Difference between revisions of "Project:Dating Privacy"

From Wikibase Personal data
Jump to navigation Jump to search
Line 390: Line 390:
 
# open humans <br>
 
# open humans <br>
 
# art tools: https://www.brainstore.com/en/tools-summary<br>
 
# art tools: https://www.brainstore.com/en/tools-summary<br>
 +
# pithus: https://beta.pithus.org/report/226d01d9645270283cfbd056e8021032d06ae29b4212afc81fa5552a133222da<br>
 +
# NYT viz: https://www.nytimes.com/interactive/2020/04/28/world/asia/coronavirus-singapore-migrants.html?smid=tw-nytimes&smtyp=cur<br>
 +
# https://fr.openfoodfacts.org <br>
 +
# https://correctiv.org/crowdnewsroom-pro/ <br>
 +
# exodus privacy<br>
 +
# algorithmwatch -https://algorithmwatch.org/de/dataskop/ <br>
 +
# madada <br>
 +
# https://ucldigitalpress.co.uk/Book/Article/76/100/5736/ <br>
  
 
==List of apps for which we have obtained our data after a SAR==
 
==List of apps for which we have obtained our data after a SAR==

Revision as of 10:36, 26 August 2021

Datingprivacy.png

Description

Dating Privacy aims to contribute with data literacy and gaining control over personal information in a secured and ethical manner for end users.

This collective is a social movement we have started after identifying several privacy risks we, as dating app users, are confronted with when looking for a date online: unwanted ads, harms resulting from incorrect profiling and predictions, the possibility of phishing and identity theft.

Dating Privacy is a collective formed by members coming from different countries and disciplines (mathematics, sociology, journalism, law, physics) and foreparts (academia, private, independent, citizen NGO).

Contact e-mail: mailto:datingprivacy@personaldata.io
Twitter @datingprivacy
Meetings online at https://epfl.meet.switch.ch/dating-data
Every first Wednesday of the month at 8:15 pm (CET)

Past event:
“Dating Privacy” Collective Launch: Our Plan To Change the ‘Data for Dates’ Paradigm – Friday 12th Feb at 7:30 pm (CET)
link to the presentation https://tinyurl.com/20210212datingprivacy
Meetup event: https://www.meetup.com/tech4goodLIN/events/276275535/
Linkedin event https://www.linkedin.com/events/datingprivacy-collectivelaunch-6765208415816974336/about/

Subscribe to our mailing list: https://framaforms.org/dating-privacy-1613154652

Objectives

Dating Privacy seeks to bring together users' practices with dating app companies to improve personal data collection and processing for the sake of privacy and data rights.

  1. Build a community with civil society about dating apps' personal data rights
  2. Raise awareness about personal data concerns in dating apps
  3. Facilitate users' personal data requests and analysis with tools for data literacy
  4. Create a cartography of personal data (wiki data structures extracted from the SARs)
  5. Develop research methodologies that respect personal data rights and contribute with end users' concerns

Partners

Partners:
personaldata.io
MyData Vaud
Hestialabs

Recommended practices

  1. Start requesting your data via this link https://labs.letemps.ch/interactive/2020/demander-ses-donnees/
  • Type in the box the dating app name you use
  • Copy-paste the message and email address
  • Send it and wait for your file
  1. Already requested your data and received a file? Contribute with the wiki and map what your dating app collects: https://wiki.personaldata.io/wiki/Item:Q3569
  2. Are you an Android phone user? Download Exodus Privacy helps you to know which trackers and permissions are embedded in dating apps installed on your device.
  3. Configure your privacy settings on your dating app.
  4. Check out Mozilla privacy test on different dating apps
  5. Request deleting your data on a dating app when you stop using the app via the settings or sending an email. It is not enough to uninstall the app

Problems Identified

APP

  1. Subscription rates change according to user demographic characteristics (ex. age on Tinder, sex on Hinge). Prices are invisible outside the app
  2. Sharing personal data with third parties which is not necessary for the app functioning (ex. for advertisement, see The Grindr case study) and for other purposes unknown (ex. the muslim app providing data to the american army)
  3. Background geolocation when the app is closed
  4. Automatic subscription renewal without notification, when there is a problem you have to contact the headquarter in another country
  5. Fake profiles created by the company (ex. ashley madison, Lovoo), buying profiles
  6. Between 10-20% of users find a partner in France, Switzerland and United States. Do users really get the outcomes they want from the app in exchange for providing their data? Are users retained in the app?
  7. The app ignores settings for presenting results (ex. show me only women and the user sees men)
  8. Users are banned without any reason given by the app
  9. One user said it has zero matches on Tinder
  10. Data leaks because of security breaches, the app did not protected the data properly

Other USERS

  1. Scams, phishing, fake profiles. Users are affected by malicious user behaviours so how are dating apps moderating this and protecting users via the analysis of their personal data?
  2. Rape and harassment: when "unmatching" on Tinder, the conversations and the profile are deleted for the victim. The victim loses the data to report, see https://pages.rts.ch/emissions/temps-present/11994345-le-camp-de-la-honte-aux-portes-de-leurope-08-04-2021.html?anchor=12111124#12111124

Members

  1. Jessica Pidoux works on revealing biases in Tinder's secretive matching algorithms.shttps://jessicapidoux.info/ Pidoux
  2. Paul-Olivier Dehaye obtained the first personal data file from Tinder along with author Judith Duportail https://bit.ly/3cUOyTB Podehaye
  3. Marie-Pierre maps the dating app ecosystem and delves into dating app patents Genferei
  4. Frank has revealed privacy risks on Hinge and is currently being messed around by Hinge, Bumble and Tinder having asked for his data https://bit.ly/2J8mKOo Frandrews
  5. Judith H. digs into regulation policies and howonline dating interacts with collective practices and communities

On-going projects

' planning in progress complete who
Geneva student projects x MP, JH, JP, PO
Tool development, collaboration with Graasp x JP
Prepare TRUSTS project JP, JH, MP
Defining the project scope with Hestia x JP
Create and publish newsletter x JP, MP
Q&A for our website x JH
Data analysis workshop with Hestia x MP, JP, CF

TO DO

' planning in progress complete who
*Map the data ecosystem x all
*Next meeting Define the case study with questions we want to analyse x
*Add downloads per app in the wiki. x
*Add ranking per app in CH, FR, UK the wiki. x J, MP
*Dating app list https://tinyurl.com/goaldatingdata
*Add link to privacy policy x
*Add examples of silver dating apps (ref Le Monde) x MP
*Add examples of community apps x MP
*Check if policy documents are the same in different languages FR, EN, ... ( i.e TikTok doesn't)
*Organize media articles per data
*Develop tools for data literacy
*Define the methodology: data protection protocol and data collection and analysis method (EPFL Grasp tool or other?)
*Data analysis x
*Patent search and analysis MP?
*Privacy policies analysis
*Email us other ideas you have for contributing x all
*Publish launch video x J
*Communicate regularly X F
*Keep updated mailing list subscribers x
*Create a website x
*Document our tests in the apps
*Document SAR procedures x H
*Write ethical chart + privacy policy x H
*Check for subcontractors who wiil back-up the data H

Dating app list

  • Wiki

-->list of dating apps available on this wiki with ranking on apple and Android

-->list of dating apps available on wikidata

Top charts

top charts in France https://sensortower.com/android/rankings/top/phone/france/dating?date=2021-04-23

top charts in CH https://sensortower.com/android/rankings/top/phone/switzerland/dating?date=2021-04-23

top charts in UK https://sensortower.com/android/rankings/top/phone/great-britain/dating?date=2021-04-23

Privacy Policies

Links can be found in the wiki

Princeton-Leuven Longitudinal Corpus of Privacy Policies. Front-end here: https://privacypolicies.cs.princeton.edu/ghfront/ and the repository here: https://github.com/citp/privacy-policy-historical

“Out Of Control” – A Review Of Data Sharing By Popular Mobile Apps published in January 2020
see Technical report https://fil.forbrukerradet.no/wp-content/uploads/2020/01/mnemonic-security-test-report-v1.0.pdf
report https://fil.forbrukerradet.no/wp-content/uploads/2020/01/2020-01-14-out-of-control-final-version.pdf
Complaint letters https://www.forbrukerradet.no/side/complaints-against-grindr-and-five-third-party-companies/

PUbMatic
LUMAscape https://www.okanjo.com/blog/2016/12/14/ssp-dsp-dmp-rtb-wtf

Patents

List of Match Group patents: https://policies.tinder.com/intellectual-property/intl/en
Tinder Patents:

  number={US20160154569 A1},
  author = {Rad, Sean and
            Carrico, Todd M. and
            Hoskins, Kenneth B and
            Stone, James C.},
  url = {https://worldwide.espacenet.com/publicationDetails/biblio?II=0&ND=3&adjacent=true&locale=en_EP&FT=D&date=20160602&CC=US&NR=2016154569A1&KC=A1#}, 
  title = {Matching Process System And Method}, 
  number={US9733811B2},
  author = {Carrico, Todd M. and
            Hoskins, Kenneth B and
            Rad, Sean and
            Stone, James C. and
            Badeen, Jonathan},
  url = {https://worldwide.espacenet.com/patent/search/family/050234419/publication/US10203854B2?q=pn\%3DUS10203854B2}, 
  title = {Matching Process System And Method},
Match Group
SYSTEM AND METHOD FOR USER COMMUNICATION IN A NETWORK 
https://worldwide.espacenet.com/publicationDetails/biblio?CC=US&NR=2020137019A1&KC=A1&FT=D&DB=en.worldwide.espacenet.com&locale=en_EP&date=20200430&rss=true#

Hinge: Brevet publié en 2013 puis abandonné, jamais délivré. https://worldwide.espacenet.com/publicationDetails/biblio?CC=US&NR=2013066972A1&KC=A1&FT=D&ND=3&date=20130314&DB=EPODOC&locale=en_EP#

Facebook Dating: https://worldwide.espacenet.com/searchResults?submitted=true&locale=en_EP&DB=en.worldwide.espacenet.com&ST=advanced&EXTFTXT=%22dating+service%22&PN=&AP=&PR=&PD=&PA=facebook&IN=sharp&CPC=&IC=

Media

2021

2020

2018

2017

2016

to organize by date

Studies conducted scrapping dating app profiles

Legal

Tinder Annual report: Tinder on-going accusations. The Irish DPC case, also prices can vary according to users' age https://s22.q4cdn.com/279430125/files/doc_financials/2019/ar/Match-Group-2019-Annual-Report.pdf
My GDPR Complaint Against Tinder https://forum.personaldata.io/t/my-gdpr-complaint-against-tinder/70
Data Protection Commission launches Statutory Inquiry into MTCH Technology Services Limited (Tinder) https://www.dataprotection.ie/en/news-media/latest-news/data-protection-commission-launches-statutory-inquiry-mtch-technology

Data leaks and media scandals

Ashley Madison
Ashley Madison Leak No Big Deal? Think Again https://www.makeuseof.com/tag/priority-ashley-madison-leak-no-big-deal-think/
Les résultats de Grindr révélés grâce au scandale Ashley Madison "Grindr a eu des revenus résultant à la fois des abonnements et de la publicité de près de 16 millions de dollars en 2012" https://www.fugues.com/243577-article-les-resultats-de-grindr-reveles-grace-au-scandale-ashley-madison.html

OkCupid:
Here is a mirror for the OKCupid OSF Emil Kirkegaard dataset https://www.reddit.com/r/datasets/comments/4jj53i/here_is_a_mirror_for_the_okcupid_osf_emil/
Researchers Caused an Uproar By Publishing Data From 70,000 OkCupid Users https://fortune.com/2016/05/18/okcupid-data-research/
Controversy over OKCupid keynote at CHI 2018 https://www.reddit.com/r/sciences/comments/8edxm3/controversy_over_okcupid_keynote_at_chi_2018/

Grindr:
Données privées : le site de rencontres Grindr mis en cause https://www.lemonde.fr/pixels/article/2018/04/03/donnees-privees-le-site-de-rencontres-grindr-mis-en-cause_5279794_4408996.html

Lovoo
LOVOO’s CEO Benjamin Bak resigns https://inside.lovoo.com/en/lovoos-ceo-benjamin-bak-resigns-2/

happn
En détournant l’app Happn, un hacker peut tracer votre chemin en temps réel https://cyberguerre.numerama.com/5827-en-detournant-lapp-happn-un-hacker-peut-tracer-votre-chemin-en-temps-reel.html

MobiFiends Barcelona Based dating app, user data breach https://www.infosecurity-magazine.com/news/data-breach-exposes-four-million/

coffee meets Bagel 2019,Happy Valentine’s Day: your dating app account was hacked, says Coffee Meets Bagel https://techcrunch.com/2019/02/14/happy-valentines-day-your-dating-app-account-was-hacked-says-coffee-meets-bagel/

J crush 2019, Jewish dating app JCrush exposed user data and private messages https://techcrunch.com/2019/06/04/jcrush-exposed-data-messages/

Donal Daters 2018, Donald Daters, a dating app for Trump supporters, leaked its users’ data https://techcrunch.com/2018/10/15/donald-daters-a-dating-app-for-trump-supporters-leaked-its-users-data/

Meet Mindful 2021, Hacker leaks data of 2.28 million dating site users a dating site platform "for people who are into health, well-being, and mindfulness" https://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/

3somes, CougarD, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating 2020, Report: Breach Exposes 100,000+ Users on Niche Dating Apps https://www.vpnmentor.com/blog/report-dating-apps-leak/

Fessées, menottes, bondage : les préférences sexuelles de 20 000 Français fuitent d’un forum Forum "Domi" reportedly related as subsidiary to self claimed fintech group BD Multimedia https://cyberguerre.numerama.com/4925-fessees-menottes-bondage-les-preferences-sexuelles-de-20-000-francais-fuitent-dun-forum.html

References with databases

Rosenfeld, Michael J., Reuben J. Thomas, and Sonia Hausen. 2019 How Couples Meet and Stay Together 2017 fresh sample. [Computer files]. Stanford, CA: Stanford University Libraries.
The OKCupid dataset: A very large public dataset of dating site users https://www.researchgate.net/project/The-OKCupid-dataset-A-very-large-public-dataset-of-dating-site-users
- Full paper: https://web.archive.org/web/20200728135539/https://openpsych.net/files/papers/Kirkegaard_2016g.pdf

Surveys

Tinder usage statistics: https://www.businessofapps.com/data/tinder-statistics/\#2
Pew Research Center (Feb 2020): The Virtues and Downsides of Online Dating. Retrieved from https://www.pewresearch.org/internet/2020/02/06/the-virtues-and-downsides-of-online-dating/
Swiss Federal Statistical Office (Nov 2019): Families and Generations Survey. Retrieved from https://www.bfs.admin.ch/bfs/fr/home/statistiques/population/enquetes/efg.assetdetail.10467789.html
INED France (2016) https://www.ined.fr/fr/publications/editions/population-et-societes/sites-rencontres-qui-y-trouve-son-conjoint/
Roughly six-in-ten online daters in the U.S. are concerned about data collection (May 29, 2020) https://www.pewresearch.org/fact-tank/2020/05/29/roughly-six-in-ten-online-daters-in-the-u-s-are-concerned-about-data-collection/
Survey in Germany (2017) https://www.splendid-research.com/de/studie-dating-portale.html

Technical references

An Evidence‐based Forensic Taxonomy of Windows Phone Dating Apps https://onlinelibrary.wiley.com/doi/full/10.1111/1556-4029.13820
Privacy Risks in Mobile Dating Apps https://arxiv.org/abs/1505.02906
Technical report by mnemonic with the Norwegian consummer assoc showing data trading and GDPR compliance coded: https://fil.forbrukerradet.no/wp-content/uploads/2020/01/mnemonic-security-test-report-v1.0.pdf
Tinder engineering blog: https://medium.com/tinder-engineering/
TinVec explanation by Tinder's lead engineer: https://youtu.be/j2rfLFYYdfM
Happn by exodus: https://reports.exodus-privacy.eu.org/en/reports/com.ftw_and_co.happn/latest/
OkCupid engineering website: Evaluating Perceptual Image Hashes at OkCupid https://tech.okcupid.com/evaluating-perceptual-image-hashes-okcupid/
How OkCupid organizes its multi-page React app https://tech.okcupid.com/how-okcupid-organizes-its-multi-page-react-app/
Lovoo engineering: dotGo 2016: Go machine learning at large scale https://lovoodotblog.wordpress.com/2016/11/01/dotgo-2016-go-machine-learning-at-large-scale/
Lovoo github: https://github.com/lovoo
bbuzz 17: Anti-Spam and Machine learning at LOVOO https://lovoodotblog.wordpress.com/2017/06/16/bbuzz-17-anti-spam-and-machine-learning-at-lovoo/
Digital methods project "Mapping data ecologies of the dating industry" https://docs.google.com/presentation/d/1n-p_efBmkK2v1KGCbHyHb_csmR6D7KN8SX3qron9Cn4/edit

Cooperative & Data Literacy Tools

  1. https://app.quicktype.io/
  2. https://digitalplatformobservatory.org/lapp-dpo/
  3. https://graasp.eu/
  4. https://bevigil.com app metadata, permissions, ...
  5. Cookieviz, une dataviz en temps réel du tracking de votre navigation créé par le CNIL https://linc.cnil.fr/fr/cookieviz-une-dataviz-en-temps-reel-du-tracking-de-votre-navigation
  6. Tools to sample how many apps are in the Google and Play stores: "Google Play Store Scraper" is a simple tool to extract the details of individual apps, collect their related apps, retrieve app permissions, and retrieve a list of apps for a given keyword.

"iTunes App Store Scraper": https://wiki.digitalmethods.net/Dmi/ToolDatabase

  1. Doc example of how to read data exports https://slack.com/intl/en-ch/help/articles/220556107-How-to-read-Slack-data-exports
  2. The observatory of anonymity https://cpg.doc.ic.ac.uk/observatory/analyze-your-data
  3. RDM kit: online guide and tools containing good data management practices applicable to research projects https://rdmkit.elixir-europe.org/all_tools_and_resources.html
  4. Lookup popular software licenses summarized at-a-glance https://tldrlegal.com/
  5. http://corrupt.marketing/publishers/grindr.com
  6. https://app.quicktype.io/
  7. Outil PIA- CNIL https://www.cnil.fr/fr/outil-pia-telechargez-et-installez-le-logiciel-de-la-cnil
  8. GDPR Data Portability https://cellar-c2.services.clever-cloud.com/alias-code-is-law-assets/static/report/gdpr_data_portability_the_forgotten_right_report_full.pdf
  9. APIs and tools to help Developers and DPOs to manage GDPR compliance at scale https://www.alias.dev/
  10. heroku https://www.heroku.com/
  11. open humans
  12. art tools: https://www.brainstore.com/en/tools-summary
  13. pithus: https://beta.pithus.org/report/226d01d9645270283cfbd056e8021032d06ae29b4212afc81fa5552a133222da
  14. NYT viz: https://www.nytimes.com/interactive/2020/04/28/world/asia/coronavirus-singapore-migrants.html?smid=tw-nytimes&smtyp=cur
  15. https://fr.openfoodfacts.org
  16. https://correctiv.org/crowdnewsroom-pro/
  17. exodus privacy
  18. algorithmwatch -https://algorithmwatch.org/de/dataskop/
  19. madada
  20. https://ucldigitalpress.co.uk/Book/Article/76/100/5736/

List of apps for which we have obtained our data after a SAR

App Female user Male user Country file format
Adopteunmec 1 0 CH json
Badoo 1 0 CH json.zip
Bumble 1 0 CH html.zip
happn 1 0 CH csv.zip, json, audio, photos (jpeg), gz
HER 1 0 CH different csv.zip, jpeg,
Once 1 0 CH html, jpeg,
Parship 1 0 CH pdf.zip, csv.zip, text, photos,
PlanetRomeo 0 1 CH pdf.zip, json, yaml, jpeg,
Scruff 0 1 CH zip, ds_file, xml, csv, .md, image,
Grindr 0 1 CH zip, image,
Tinder 1 1 CH json,.zip, html, jpeg,

Catalog describing data formats: https://github.com/hestiaAI/data-catalog