No, can often be the answer if you’re not careful. Never mind the scammers on the sites, it’s the owners of the sites that could be the issue. There are dating brands (some of them very big) who do all sorts of things with your data that you may not be aware. This article is a way for you to test the sites you use and gives you an idea of how to better protect yourself. It has practical tips on finding how secure your dating app actually is and ways for you to try and hack your own data.
Reanimating dead profiles:
This is the process of taking an account that has not been used for a while and making it appear active, most often by sending messages on behalf of the inactive user. So you may have used a site, found a partner and left without deleting your account. You picture and profile is then becoming active again and communicating with other people!
Not deleting accounts:
There are many different things to look out for in the terms and conditions with deleting and removing data:
Some dating brands keep hold on to as much data as possible to inflate their companies valuation. The more members they state adds value to the company and helps attract new users. If a company is stating millions of members you should consider if these are all active and/or completed profile registrations. Online dating is also a very male dominated industry. Deleting old male accounts and holding on to inactive female accounts is a way to make the male / female ratio close to 50 : 50.
The are an estimated 40,000+ dating sites worldwide that are clones of other sites. These are know as white label sites. Individuals set them up with the help of a provider to start their own dating site. A person who joins site A can have their data shown on site, B, C and D. Although your data is only stored in one physical location you many not want to be associated with some other brands. For example, you could join a mainstream site and say that you like some fetish activities and then be shown on a number of hardcore bondage sites. Knowing all of the sites your data is shared on is near impossible as new sites are being made every day.
With the help of some mathematics someone could find your home without ever hacking the database. Or if they are not good at maths they can do it with a map, compass (one for drawing circles) and a pen. This is now it’s done.
The baddie use app and checks in their location (A), and notes how many miles away you are. Most apps give the distance from one user to another.
The baddie then moves to another location (B), and updates their location and notes down how many miles you are away.
They do it one more time with a final location (C) and notes the distance.
As long as their 3 locations form a triangle, ideally with your location within the boundary of the triangle they can work out where you are. If you’re outside the boundary they just need to try more locations. The picture below shows an example of just how easy it is to reverse engineer someones location.
You need to be sure your dating app is storing an approximated location to stop your exact position being exposed. Your options if you don’t know their policy are to try and hack your own location via the method described above with the help of a friend who also uses the app or never checkin your location from your home address.
Almost every site you use needs a password and having different passwords for every site is just too complex so people tend to use the same password many times. The other issue is using passwords that other people use a lot. I will explain why this is an issue, keep focused as this can get a bit complex which is why so many companies take short cuts! But if you get to the end of it I will reward you with a way of finding out if your provider is not doing a good job.
Passwords should be hashed. This is very different to encrypted. I personally use the word encrypted on ooOo® as very few people know what hashing is.
A hash is a one way process that turns your password into a jumble of letters, numbers and symbols. There are many hashing functions with some wonderful names, one of the most common is called md5 and another is called Blowfish.
Q: An md5 hash can be 1000 times faster to generate than a Blowfish hash. Which is best?
A: The slower, Blowfish hash is the best!
When a hacker gets hold of the database they will see a column of passwords. Worse case for you is your dating app has stored them in plain text. GAME OVER, the hacker has your password and your email address and can now test it on your Gmail, Hotmail, iCould accounts and then start to steal more data.
If the password is hashed with md5 it offers some protection but only if you chose a good password. Here is table of md5 hashes for common passwords.
|Users password||The hash (md5)|
The hacker will have a table of common md5 passwords, this is known as a rainbow table. It’s easy to make as they need a plain text password database hacked from another site and can make the md5 version in minutes and compare the results. As md5 is FAST, this is why it’s a liability.
Blowfish hashing is slow so making a rainbow table is a longer process but more importantly you can salt your Blowfish! I know this is now sounding like a recipe but adding salt (another set of random data) makes 2 identical passwords have a different hash value. See the examples below for one common password:
|Users password||The hash (Blowfish)|
Salt combined with Blowfishes slow running time means the only option is now brute force. The hacker has to guess a password, apply the salt and compare the results. This could take half a second per guess and with a complex password will take thousands of years to reverse engineer.
So how can you test your dating app? You need to request your password via their forgot password tool. If it gives you your current password they are storing your password in plain text. If it sends you a link to a reset tool then it’s likely the password is being hashed. However you cannot know what type of hashing they are using.
Attempt to hack your own location via GPS with the help of friend
Sign up with a newly created email address, don’t login and then try and sign up with the same address a month later and see if they deleted the account automatically.
Test to see if an app exposes your membership by using the reset password tool. Try this with an address you know exists on the app and a made up one, compare the output.
Reset your password and see if you get your old password back.
Contact customer support and ask them for your password, they should not know what it is!
If your not happy with any of the results you find from testing your current dating apps then request your data to be removed and ask for confirmation in writing. Finally, if there are any parts of my article that worry you please consider sharing it with your friends. Data security is an important issue that needs more awareness.