimum. Besides the pictures, everything else I gave out was disconnected from my true identity.
Using a borrowed Android device, I got myself a new sim card, a number, and with it, a Google Voice number. At start, I used Google Chrome without VPN from my laptop (from a public open WiFi) to “train” the new Google account a bit. Google Voice numbers, in my experience, are the only VoIP numbers that work with dating websites. I’ve registered a couple of local news outlets (including Google News) with the new Gmail account and checked on it daily for a week before I attempted to log in from behind a VPN.
As expected, Google wanted me to authenticate, but it was happy enough with a captcha and Google Authnenticator (which uses a 2FA I could sync with KeepPassXC, so no need for a phone) for the most part. After 3 weeks of usage, this account is still very usable, and the number associated with it is working well.
As for the dating apps (I was using thee websites sites now, from behind a VPN), they were less welcoming. One site, for example, forced me to sign in with my Google Voice phone number, and then sent me an authentication code. After I authenticated, it asked me to put in a password, and then it asked me to enter a second authentication code from my Gmail. Only then I was able to access my profile.
Another site blocked me mid-chat with a person. After about a half an hour of semi-flowing conversation, it abruptly cut me mid-sentence to inform me that my account was under review for “suspicious activity.” They said it will take minutes, but it took more than a day before anything happened. Eventually this ban was lifted after I sent a couple of pictures of myself in silly poses.
Meanwhile, a couple more days of VPN usage granted me a complete ban from another dating site without a chance of redeeming myself, even though I was supplying all the codes they sent me. Or at least that’s what I thought. When later I tried to connect from the app itself (coming up), everything worked fine and there was no mention of this ban.
Look, I get it. VPNs are the bread and butter of spammers, especially on dating websites. Big dating companies (which own several of these sites) need to have quick blocks in place to prevent abuse. Still, it doesn’t justify the amount of personal data they harbor and sell to third parties.
Eventually, I decided to give up using these apps' websites from a privacy-enforcing computer1. I realized that I could get the same results if I play their game and download their spy-dating-apps on my “dating” phone.
I will keep using the phone from the same public WiFi, utilizing the same email and Google Voice number I’ve been using. I will keep the phone off and only use it when I’m around that area, usually when I have time to browse potential dates. In turn, this will also prevent me from “swipe addiction,” and force me to focus on being more productive with my time. When I find someone I want to keep talking to, I could give them a Google Voice number that is connected to my real phone; this will protect my real number from getting spam from whatever is on their phone if I end up on their contact list.
Interestingly, the Google account I created for this purpose is happy with me as long as I use 2FA. At times, I realized, it doesn’t even ask for a captcha. I believe this is because the account is logged to an Android phone and I have 2FA turned on to what Google believes is their own Google Authenticator. This helps with the dating too: I can log in from my protected machines whenever I want to see if I got any interesting messages, and then grab my “dating phone” and go use it from the public WiFi location.
This is not exactly ideal, but it’s much better than having these spy apps installed on my main phone, scraping every piece of information they can about me.
While I used this solution for dating apps, I’m planning to expand this usage to other privacy-disabling platform that I keep having problems with, like Twitter or Instagram. Since Google Voice forward messages to me email by default and I can log into my alternative Gmail from any location, I can potentially get those annoying SMS authentication codes anywhere.
Reply to this post on Mastodon, or you can always email me: taonaw<at>protonmail<dot>ch (for GPG, click the lock icon on the navbar to the left).
Besides VPN, this includes blocking ads, cookies, browsing history, and fingerprinting. ↩︎