Mozilla’s Valentine’s Day edition of
*Privacy Not Included found that dating apps collect a lot more data than you think — and that internet-connected sex toys are a privacy and security gamble

Technology has become the primary matchmaker in millions of lives — especially now, when the pandemic has brought offline dating to a standstill.

But giving technology access and agency over the most intimate parts of our lives can have steep downsides, from privacy and security breaches to discriminatory algorithms.

So today, Mozilla is launching its Valentine’s Day edition of *Privacy Not Included. We built a comprehensive guide to the most popular dating apps and sex toys, with a special focus on how they handle privacy, security, and AI.

We’re empowering romantics to choose products that respect privacy and security. And we’re calling out dating app makers and sex toy manufactureres when they fall short.

The 2021 Valentine’s Day edition of *Privacy Not Included features 50 products. We analyzed 24 dating apps, from the most popular ones like Tinder and Bumble, to community-focused ones like Grindr and JDate. And we analyzed 26 sex toys, from connected vibrators to smart sex dolls.

Mozilla researchers examined app and product features, read through privacy policies, and questioned companies about their security practices and use of AI. As a result, we answer dozens of crucial questions for consumers, like: Can this app or product snoop on me? What data is being collected and who is it shared with? What is the company’s track record for protecting users’ data? And, What could happen if something goes wrong?

Says Jen Caltrider, Mozilla’s *Privacy Not Included Lead:

“Love isn't dead in the time of coronavirus. It has moved online, just like so many other aspects of our daily life. Thanks to dating apps and connected sex toys, we're still finding love and sex while social distancing.”

“But making all that love and sex happen online comes with some risks. Dating apps know a whole lot about us, and so do the companies that collect and share that data. Connected sex toys are fun with consent, just like sex IRL. Connected sex toys aren't fun if someone hijacks your device and takes control of your sex toy without your consent though — and that happens."

"Love and sex online come with risks."

Jen Caltrider, Mozilla

This edition of *Privacy Not Included entails several returning features, like warning labels if a product has especially problematic practices. Our “Best Of” category celebrates products that get privacy, security, and AI right. The Creep-O-Meter allows shoppers to rate the creepiness of a product using emoji. And the Minimum Security Standards determine whether products meet safety baselines, like using encryption and patching vulnerabilities.

*Privacy Not Included highlights and trends include:

21 dating apps and 13 sex toys received the dreaded *Privacy Not Included warning label, including:

  • Grindr, the largest dating app for gay, bisexual, queer, and trans men, is a privacy and security nightmare. In the past, Grindr shared users’ HIV status with third parties. And in the present, Grindr continues to share other user data, like location, with third parties. Plenty of Fish is also creepy, mandating information like users’ vehicle ownership and their parents' marital status.
  • Qiui Cellmate, a connected chastity belt for men, has a history of being hacked, forcing users to pay a ransom to regain access to their privates. Further, it’s unclear if the device uses encryption. The Cellmate also accepts weak passwords like “123456,” and the company has an incredibly unclear privacy policy.

Only a handful of dating apps and sex toys received high marks, including:

  • In a world of data-hungry dating apps, Lex stands out. Built for the lesbian, queer, trans, and non-binary community, this dating app collects minimal data, and doesn’t share it for marketing purposes. Further, their privacy policy is crystal clear. eHarmony is another app that respects users’ privacy and security
  • The vibrators, male masturbator, and butt plug created by Lovense take privacy and security seriously. The devices don’t sell user data, encrypt everything, and feature straightforward privacy policies. Ditto for the vibrators by Vibease.

Privacy is *really* rare on dating apps. Despite the intimate nature of dating apps and the potential for abuse, publicity and not privacy is the status quo. 21 of the 24 dating apps we reviewed received the *Privacy Not Included warning label. Many dating apps push users to sign in with social media like Facebook, granting them access to more personal data than users might think. Further, data breaches and flaws seem to be almost routine — Tinder, Bumble, OKCupid, Facebook Dating, and others have all had recent incidents.

Dating app algorithms are a black box. It’s common knowledge that algorithms discriminate — from search engines reinforcing racist stereotypes, to facial recognition tech misidentifying dark-skinned faces. There’s also research suggesting that the matching algorithm that many dating apps use, called collaborative filtering, discriminates against racial, ethnic and sexual orientation minorities. However, there’s no way for users or researchers to learn more. Companies offer little or no transparency into their influential matching algorithms.

Connected sex toy are still a gamble. When Mozilla published its first Valentine’s Day edition of *Privacy Not Included in 2019, we learned that connected sex toys are often insecure. Not too much has changed since then. About half of sex toys still have the “*Privacy Not Included” warning label. We found a vibrator that doesn’t provide automatic security updates, a sex doll with a confusing privacy policy, a sex saddle that may not use encryption, and more. But there is some good news: The bigger sex toy companies, like WeVibe, have improved their privacy and security after missteps.



*Privacy Not Included