Swipe right for (data) validation: What dating apps can teach us about data security
Wednesday, February 6, 2019/
Imagine this: you’ve just matched with someone new on Tinder. They’re gorgeous and you’ve got some great banter going. But before things go any further, they want to see a snapshot of your passport and the details of your last sexual health check-up. In the world of online dating, where verifying your identity is the new first base, this isn’t such an outlandish request. The problem is, and understandably, most of us are trying to avoid overexposing ourselves online.
In recent times, the topic of data privacy has been thrust aggressively into public awareness. Facebook experienced its largest security breach ever when an unknown hacker (or group of hackers) exploited a bug in the ‘View As’ feature to take control of 50 million user accounts. Add to this the Cambridge Analytica scandal, where Facebook achieved global infamy for its role in influencing the 2016 US presidential election via the improper use of Facebook’s API.
About 270,000 people downloaded the “This Is Your Digital Life” app, inadvertently providing permission for the London-based consulting company to access data about their personal life — as well as their friends — so psychographic profiles and behavioural predictions could be made for more than 87 million people. This information was then used by the Trump campaign to more effectively target (or, more bluntly, misdirect and mislead) voters.
With over two billion users, Facebook has become the global watercooler that much of the planet gather around. So when that social network is owned by a single company, we must consider how that company might use or abuse its control. We’ve all had that WTF moment when you get some random advertisement appear in your Facebook feed and you’re like: ‘What data do they have on me to make ‘em think I’d wanna buy a [INSERT EMBARRASSING PRODUCT HERE]?!’ But despite increased questioning about security and ethics, a mass exodus of users hasn’t occurred.
Particularly poignant is the fact that Facebook is still used widely by consumers looking for a quickie solution when verifying their ID on other online platforms, such as dating services such as Bumble. When you set up your new Bumble account, you give Bumble permission to port your personals over from Facebook, and thus you willingly spread your seed even further across the internet, impregnating more corporate servers with your digital DNA. In fact, it’s an orgy out there: Spotify validates our credentials via Facebook, Medium via Twitter, Meetup via Google, and so on. This is a perfect example of the trade-off that currently exists between privacy and convenience online, and how in almost every instance, we are opting for the latter.
Flooded with fakes
On the flip side, this type of social passport isn’t an adequate authentication solution for service providers either, when hell-bent scammers simply backup their fake dating profiles with fake Facebook profiles! Writing for Gizmodo in 2015, a clever journalist named Annalee Newitz analysed leaked data from the notorious extramarital dating site Ashley Madison to prove that up to 99% of female profiles were fictitious. Just absorb that for a moment: almost every female profile on Ashley Madison was fake.
To counteract this issue, casual hook-up platform Adult FriendFinder painstakingly combs through every single profile created on their platform — checking usernames, IP addresses and uploaded photos — to manually confirm that they are real. They also encourage users to verify their profile by sharing a copy of their driver’s licence and deploy AI technologies to scan private messages for red-flags such as users under 18, threats of personal harm or fraud, and even acts of bestiality. Based in Silicon Valley and serving more than 100 million registered members globally, this is how FriendFinder Networks maintains its reputation as a trusted yet highly confidential platform preferred by the likes of celebrities, teachers and government officials.
But not all dating services take this strict approach and it’s true that platforms worldwide are overrun with bot-generated profiles. Also, catfishing — where a real person will create a fraudulent profile in order to lure others into a romantic relationship — is a massive problem. Some in the United Kingdom have called for the practice to be made illegal after the BBC reported that in 2016, at least 3,889 people fell victim to romance fraud online, resulting in a whopping £39 million ($72.2 million) scammed by phony sweethearts (not to mention the emotional toll on its victims).
The extreme opposite of this profile impersonation must be the government of India’s Aadhaar system, which proves that you are who you say you are by linking everything from your bank account to your mobile phone number, employment details, welfare entitlements, HIV status and more to a 12-digit number. To get an Aadhaar, Indian residents provide biometric data including 10 fingerprints and an iris scan. Originally designed to improve interoperability of services and accessibility for the socio-economically disadvantaged, the scheme has come under fire for its extreme pervasiveness. Imagine if you had to enter your Aadhaar number when setting up your Seeking Arrangement profile!
Where to draw the data line
When it comes to dating online, the relationship between trust and privacy, well … it’s complicated. Our desire for confidentiality versus personalisation is enormously contextual and prone to contrariety. In New York City for Blockchain Week 2018, Amber Baldet talked about the power of selective disclosure. The former blockchain lead at JP Morgan urged us to consider how the technology we build today will shape the future of privacy. She too sees the need for greater interoperability of systems, but argued that people should still have the autonomy to choose when, how and where they reveal various attributes about their identity because “there are some things that at no point should be accessible to the entire public”.
This explains part of the reason as to why even genuine lovebirds — not just scammers — will build their dating profiles with pseudo-info in an attempt to blur the line between their public personas and private life. But pseudonymity can be a very powerful means to preserve our domestic dignity, provided it is coupled with tools to allow other people to validate our authenticity. While it comes across as an oxymoron, this idea to deliver ‘anonymous trust’ solves the current trade-off between our desire to keep certain aspects of our private life, well … private … while satisfying the other person’s need for assurance — the kind of assurance that can only be achieved through transparency.
I see this as a very attractive way to satisfy our desire for data validation in recognition that, at times, we are willing to bare all and, at other times, we prefer to keep our private parts to ourselves. Much like dating.
From the frontlines
Five critical questions: Are you listing your startup too soon? Lisa Schutz Verifier founder
Sex appeal, runways and mature markets: Everything Guy Pearson learnt during his $26 million Series B raise Guy Pearson Practice Ignition CEO
Barriers from the outset: Why the government’s Boosting Female Founders Initiative is unlikely to succeed Laura Keily Immediation founder