Practical privacy and simple cybersecurity.
TheNewOil.org

Love is in the Air (via WiFi and Dating Apps)

It’s February, and among other things worth celebrating, that means in some parts of the world it’s Valentine’s Day. Also it’s still fairly early on in the year, which means many people are making promises to themselves to find love as a new year’s resolution. And of course, with the ongoing global pandemic people are turning to dating sites and apps in unusually high numbers. So if you’re reading this, there’s a good chance you either already have or have considered using online dating in the form of something like Tinder, Match, eHarmony, or other. Let’s talk this week about how to use online dating safely.

Picking a Service

There’s no shortage of dating services these days, each with a different target demographic and set of features. My recommendation would be to first start with a service that offers a desktop website rather than strictly a mobile app. I’ve covered numerous times on my site how apps are dangerous – they have a lot of access, and they almost always track you in invasive ways that get sold to advertisers. They can also be a serious attack vector for malware or data leaks. So start off by picking a company that lets you opt out of the app. It also couldn’t hurt to check the privacy policies and attempt to find the companies who most respect you, but I think just avoiding apps – combined with some of the other general browser advice on my site – will keep you pretty safe from most of the basic privacy invasions. And if you really think you need the app, I just want to point out that it’s a bit of a red flag if the person you’re chatting with can’t wait a few hours for you to return when you’re away from a computer. (If you don’t have a desktop and you must use the app, remember just to give it as few permissions as possible or disable them after using them – ex: upload a photo then revoke photo/camera access.)

Signing Up

This goes for just about any website, but extra so for dating websites. So you’ve picked the service you want to use and you’re ready to sign up. Start by creating an account with AnonAddy or SimpleLogin and use that as your email address to sign up. Next, use a password manager to create a strong password for your account. Once you’re in, also be sure to turn on two-factor authentication. We’ll talk more about account settings in a moment.

Filling Out Your Profile

Next you’ll probably be prompted to put in some information about yourself. This is where you need to think critically. If it’s a site that requires a real name, I recommend using a common nickname. For example, Alex. If you’re a girl, that means your name could be Alexandria, Alexandra, Alex, or other. If your name is spelled uniquely, like Alyx or Alecz (yes, I’ve seen both), spell it wrong (“normal”) on purpose. If your first name is unique and can’t be shortened to something common, use your middle name. I’ll talk about coming clean later. If the site asks for a username, randomly generate one. Have your password manager generate a passphrase and pick the first two words it comes up with.

When it comes to information about yourself, be honest but cautious. I mean, you’re here to find someone you want to spend (presumably) the rest of your life with, right? Why would you sabotage yourself here? Talk about your favorite books, movies, TV shows, hobbies, etc. Privacy Pro-Tip: this is a great place to start laying the foundation for your potential partner to brace themselves for your privacy-focused lifestyle. I used to word it something along the lines of “I’m really into cybersecurity, so if we end up hitting it off I’ll probably want to use an encrypted messenger like Signal at some point.” There’s a million ways to word this. We’ll talk about that switch to encrypted messaging later, too. Here’s the important thing: do NOT list any super personal information. “Super personal information” in this context includes where you work, where you went to school, or even your exact neighborhood. WHAT you do and GENERAL information is totally cool. “I graduated 4-year university and majored in computer science” is acceptable. “I went to X University and got my BS in Computer Science” not so much. “I work in technology” or even if you want to get specific and say “I make security software for businesses,” also okay. “I work at XYZ Corporation,” not okay. Remember that you have to give this person SOMETHING to work with. I ignored all profiles that say stuff like “ask and find out” or are just plain blank or too vague. It's just too much work to try and find common ground when you have literally nothing to start with. There’s plenty of middle ground in between leaving your profile blank and oversharing.

Last but not least, your photo. For dating sites, personally I think makes sense to post an actual photo of yourself for numerous reasons. Here’s my advice for that: first, TAKE A UNIQUE PHOTO! Don’t reuse a photo you have lying around, especially if it’s been posted online before. Google claims they don’t use facial recognition in their image search, but they do look for other places that exact image has been posted before. Second, be aware of what’s in the picture. Don’t post pictures that have your work shirt with the logo visible, show off the skyline outside your apartment, have mail with your address or real name lying in the background, etc. And make sure that if it’s a photo with you and another person that the other person has consented to you using their image, otherwise use GIMP and blank out their face. (You don’t want to the person you’re talking to to accidentally think you’re them anyways.)

Using The Service

So now that we’ve made a profile and we have access to actually start using it, there’s some additional considerations. First off, check your account and profile settings. As I mentioned before, you’ll want to enable 2FA, but also there’s usually a ton of default settings you can change that make your profile more private (from the site, other users, and non-users alike), disable some of the more generic tracking features, and opt out of annoying “features” like email notifications. Go through each setting carefully, read and understand it, and respond accordingly.

Some of the more respected dating sites will require payment, like Match and eHarmony. If that’s the case, remember to use a payment masking service or prepaid debit card to make the payment. You should always view any digital information – especially dating sites – as data breaches waiting to happen. Don’t give these people your real card number.

Finally, related to the point above: treat any information you put on this site as public record. If you and your new date start hitting it off and getting steamy and you want to trade some pictures, first get consent. Second, assume that picture will be made public. Maybe you’ll get lucky and it won’t. But you never really know if the person on the other end is gonna screenshot it and share it around, if the site will suffer a data breach, or if a rogue employee (an increasingly common problem) will peruse messages looking for stuff exactly like that. That goes for anything from your Netflix password to your personal information and images. Be careful what you share! Even if the person you’re talking to is trustworthy, there may be other eyes who aren’t.

Meeting Up

I would be remiss if I didn’t include a short section about getting together in person. When it comes time to meet up, I would be more concerned for safety than privacy. You may be familiar with some of these tips, but here they are in case you aren’t: meet up somewhere public first – a bar, a restaurant, a movie theater, whatever. These days you could even go with a park, a store (window shopping is fun), a fast-food place, etc. Tell someone close to you where you’re going and when you expect to return. If you may not return, arrange a check-in time. “Hey, if you haven’t heard back from me by 9 am, get worried.” Tell them who you’re seeing and whatever contact info you have about them. I know this is dark, but you gotta think worst case scenario. If you don’t come back, having that information gives investigators an automatic lead to start with. And finally, as with everything in life, pay in cash. I once had someone overhear the server at a social function call my real name when trying to return my debit card. Fortunately that person kept my secret but it just reminded me how through no malicious intent or fault of anyone that information can easily get shared.

Coming Clean

Okay, let’s say you guys have been going out for some time and you’re really hitting it off and you think they might be the one. How do you handle telling them you’ve been lying all this time? Short answer: by not lying and laying the groundwork early on. Remember how I said “mention your privacy lifestyle in your profile?” When you do that, you’re already planting the seeds that you care about this stuff. So after a few successful dates, say something like “hey, remember how on my profile I said that thing about encrypted messengers? Well I think things are going really well and I was wondering if you’d be willing to download Signal/Matrix/XMPP/Session/whatever and use that when talking to me. I’d be more than happy to help you set it up next time we see each other.” In my experience, I have never been met with a no.

“Okay but Signal is one thing, what about when they find out I’ve been lying about my name?” Also easy: you haven’t. “Hey, just so you know, I’ve actually been using my middle name. My first name is X.” LOTS of people go by nicknames or middle names, either because they don’t like their real name or it’s too hard for people to remember or spell or whatever the case. I don’t recommend lying and making things up. If you’ve never had a stalker before, don’t say you have. But if you have, feel free to use that as an excuse (even if that’s not actually why you got into privacy). Again, in my experience, I’ve never had anyone feel betrayed or lied to. I promise you, 90% of people don’t care and if that’s enough to make this person dump you, they weren’t the right one anyways.

If your relationship becomes seriously long-term, living together and being married is a challenge to navigate. The most important thing is to communicate. My partner respects that I value my privacy, and while I’ve gotten her to be more privacy-conscious she’s certainly nowhere near on my level. Whenever I do ANYTHING privacy-related that might impact her – such as putting a VPN on the router – I always communicate with her. It usually goes something like this: I say “hey, I want to do this thing.” She goes “okay, why?” I explain the privacy or security benefit. She goes “okay, will that impact my ability to do X? (use TikTok, watch Hulu, etc.)” I respond with “from what my research tells me, it shouldn’t. But if it does I can make adjustments.” I work with her to find out when is the best time for me to implement this thing so that I’m not adding more stress to her during a stressful time or messing up her days off. Once it’s implemented, I ask her to test the apps or whatever she was worried about. If they break, I disable my change and do more research. If they work, I tell her to tell me if that changes and move on to the next thing. All that to say: communication. She respects that I value privacy and I respect that she values convenience. We’re open and up front with each other and we work together to find the best balance. (Even if it means I have to spend a week researching smart TVs when the last TV show I watched was ten years ago.)

Conclusion

I’m sorry this blog post ran long this week, but there was a lot of ground to cover. If I had to sum it up, I’d say this: use the same good internet habits like strong passwords and being careful what you post, don’t lie to people but learn to blend in, and if things work out be sure to communicate openly. Relationships require trust, and I’m not saying to give out your social security number on the first date but if you can’t grow to trust that person then you shouldn’t waste their time and risk yourself. As you grow with and closer to someone, you should grow to trust them, and that means adjusting your threat model and letting your walls down – to some extent – to let them in. A potential partner is no different than a potential privacy solution you’re considering: you have to vet them, but eventually you have to trust them. If you can’t trust them, move on. And good luck out there. The dating scene is frustrating, often disappointing, and takes time. Your privacy wasn’t achieved overnight, neither will your happily ever after. But I’m rooting for you!

You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...