Warnung: *Datenschutz ist in diesem Produkt nicht inbegriffen
Coffee Meets Bagel
For online dating done a little differently, there's Coffee Meets Bagel, a dating service founded by three sisters and launched in 2012. The idea behind Coffee Meets Bagel is you don't swipe around looking for matches. Instead, the app uses your "must-haves" to send you matches curated to your tastes everyday at noon. It gets a little complicated as men get 21 curated matches (or bagels as they awkwardly call them) and have 24 hours to pass or like. Women get 6 matches of people who have liked them. Or something like that, it's a bit confusing. If putting your profile up for everyone on a dating app to see makes you nervous, Coffee Meets Bagel could be good for you because users can't search your profile out. Only users who have matched with you will be sent your profile to view. And hey, if you buy "beans" to spend on "likes" you might find a partner faster, saving you the trouble of having to learn about confusing dating app rules and currencies again. So, how is Coffee Meets Bagel at privacy? Well, we could say their privacy is a bit like a cup of bad coffee -- weak and puzzling.
Was könnte passieren, wenn etwas schiefgeht?
Back in 2019, CoffeeMeetsBagel was forced to send out an email on Valentine’s Day admitting the personal information of six million of their users was hacked, stolen, and put up for sale on the dark web. Not a great way to show their users love, but at least they notified their users pretty quickly of this data breach. And they did take measures to tighten their security after that. It might not have been enough though because in August of 2023, CMB had more bad news for their users: that an app outage was the result of a cyberattack. The company's systems were breached and some data was deleted. Today, we aren't able to confirm whether CoffeeMeetsBagel meets our Minimum Security Standards. All in all, we have some concerns about their security. Which isn't good.
Because they also have some work to do on their privacy policies. Coffee Meets Bagel says in their privacy policy they can use your personal information for research and share it with third-parties for things like targeted advertising. That's a shame because CMB, like most dating apps, can collect a lot of personal information about you. You have to provide your email address, zip code, birthday, gender, and gender preference, and potentially your biometric data for account verification. You'll also be asked to upload photos of yourself. If you do, the data collected will "include location metadata and inferred characterizations or data" in those image files. CMB then goes on to add that they can draw inferences about your for all the personal information they collect to create a profile on you as a consumer and then share those inferences with third parties for advertising purposes. Yuck!
Here's another potential yuck. CMB also says that if you use the video chat feature, you'll need to give access to your microphone and camera. That makes sense. But then they add that they "may collect the content and information you make available using our video chat feature" which makes us think the contents of those video chats are not totally private. Aside from the information you have to give about yourself and how you interact with other bagels (or is it coffees?) you might include more information when creating your profile: Your occupation, ethnicity, religion, political views, information relating to your sex life, and more. Providing that information, CoffeeMeetsBagel's privacy policy says counts as "explicitly consent[ing]" that it be used for matching purposes. Alrighty.
On top of all that, CMB can collect some data from Facebook, if you choose to connect your account. And from the way the privacy policy is worded, it seems like that might be required sometimes. Things like "your name, email address, birthday, work history, education history, current city, pictures stored on Facebook, and the names, profile pictures, relationship status, and information about your Facebook friends". When you connect dating apps to social media, that can open the door for both apps to exchange information about you. That's why we don't recommend doing that. CMB can collect data from other third parties too.
That's a lot of personal information for a company with a not-so-great security track record to have about you. Worse, we couldn't confirm whether the app meets our Minimum Security Standards because we couldn't determine whether or not they use encryption and whether they have a way to manage security vulnerabilities. We did email them to ask, we promise. But, alas, we never heard back from them. All this makes it extra worrisome to us that CMB's privacy policy doesn't seem to guarantee all uses the same rights to have their data deleted.
What could go wrong with CoffeeMeetsBagel? Well it would be very disappointing but not that surprising if they had another data breach that exposed their users' private information. Imagine the whole wide internet knowing how you ~like your bagels~ so to speak.
Tipps zu Ihrem Schutz
- Follow CoffeeMeetsBagel's Safety Tips.
- Visit the app's privacy preferences at the app and opt out from personalized advertsing as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertisement.
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.
Kann es mich ausspionieren?
Kamera
Gerät: Nicht verfügbar
App: Ja
Mikrofon
Gerät: Nicht verfügbar
App: Ja
Verfolgt den Standort
Gerät: Nicht verfügbar
App: Ja
Was kann zur Registrierung verwendet werden?
E-Mail-Adresse
Nein
Telefonnummer
Ja
Drittanbieter-Konto
Ja
Facebook sign-up avalaible (on Android only)
Welche Daten sammelt das Unternehmen?
Persönliche
Email, phone number; Username and password, email address, zip code, birthday, gender, and gender preference; Mobile Device ID (e.g., IMEI, AD ID); Geolocation (GPS); Device Information/Specifications. Technical information about your device: type of device, web browser, operating system, IP address; Usage Information; Cookies; Web Beacons; Race, ethnicity, religion, philosophical or political views, sex life or sexual orientation, school, occupation, current city.
Körperbezogen
Photos, videos
Soziale
Messages; Facebook account information, including information about you and your Facebook friends who might be common Facebook friends with other Coffee Meets Bagel users.
Wie nutzt das Unternehmen die Daten?
Wie können Sie Ihre Daten kontrollieren?
Wie ist das Unternehmen in der Vergangenheit mit den Daten über seine Verbraucher umgegangen?
In August 2023, CoffeeMeetsBagel's systems were breached by cybercriminals, who deleted company data.
In February, 2019, CoffeeMeetsBagel disclosed a data breach that leaked the personal iniformation, including name and email address, for 6 million of their uesrs. Accordoing to CoffeeMeetsBagel, the data breach happened in February 11, 2019 and they notified their users on February 14, 2019.
Informationen zum Datenschutz bei Kindern
Kann dieses Produkt offline genutzt werden?
Benutzerfreundliche Informationen zum Datenschutz?
Links zu Datenschutzinformationen
Erfüllt dieses Produkt unsere Mindestsicherheitsstandards?
Verschlüsselung
We cannot confirm encryption at rest and in transit for this app.
Sicheres Passwort
Sicherheits-Updates
Umgang mit Schwachstellen
Datenschutzrichtlinie
The app uses a deep neural network to curate matches for users.
Ist diese KI nicht vertrauenswürdig?
Welche Entscheidungen trifft die KI über Sie oder für Sie?
Gibt das Unternehmen transparent an, wie die KI funktioniert?
Hat der Benutzer die Kontrolle über die KI-Funktionen?
Tauchen Sie tiefer ein
-
How Coffee Meets Bagel leverages data and AI for loveCIO Dive
-
Coffee Meets Bagel says recent outage caused by destructive cyberattackBleeping Computer
-
Dating App Coffee Meets Bagel Sends Valentine’s Day Alert About Data BreachFortune
Kommentare
Möchten Sie einen Kommentar loswerden? Schreiben Sie uns.