In a bombshell report on Tuesday, it was revealed that Tinder users are left vulnerable to voyeurs, blackmail, and targeted surveillance. Researchers at security firm Checkmarx demonstrated that Tinder doesn't encrypt photos, allowing someone on the same network to copy these files or even insert their own photos into the app. Worse, the data that is encrypted by Tinder is predictable, allowing the researchers to decipher "exactly what the user sees on his or her screen... What they're doing, what their sexual preferences are, a lot of information." Apparently, that student who e-mailed every Claudia at Missouri State had other options to find the one he was looking for.

So far there doesn't seem to be much fallout, though Tinder boasts it has made over 20 billion matches, redefining dating for an entire generation. If users don't seem to care at all, what does that say about privacy? As is often the case, we should look to history for answers.

Before, during, and after the French Revolution, there was an institution that stood fast. The cabinet noir, or "black room," barely budged while the rest of France experienced waves of violent upheaval. This room was where postal officials would open and read mail, reseal it, and ship it to the intended destination. In Vienna, where the efficiency of the postal system was tantamount, the cabinet noir became a fine-tuned machine, a system that ran so quickly it wouldn't disrupt the flow of mail, even when wax seals had to be reshaped to mask surveillance from letter recipients.

After revolutionary pamphlets made their way through Europe, postal spies were not a secret. Why waste the time and effort of resealing letters?

When you know someone is watching you, reading your most private thoughts and perhaps recording them, maybe it helps to pretend it's not happening. If you're getting what you want from the service, it's no big deal, right?

In November, we peered behind the curtain of Android's cabinet noir, where user data is analyzed and passed along. What we found was a dizzying array of trackers hidden in popular Google Play apps, with an arsenal of ways to watch us. French non-profit Exodus Privacy provided us with the tools we needed to find these trackers, and now we had to try and untangle an industry of private surveillance.

The Exodus platform scans apps for trackers — hidden software that records and transmits user data. Though billions of people use apps from Google Play for their most personal and intimate affairs, few realize they're being monitored by code packaged deep inside these apps.

Snapchat has over 300 million monthly active users. According to one survey, about 14.2% of Snapchat users have sent sexual content via the app. Snap collects a full array of data, including metadata, content, and location information. When we audited Snapchat with Exodus, we found four Google and Microsoft-owned trackers. Through manual analysis, we found snippets of four more trackers: Sizmek, MOAT, Innovid, and the Nielsen Company.

Tinder collects nearly all data it can grasp, and they retain that info as long as they see fit. Last year, journalist Judith Duportail requested her data profile from Tinder. They sent her 800 pages based on four years of use.

Tinder has very permissive sharing arrangements with third-parties such as Facebook. The app collects almost everything Facebook allows: photos, lists of friends, education and employment info, and data about your friends. Tinder is part of Match Group, which owns other large dating services such as Match.com, OkCupid, PlentyOfFish, Twoo, and BlackPeopleMeet.com. We not only identified a horde of trackers in Tinder, we found loads of trackers in Match Group's other apps.

When someone as famous as Eminem is using Tinder for dating, you know it's a powerful force. But even famous people can take comfort in knowing their data is anonymized. If they believe the hype from the advertising industry, that is.

It's standard marketing practice to assure users that software performs magic with "anonymized" data to profile people without using real names, while also assuring that user data is "private". But with so much data available to analyze and correlate, it's virtually impossible to prevent user targeting and identification.

People do, in fact, desire strong privacy protections when it comes to sex and love. Last December, users were up in arms over OKCupid's "real names" policy. In 2016, The Daily Beast came under fire when journalist Nico Hines outed queer Olympic athletes on Grindr. A small amount of information was enough to identify the athletes by name, as is frequently the case with so-called "anonymized" or "de-identified" data. Grindr has at least nine trackers in its app, from tech giants as well as smaller analytics companies.

In the pursuit of love and sex, people around the globe endure an intense level of spying. Now that Tinder's lack of basic security controls has been laid bare, we need to speak loudly about our desire for privacy and turn that talk into action. Either we do something about it, or the cabinet noir will continue to read the world's love letters.

(Image: Sean O'Brien)


Sean O'Brien and Michael Kwet are Visiting Fellows at @YalePrivacyLab, an initiative of the Information Society Project at Yale Law School. Contact them securely.