Warning: *Privacy Not Included with this product
BLK
Shortly after its launch, BLK (pronounced B-L-K) became the fastest growing dating and lifestyle app owned by Match Group, who owns the most dating services in the world. Its mission is to celebrate Black love in all its forms -- which means it’s not just for finding romance, but friends and community too. The interface will be familiar to anyone who’s dabbled in dating apps. First, you set up a profile and choose who and what you're looking for. Then, you can scroll through your personalized matches’ profiles. Swipe right if you're feeling it and left if you're not interested. When the feeling is mutual you can start chatting. On BLK, you can also jazz up your profile with some self-expression stickers to put some parts of your identity front and center. Things like “Poly,” “Caribbean Descent,” “Black Biz Owner,” and more. They’re searchable too! Premium features include live-streaming video chats and the chance to “rewind” in case you change your mind or swiped left by mistake. All that sounds nice, what's not so nice is that BLK isn't exactly great at privacy.
What could happen if something goes wrong?
BLK’s privacy and security made us S-A-D. First off, BLK is owned by the global dating app giant Match Group, you know, the company that also owns Tinder, OkCupid, Hinge, and dozens more dating apps. That matters because Match Group does not have the best track record of protecting user data. Next, their policies, they are pretty awful! BLK say they can make money off the "sale" of some of your very personal information -- things like your email, internet activity, age and gender. Yuck!
First, a trip down recent memory lane with Match Group. In 2022, the United States Federal Trade Commission filed a petition against Match Group Inc. to force them to hand over documents about a possible data-sharing deal between one of their apps and an AI company, where images of users’ faces were reportedly used to train facial recognition software. Match Group-owned Tinder was also hit with lawsuits about their photo verification feature in 2022 and 2023. One says that the app didn't get proper consent from users to process their biometric information and the other claims the feature “verified” a fake account created with the plaintiff's stolen photos. Yikes. In 2023, research by Cybernews found that a simple hack would make it possible to “track [Match Group-owned] OkCupid users and find their exact location.” Whoa. So yeah, BLK's parent company Match Group has not been known for their security or transparency. And Match Group's shaky track record makes us a little nervous about their eagerness to double down on the privacy minefield of AI integration. That's something we'll be keeping a close eye on.
Now, onto BLK's policies. Like most dating apps, they sure can collect a lot of information about you. There’s information you give about yourself when you set up your account like your contact information, gender, and who you’d like to meet. There's also your profile information, the photos you upload, your sexual orientation, interests, and more. Some of that data is sensitive, so you should know that their privacy policy says that just sharing it counts as consenting to Match Group's processing of it. "Where you provide such elements to us, you consent to us using it for the purposes identified and as laid out in this Privacy Policy." Then there’s the information that’s collected automatically when you use the app. Your IP address, device information, your activity, when you're online, and who you interact with. Oh and your geolocation! Even while you're not using BLK. Did we mention your chats? You should know that other humans, besides your conversation partner, might be able to read those -- in the interest of keeping users from engaging in harmful or illegal behavior. Your conversations also help train BLK's message-filtering tools.
Besides information you give and your app usage, BLK can collect even more information about you from “partners” and affiliates like those many other sites owned by Match Group. And they can create inferences about your “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” based on what else they know about you. It’s a whole lot!
As for what BLK has in store for all that information... Well, they can use it for reasons that probably won't help you foster community -- like showing you ads. They also share it around quite a bit. Like with those other Match Group companies. BLK’s privacy policy says they can share “non-personal information” and “de-identified” information for targeted ads on Match Group’s services and on third party apps and websites too. And we should point out that researchers say it can be easy to re-identify that data. But, our worries don't stop there. BLK goes a step further than most Match Group apps -- in a bad way. They can "sell" your personal information to social networks, ad networks, and others. Gross.
Here is one good thing. BLK says they may share your personal information with law enforcement, when it’s required by law or to “assist in the prevention or detection of crime (subject in each case to applicable law).” That’s pretty standard, and Match Group does have some pretty clear guidelines around how they share user data with law enforcement, which we like to see. Just beware, all those dating app chats could end up in law enforcement's hands if they have a court order.
It'd be understandable if, after reading this review, you want to ask BLK to delete all your personal information. Unfortunately, that's not something they guarantee they will do for all users regardless of where they live. What could go wrong with BLK? Well, BLK says they can share or "sell" (under the California CCPA definition of sell) things like your email, internet usage, and even more personal information like your age and gender. They do say they can collect characteristics such as "race, color, national origin, ethnicity, religion, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, disability, citizenship status" and potentially share that with their "marketing partners" for purposes such as "marketing and advertising services." However, they go on to say in another section of that same privacy policy, "We do not use sensitive personal information we collect for purposes other than providing and improving our services to you and protecting our services and our community, and we do not use sensitive personal information to infer characteristics about you." So, it's a little confusing to us what of your personal information they use to make money and what they don't. Regardless, they do say they are using lots of your personal information to make money. Again, Yuck!
That means BLK isn't exactly free to use at all -- you pay with your privacy. We also wonder if that cost is worth it -- especially since love on Match Group-owned apps might be a losing game. A lawsuit filed February 2024 in the United States against claims Match Group’s apps are designed to "coerce subscriptions and retain users forever" by dangling the possibility of establishing an "off-app relationship while implementing features to keep users on the app." Yeesh. That's always a danger when a happy ending is bad for business.
Tips to protect yourself
- Check out BLK's Dating safety tips
- Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertising.
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: Yes
Tracks location
Device: N/A
App: Yes
What can be used to sign up?
Yes
Phone
Yes
Third-party account
No
What data does the company collect?
Personal
Phone number, email address, gender, date of birth, and who you’d like to connect with; sexual orientation, religion with us. details on your personality, lifestyle, interests and other details about you, as well as content such as photos, videos and your bio; debit or credit card number or other financial information; chats with other users as well as the content you publish; data about your activity on services, such as, when you logged in, features you've been using, actions taken, information shown to you, referring webpages address and ads that you interacted with, and your interactions with other users, for example, users you connect and interact with, and when you matched and exchanged messages with them; device information, such as IP address, device ID and type, apps settings and characteristics, app crashes, advertising IDs, and identifiers associated with cookies or other technologies that may uniquely identify a device or browser; Precise geolocation data (with consent).
Body related
Selfie Verification data, photos and videos (with consent).
Social
Chats with other users as well as the content you publish
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In November 2022, the parent company Match Group Inc. was accused in a lawsuit from Tinder users of breaching a state privacy law in Illinois by collecting data on people’s faces from dating app selfies.
The FTC filed a petition on May 26, 2022 to force Match, owned by the parent company Match Group Inc., to comply with a civil investigative demand for documents related to an alleged 2014 data-sharing deal between Match subsidiary OkCupid and Clarifai Inc, an artificial intelligence company.
In September 2023, a New Jersey woman filed a class action suit against Tinder, owned by the parent company Match Group Inc., claiming that the app's photo verification feature failed by verifying an account that was created using stolen images of her.
In December 2023, the research by Cybernews into OkCupid, owned by the parent company Match Group Inc., uncovered that a hacker could uncover a distance from them to the victim (any user of the app) in a 10 to 20-meter radius. "With a few simple steps, we can easily track anyone on OkCupid in a given city – from home, to work, to social gatherings, to wherever. This is a terrible blow to users’ privacy."
In February 2024, BLK parent company Match Group was accused in a lawsuit of making their apps addictive and putting profit over their customers' relationship goals.
In March, 2024, Match Group owned Tinder, following a lengthy dialogue with the European Commission, committed to " inform consumers that discounts they propose for premium services are personalised by automated means." "The network of national consumer authorities found that Tinder applied such personalised prices without informing consumers, which is in violation of EU consumer law. In addition, until April 2022, Tinder used to offer lower prices for their premium services based on age without informing the users. Tinder stopped this practice before the investigation started."
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
The parent company Match Group shared with us that "All data stores containing personal data must be encrypted at rest and in transit. Data at rest uses the latest key technologies to cover hybrid data infrastructure, including keys that are created and managed utilizing the latest KMS key policies. Data in transit must utilize predefined SSL policies of TLS-1-1-2017-01 or similar ciphers. MG Security Engineering has an encryption standard that documents the process and procedures and is shared across our brands."
Strong password
Security updates
Manages vulnerabilities
"BLK welcomes input from the security research community to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to responsibly disclose any potential vulnerabilities uncovered to [email protected]. Reports received through this channel will receive a prompt reply, and if you do not receive such a response, we ask that you please attempt to contact us again. To protect our users, we also request that you please refrain from sharing information about any potential vulnerabilities with anyone outside of BLK, until we have confirmed with you that any such vulnerability has been properly mitigated.
BLK’s bug bounty program is private and inclusion is by invite only. Researchers who follow generally accepted responsible disclosure practices and submit quality reports to our Security team will be evaluated for inclusion at our discretion. We explicitly prohibit testing Denial of Service (DoS) or use of automated scanning tools against any of our applications or infrastructure."
Privacy policy
Dive Deeper
-
BLK Is More Than Just a Dating App, It's Reimagining Black BrotherhoodThe Root
-
Popular dating app leak puts millions of women at riskCybernews
-
Match Group leans into AI with new teamMashable
-
Pssst! Match.com does not want you to know about this FTC caseReuters
-
Match Group releases its guiding principles for integrating AI into its dating appsFast Company
-
How Match.com is using AI to make its user experience 'more human'IAB
Comments
Got a comment? Let us hear it.