BLK

Warning: *Privacy Not Included with this product

BLK

Match Group
Wi-Fi

Review date: March 15, 2024

|
|

Mozilla says

|
People voted: Very creepy

Shortly after its launch, BLK (pronounced B-L-K) became the fastest growing dating and lifestyle app owned by Match Group, who owns the most dating services in the world. Its mission is to celebrate Black love in all its forms -- which means it’s not just for finding romance, but friends and community too. The interface will be familiar to anyone who’s dabbled in dating apps. First, you set up a profile and choose who and what you're looking for. Then, you can scroll through your personalized matches’ profiles. Swipe right if you're feeling it and left if you're not interested. When the feeling is mutual you can start chatting. On BLK, you can also jazz up your profile with some self-expression stickers to put some parts of your identity front and center. Things like “Poly,” “Caribbean Descent,” “Black Biz Owner,” and more. They’re searchable too! Premium features include live-streaming video chats and the chance to “rewind” in case you change your mind or swiped left by mistake. All that sounds nice, what's not so nice is that BLK isn't exactly great at privacy.

What could happen if something goes wrong?

BLK’s privacy and security made us S-A-D. First off, BLK is owned by the global dating app giant Match Group, you know, the company that also owns Tinder, OkCupid, Hinge, and dozens more dating apps. That matters because Match Group does not have the best track record of protecting user data. Next, their policies, they are pretty awful! BLK say they can make money off the "sale" of some of your very personal information -- things like your email, internet activity, age and gender. Yuck!

First, a trip down recent memory lane with Match Group. In 2022, the United States Federal Trade Commission filed a petition against Match Group Inc. to force them to hand over documents about a possible data-sharing deal between one of their apps and an AI company, where images of users’ faces were reportedly used to train facial recognition software. Match Group-owned Tinder was also hit with lawsuits about their photo verification feature in 2022 and 2023. One says that the app didn't get proper consent from users to process their biometric information and the other claims the feature “verified” a fake account created with the plaintiff's stolen photos. Yikes. In 2023, research by Cybernews found that a simple hack would make it possible to “track [Match Group-owned] OkCupid users and find their exact location.” Whoa. So yeah, BLK's parent company Match Group has not been known for their security or transparency. And Match Group's shaky track record makes us a little nervous about their eagerness to double down on the privacy minefield of AI integration. That's something we'll be keeping a close eye on.

Now, onto BLK's policies. Like most dating apps, they sure can collect a lot of information about you. There’s information you give about yourself when you set up your account like your contact information, gender, and who you’d like to meet. There's also your profile information, the photos you upload, your sexual orientation, interests, and more. Some of that data is sensitive, so you should know that their privacy policy says that just sharing it counts as consenting to Match Group's processing of it. "Where you provide such elements to us, you consent to us using it for the purposes identified and as laid out in this Privacy Policy." Then there’s the information that’s collected automatically when you use the app. Your IP address, device information, your activity, when you're online, and who you interact with. Oh and your geolocation! Even while you're not using BLK. Did we mention your chats? You should know that other humans, besides your conversation partner, might be able to read those -- in the interest of keeping users from engaging in harmful or illegal behavior. Your conversations also help train BLK's message-filtering tools.

Besides information you give and your app usage, BLK can collect even more information about you from “partners” and affiliates like those many other sites owned by Match Group. And they can create inferences about your “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” based on what else they know about you. It’s a whole lot!

As for what BLK has in store for all that information... Well, they can use it for reasons that probably won't help you foster community -- like showing you ads. They also share it around quite a bit. Like with those other Match Group companies. BLK’s privacy policy says they can share “non-personal information” and “de-identified” information for targeted ads on Match Group’s services and on third party apps and websites too. And we should point out that researchers say it can be easy to re-identify that data. But, our worries don't stop there. BLK goes a step further than most Match Group apps -- in a bad way. They can "sell" your personal information to social networks, ad networks, and others. Gross.

Here is one good thing. BLK says they may share your personal information with law enforcement, when it’s required by law or to “assist in the prevention or detection of crime (subject in each case to applicable law).” That’s pretty standard, and Match Group does have some pretty clear guidelines around how they share user data with law enforcement, which we like to see. Just beware, all those dating app chats could end up in law enforcement's hands if they have a court order.

It'd be understandable if, after reading this review, you want to ask BLK to delete all your personal information. Unfortunately, that's not something they guarantee they will do for all users regardless of where they live. What could go wrong with BLK? Well, BLK says they can share or "sell" (under the California CCPA definition of sell) things like your email, internet usage, and even more personal information like your age and gender. They do say they can collect characteristics such as "race, color, national origin, ethnicity, religion, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, disability, citizenship status" and potentially share that with their "marketing partners" for purposes such as "marketing and advertising services." However, they go on to say in another section of that same privacy policy, "We do not use sensitive personal information we collect for purposes other than providing and improving our services to you and protecting our services and our community, and we do not use sensitive personal information to infer characteristics about you." So, it's a little confusing to us what of your personal information they use to make money and what they don't. Regardless, they do say they are using lots of your personal information to make money. Again, Yuck!

That means BLK isn't exactly free to use at all -- you pay with your privacy. We also wonder if that cost is worth it -- especially since love on Match Group-owned apps might be a losing game. A lawsuit filed February 2024 in the United States against claims Match Group’s apps are designed to "coerce subscriptions and retain users forever" by dangling the possibility of establishing an "off-app relationship while implementing features to keep users on the app." Yeesh. That's always a danger when a happy ending is bad for business.

Tips to protect yourself

- Check out BLK's Dating safety tips
- Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertising.
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.

  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product as it 'sells' personal data as this term is defined in California; it can use personal information to provide offers and operate advertising and marketing campaigns; and it may receive information about you from its partners where its ads are published on a partner’s service.

Privacy Policy

"When you complete your profile, you have the option to share your sexual orientation and religion with us. Where you provide such elements to us, you consent to us using it for the purposes identified and as laid out in this Privacy Policy. You can also share with us additional information, such as details on your personality, lifestyle, interests and other details about you, as well as content such as photos, videos and your bio. To add certain content, like pictures or videos, you may allow us to access your camera or photo album."

"In addition to the information you may provide us directly, we receive information about you from others, including:
Users
Users may provide information about you as they use our services, for instance as they interact with you or if they submit a report involving you.
Social Media
You may decide to share information with us through your social media account, for instance if you decide to create and log into your your account via your social media or other account (e.g., Facebook, Google or Apple) or to upload onto our services information such as photos from one of your social media accounts (e.g., Facebook or Instagram).
Other Partners
We may receive information about you from our partners, including when accounts can be created through a partner’s service (in which case they pass along registration information to us) or where our ads are published on a partner’s service (in which case they may pass along details on a campaign’s success). Where legally allowed, we can also receive information about suspected or convicted bad actors from third parties as part of our efforts to ensure our users’ safety and security."

"We may publish ads about third-party advertisers’ products and services on our service and publish ads promoting our own service on third-party sites and apps. To help improve the relevance of these ads, we provide certain info about you (such as device information and identifiers like your IP address and advertising identifiers, usage information like links clicked and conversion information, and demographic information like your age, gender and interests) to third parties, including advertising partners, or allow them to collect such information from our services (such as via cookies, SDKs, or similar technologies). Some of our advertising partners enable us to transform your email address, advertising identifiers or phone number into an identifier that can’t be used to identify you personally and then use that unique identifier to either exclude you from our marketing campaigns, or to target our ads at an audience that is similar to you in terms of background, interests or app usage. If you live in the United States, some of the activities described in this section may constitute “targeted advertising,” “sharing,” or “selling” under applicable laws, <...>"

"We may share information about you with our affiliates and they may share information about you with us, for the reasons laid out below:
<...>
To assist each other in data processing operations, as processors. This assistance may include technical processing operations, such as data hosting and maintenance, customer care, marketing and advertising, analytics, finance and accounting, payment processing, service improvement, data security and fighting against spam, abuse, fraud, infringement and other wrongdoings. "

CCPA Privacy Policy Addendum

"We may publish ads about third-party advertisers’ products and services on our service and publish ads promoting our own service on third-party sites and apps. To help improve the relevance of these ads, we may allow third parties to collect information about you through cookies and similar technologies or disclose information to them. While we do not sell your information for money, under California law, these activities may constitute “sharing” or “sales” of personal information."

BLK is 'selling' the following categories of personal data
"Identifiers like your IP address, cookie ID, or email address
Internet or electronic network activity information, like links you click
Basic demographic data, like age and gender (may be characteristics of protected classifications under California or federal law)"
to the following receipients:
"Advertising networks
Data analytics providers
Social networks"

In the last 12 months, BLK may have shared the following information for purposes including "providing advertising or marketing services", "providing analytics services", " or providing similar services":
"Identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, and other similar identifiers"
"Signature, physical characteristics or description, state identification card number, education, bank account number, credit card number, debit card number, other financial information, and medical information"
"Characteristics of protected classifications under California or federal law, such as race, color, national origin, ethnicity, religion, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, disability, citizenship status, and military and veteran status"
"Commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies"
"Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements"
"Geolocation data, including precise geolocation information"
"Audio, electronic, visual, and similar information"
"Professional or employment-related information"
"Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes."

How can you control your data?

We ding this product as it is unclear if all users regardless of location can get their data deleted, and if all users regardless of location can opt out of sale of data selling.

Privacy policy

"If you live in the United States, some of the activities described in this section may constitute “targeted advertising,” “sharing,” or “selling” under applicable laws, and we give you the choice to opt-out <...>. In other countries, we may ask you to opt into these activities."

"We also want you to be aware of your privacy rights. Here are a few key points to remember:
Access/know. You may have the right to request a copy of the information we keep about you, and in certain circumstances to receive this in a portable format. To do so, please contact us here.
Delete/erase. You may request that we delete the personal information we keep about you. You can exercise your right to delete by submitting a request here."

"We keep your personal information only as long as we need it for legitimate business purposes <...> and as permitted by applicable law. If you decide to stop using our services, you can close your account and your profile will stop being visible to other users. Note that we will close your account automatically if you are inactive for a period of two years. After your account is closed, we will delete your personal information, as laid out below:
To protect the safety and security of our users, we implement a safety retention window of three months following account closure. <...>"

What is the company’s known track record of protecting users’ data?

Bad

In November 2022, the parent company Match Group Inc. was accused in a lawsuit from Tinder users of breaching a state privacy law in Illinois by collecting data on people’s faces from dating app selfies.

The FTC filed a petition on May 26, 2022 to force Match, owned by the parent company Match Group Inc., to comply with a civil investigative demand for documents related to an alleged 2014 data-sharing deal between Match subsidiary OkCupid and Clarifai Inc, an artificial intelligence company.

In September 2023, a New Jersey woman filed a class action suit against Tinder, owned by the parent company Match Group Inc., claiming that the app's photo verification feature failed by verifying an account that was created using stolen images of her.

In December 2023, the research by Cybernews into OkCupid, owned by the parent company Match Group Inc., uncovered that a hacker could uncover a distance from them to the victim (any user of the app) in a 10 to 20-meter radius. "With a few simple steps, we can easily track anyone on OkCupid in a given city – from home, to work, to social gatherings, to wherever. This is a terrible blow to users’ privacy."

In February 2024, BLK parent company Match Group was accused in a lawsuit of making their apps addictive and putting profit over their customers' relationship goals.

In March, 2024, Match Group owned Tinder, following a lengthy dialogue with the European Commission, committed to " inform consumers that discounts they propose for premium services are personalised by automated means." "The network of national consumer authorities found that Tinder applied such personalised prices without informing consumers, which is in violation of EU consumer law. In addition, until April 2022, Tinder used to offer lower prices for their premium services based on age without informing the users. Tinder stopped this practice before the investigation started."

Child Privacy Information

"We do not knowingly “share” or “sell” information about individuals under 16, and you must be at least 18 years old to use our services."

Can this product be used offline?

No

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

The parent company Match Group shared with us that "All data stores containing personal data must be encrypted at rest and in transit. Data at rest uses the latest key technologies to cover hybrid data infrastructure, including keys that are created and managed utilizing the latest KMS key policies. Data in transit must utilize predefined SSL policies of TLS-1-1-2017-01 or similar ciphers. MG Security Engineering has an encryption standard that documents the process and procedures and is shared across our brands."

Strong password

Yes

Security updates

Can’t Determine

Manages vulnerabilities

Yes

"BLK welcomes input from the security research community to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to responsibly disclose any potential vulnerabilities uncovered to [email protected]. Reports received through this channel will receive a prompt reply, and if you do not receive such a response, we ask that you please attempt to contact us again. To protect our users, we also request that you please refrain from sharing information about any potential vulnerabilities with anyone outside of BLK, until we have confirmed with you that any such vulnerability has been properly mitigated.

BLK’s bug bounty program is private and inclusion is by invite only. Researchers who follow generally accepted responsible disclosure practices and submit quality reports to our Security team will be evaluated for inclusion at our discretion. We explicitly prohibit testing Denial of Service (DoS) or use of automated scanning tools against any of our applications or infrastructure."

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • BLK Is More Than Just a Dating App, It's Reimagining Black Brotherhood
    The Root Link opens in a new tab
  • Popular dating app leak puts millions of women at risk
    Cybernews Link opens in a new tab
  • Match Group leans into AI with new team
    Mashable Link opens in a new tab
  • Pssst! Match.com does not want you to know about this FTC case
    Reuters Link opens in a new tab
  • Match Group releases its guiding principles for integrating AI into its dating apps
    Fast Company Link opens in a new tab
  • How Match.com is using AI to make its user experience 'more human'
    IAB Link opens in a new tab

Comments

Got a comment? Let us hear it.