Privacy practices of "Swipe Left: Privacy Practices of Online Dating Apps":

After clicking on this article, Google, Facebook and LinkedIn will know that you are interested in the privacy practices of online dating apps.

Privacy Policy and Terms of Use:

  Facebook collects user data to create profiles that...

  Google...

  LinkedIn...

  Facebook...
  .
  .

---Data retention by your national surveillance organization...:

Wonder if Zoosk in light of this article will check their audit logs and see who accessed Roya's profile internally then cross reference with employee onboarding dates then fire the employee.

Very relevant paper: "Hardened dildo.io, A Cryptographically Secure, Usable Matchmaking Service"

https://courses.csail.mit.edu/6.857/2016/files/13.pdf

I've actually implemented this paper in a hackathon, but we never launched it. It's basically like tinder, but no central server has access to anyone's likes. Yet, by using homomorphic encryption and a calculation performed on the server (through which no information is revealed), you can know if someone you liked likes you back. It's pretty cool!

How in the world is logging in using facebook more secure than email. People can create a facebook account people can create an email.

Author is fooled into false sense of security around facebook profiles. A facebook account can be just as fake as an email address.

Sigh, being paranoid bout this stuff makes it really hard to get laid :/

"Screw [dating app] lets meet with this cryptographically anonymous app instead" seems like a tough sell for most women tho.

Possibly concerning as well is it looks like Tinder outsources their databases to a third party provider:

https://blog.rackspace.com/tinder-swipes-right-for-rackspace...

Tinder actually let's you verify with a phonenumber instead of a facebook profile now.

Or at least they claim to

Our app has a somewhat Tinder-like feel, though it's paid (escorts). I don't want to go overboard plugging, so see my profile for details. For fun, here's how we score on the article's items:

1. No scammers. We require providers to be vetted in some way (references). Clients are going to need to provide screening to see providers.

2-A. We use our custom login system. Verifying your social media account is just a read-once thing we do; we don't ever have access to post. In fact, it is unlikely we'd even get approved for an API key on most platforms.

2-B. For launch we're pretty exclusionary :(. Focusing on cishet couplings, female provider. We're going to address that as soon as possible. Queer sex workers face additional challenges for sure.

3. Data safety. Due to our company's legal status (extrajurisdictional), we have to deeply hide all data. Our servers don't have persistent storage, RAM only. (At boot, it's a manual restore from something like Tarsnap.) Only a few people have root or raw DB access. This does not include most devops people - they go through a change approval process. Real access is limited to core members heavily vested in the company with a need-to-know. More at [1], please ignore the clickbait title.

Another key point: connectivity is heavily restricted. App servers only have inbound socket from their hidden service, plus outbound to the DB layer hidden service. DB layer only has that inbound socket. DB requests are rate limited globally plus per user.

4. We'll wipe your data shortly after deactivation if there are no abuse reports on your account. In which case we keep a photo ID and birthdate so you can't sign up again and get a clean record. This is needed to protect user's safety. But at least a photo is not so readily searchable. Maybe Facebook can do it, but if we were to somehow

1: https://medium.com/@PinkApp/pink-app-trading-latency-for-ano...

this is extremely basic, obvious, and probably below the technical level I'd expect from a HN fp item :(

it opens suggesting an insider's view, and then just list obvious trivia.

its harder to create email accounts than it is facebook accounts, lately