Are dating apps like Tinder a security vulnerability because it is so easy to access data about people?
I have been thinking that all one would have to do is find a suitable way to save a copy of the information presented on-screen on a swiping-based social app like Tinder, Hinge, or Boo. (There are a variety of ways you could do this.)
Then you would basically be able to compile tons of data about people that is usually not that openly accessible anywhere else on the internet.
I read there are companies that basically compile data and sell it - data vendors. I even saw an ad once for a service that helps you find companies that just compile as much data as they can, and request that they delete all data about you, which they have to comply with.
I believe data about people must be the single most powerful, useful and in-demand kind of data. There are many scenarios where one can imagine how useful it would be to just know exactly what people live in a certain area, what are their interests, what do they do for work, etc. This data can also be used for malicious intents of various kinds, including various kinds of large-scale social engineering.
I think this is one reason this kind of data is not meant to be that accessible, online. There’s no one-stop-shop to just download massive amounts of information about all the people in the world, compiled from all kinds of odds and ends, here and there, but sifted together and made organized and useful.
But, this makes me worry sort of, that it is more than possible to do that, if you devote yourself to it. The fact that the powers that be have tried to make it a little harder, has had a bad consequence that most people do not realize how easy it is for people that want to do so.
I am wondering if my assessment that apps like Tinder and Boo are actually gaping security holes allowing people to harvest quite private information about people’s identities - names, faces - is correct. Is this an unacknowledged issue with these apps? More generally, is there any talk in the security world about how to make private information way more rigorously private, so that there is a very, very low chance that a malicious actor, or anyone at all, could end up compiling a ton of data about you just based on little pieces here and there, even from legal methods and sources?
