Hidden Dangers of Dating Apps – Considerations for Image and Phone Number Data
Dating websites and applications are increasingly popular as a way to meet people online. They provide a forum for interaction with individuals with like-minded interests as each site markets itself to specific communities. Most of these sites require a user to create a profile that includes interests, contact information, pictures, and personal preference information. Website users can then search the database of user profiles to find other users they would like to meet. Although the dating profile establishes an online persona of an individual, many websites don’t require users to provide their true identity or personal identifiable information (PII). For these websites, privacy is a top concern, and the use of pseudo-names is common. They help protect users since, in some countries, there are risks associated with using dating websites. The risks may be associated with local laws or customs in regards to gender and sexual orientation. However, what users may not know is that their true identity can be ascertained from a photo or phone number through the application of advanced technology as well as data-mining. There are publicly available tools that make this quite easy to do. This paper presents scenarios where an individual provides a photo or a phone number to another individual, who can then use this information to identify the person.
The Basic Conversation
Here’s what a very basic conversation on a dating site might go like:
The exchange seems minimal, but let’s take a look at what information can be obtained from it.
What’s in a picture?
The conversation includes a picture. Depending on how the app or site uses photos you upload, at least two things could happen:
#1: Reverse image search:
There are some online services, such as Google Image Search and TinEye, that allow you to upload a photo and search the Internet for that same photo. The photos may not have to be an exact copy as these services are improving facial recognition to find enough similarities between photos to identify names. The results could reveal more information than you intend to provide to a stranger.
Easily drag and drop a photo into Google Image Search:
Results guess words, matching sites, and similar photos to the one uploaded:
What you can do:
Make sure you don’t use the same photo you use on social media or elsewhere. If you keep your photo exclusively for dating app purposes, it will be more difficult for others to find information about you online. Recently, an app called FindFace claimed a 70% success rate in identifying someone from an uploaded photo, creating fears of threats to online anonymity. This means that reverse image searches will look for photos that look like you instead of limiting to just the exact photo. If this concerns you, then consider changing your public social media profile pictures, such as your profile and cover photos in Facebook, so that your face is not seen.
#2 Metadata/Exif data:
Some photos include additional information, possibly even your location, called Exif data. Many sites will remove this automatically, but it’s worth verifying their practices. Michelle Obama, John McAfee, and even rhinos have experienced security problems when geo-location data was inadvertently attached to photos posted online. Make sure you understand what’s attached to a photo or, better yet, make sure the data isn’t included in the photos you use.
Exif data, including GPS information, attached to a photo taken in Florence, Italy:
Using GPS information with Google Maps easily reveals the location where the photo was taken:
What you can do:
Remove metadata before you use photos on dating apps. See Security-in-a-Box’s guide on removing metadata.
Some countries provide caller ID services that reveal the name of the registered owner of a phone number, and also allow the owner to block that information when making calls so recipients can’t see who is calling. Some countries don’t provide this service at all, so it creates a sense that caller information is private unless they provide their names.
However, there are sites that “crowd-source” information from contact lists on mobile phones. One example is the site Truecaller. By installing and signing up for Truecaller, you give the site permission to read the list of contacts on your phone and save it to its database. This means that any other subscriber to its service is able to look up information from your address book.
Imagine that one of your friends signed up for Truecaller, providing the site with your phone number and your real name. Anyone on a dating site to whom you send your number could use it to discover your real name.
Below is a real-life example from Truecaller. The number +27 11 111 1111 in Truecaller returned the name “Rob Imthat Effingirl.” Obviously, no mobile provider or national registration has provided this name given it’s not a real name and the number likely isn’t valid. (Truecaller has also identified it as a number used for spam). But somebody saved that number on their phone with a fake name, which is now available for any user of TrueCaller.
So it could easily happen that you provide your number to a stranger who uses Truecaller, who then uses Truecaller to find your real name, which may have been provided by one of your friends who also uses Truecaller.
What you can do:
Unlist your number. Below is how you can remove your name from Truecaller. Be aware that unlisting your phone number will prevent you from using this app.
Use a temporary number. There are apps available to help you add a barrier between people and your real phone number.
Burner App. This lets you create a temporary disposable number for free. Not available globally, but similar paid apps offer services in more countries.
Google Voice. Lets you create a number that handles incoming calls and add instructions on how and whether calls get forwarded to your real number.
Hide your number on social media sites. Many social media sites and apps allow people to search for users by their phone number. Consider turning this off in sites such as Facebook, LinkedIn, and Twitter. Though WhatsApp requires a phone number to use in the first place, you can control what information a stranger sees before you add them to your contact list.
It’s always worth looking at an app’s settings to look for a “Privacy” or “Security” section for more control of your profile. Many sites include their own safety guides with helpful information specific to their features and platform. Below is a list of some of these guides:
Tactical Tech Regional Guides:
Privacy practices when using social media and dating sites can be limited by a user’s knowledge of online resources that connect information to personal identities. By knowing how various sites and services collect and then use your phone number and image information, you can make better decisions about your online presence and how and what you share with strangers. Still, technology should never replace your instincts about online interactions: if something doesn’t feel right or is too good to be true, it probably isn’t something to pursue.