Warning: *Privacy Not Included with this product
OkCupid
OkCupid, the only dating app that matches you on what matters to you -- or so they say -- turns 20 years old (yes, you're old too). To sign up, you fill out a personality test and give your personal information. Based on that personality quiz, OkCupid's algorithm shows you a measurement of compatibility with potential matches. It's basically a percentage score that represents how likely OkCupid's algorithm thinks you are to click with someone. With no real transparency into their algorithm, who knows how accurate their compatibility measurement is. Good news though, you can increase the odds by paying extra for premium features or to "SuperBoost" your profile and have it shown to more users for three, six, or twelve hours. As their slogan says, "Dating deserves better." Guess what, we think your privacy on OkCupid deserves better too.
What could happen if something goes wrong?
OkCupid’s privacy and security is… not OK. In 2020, the app came under fire for possible GDPR violations for what a Norwegian consumer group called “out of control” data sharing with advertisers and third parties. The same year, researchers found security vulnerabilities in OkCupid that could let hackers steal users’ sensitive information or hijack their accounts. Then in 2022, the United States Federal Trade Commission filed a petition to learn more about a possible data-sharing deal with an AI company, Clarifai AI, where images from OkCupid were reportedly used to train facial recognition software. Ouff. And in 2023, research by Cybernews discovered that a simple hack would make it possible to “track OkCupid users and find their exact location.” Whoa. Match Group's shaky track record makes us a little nervous about their eagerness to double down on the privacy minefield of AI integration. That's something we'll be keeping a close eye on.
So OkCupid and their parent company Match Group have not been known for their security or transparency. You’d think a dating app that’s open about their love for data would be better at keeping it safe. Indeed, OkCupid’s mysterious matching algorithm involves crunching the numbers on your answers to 15 to 500 personality-quiz-style questions -- some of which are written by ChatGPT. That means they can publish some really interesting findings about the state of digital dating. Nice, cool. But it also means its users are volunteer research subjects who end up giving away a ton of super intimate information -- about sex, pizza toppings, politics, and whether they believe the sun is bigger than the earth -- to improve their chances of finding someone special. Answering more questions and frequently updating your profile will lead to more matches, OkCupid says. Other things they suggest to get more matches, aside from providing more data? On their guide to their working their algorithm, OKCupid seems to suggest connecting your Instagram to your OKCupid account will help you get more matches. That tip gets a thumbs down for us. You should know that when you connect your social media to dating apps, both platforms can potentially collect more information on you. That is NOT a match made in heaven.
Speaking of getting social, “[o]f course,” OkCupid’s privacy policy says, “we also process your chats with other users as well as the content you publish to operate and secure the services, and to keep our community safe.” And yeah, dating apps probably need to somehow monitor your in-app conversations to make sure no one is being a jerk. But just be aware that DMs on OkCupid and most dating apps aren't what we would call private since they could be reviewed by other humans.
As for the rest of OkCupid's policies, they're not great. That worries us because, on top of your answers to their questions, they sure can collect a lot of information about you. There’s information you give about yourself when you set up your account like your contact information, gender, and who you’d like to meet. Your profile information, the photos you upload, your sexual orientation, interests, and more. Some of that data's going to be sensitive, so you should know that "choos[ing] to provide" it counts as giving your consent for it to be processed by Match Group. K. Then there’s the information that’s collected automatically when you use the app. Your IP address, device information, your activity, when you're online, and who you interact with. Oh and your geolocation! Even while you're not using OkCupid. You can also choose to give OkCupid access to biometric information (information about your unique face shape) if you want to have verified status.
OkCupid can also collect more information about you from “partners” and affiliates like other sites owned by Match Group -- that includes Hinge, Match, Tinder, and dozens more. And they can create inferences about your “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” based on what else they know about you. And then they say they can use those inferences they make about your with all that personal information they get from data in your profile for things like "providing advertising or marketing services," and " the contextual customization of ads." Uhg.
Plus, OkCupid can use your information for reasons that won’t help you find someone you vibe with, like showing you ads. We're sure glad OkCupid at least says they won't sell your personal information. That’s cool! They do share it around though, like with those other Match Group-owned companies. OkCupid’s privacy policy also says they can share “non-personal information” and “de-identified” information for targeted ads on Match Group’s services and on third party apps and websites too. And we should point out that researchers say it can be easy to re-identify that information.
OkCupid might share your personal information with law enforcement, when it’s required by law or to “assist in the prevention or detection of crime (subject in each case to applicable law).” That’s pretty standard and Match Group does have some pretty clear guidelines around how they share user data with law enforcement, which we like to see.
A final deal-breaker is that not everyone gets the right to delete their personal data or even have access to it. Bummer. So what could go wrong with OkCupid? Well, given OKC's less-than-OK track record, we're stressed your answers to that super-personal survey aren't totally safe. It's nobody's business if you sing along at concerts. We also wonder if the risk you take in giving up your data to OkCupid is worth it -- especially since love on Match Group-owned apps might be a losing game. A lawsuit filed February 2024 in the United States against claims Match Group’s apps are designed to "coerce subscriptions and retain users forever" by dangling the possibility of establishing an "off-app relationship while implementing features to keep users on the app." Yeesh. That's always a danger when a happy ending is bad for business.
Tips to protect yourself
- Turn off Match Group data sharing in the app's Privacy Preferences
- Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertising.
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: No
Tracks location
Device: N/A
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
Name, phone number, email address, gender, date of birth, sexual orientation, ethnicity, religious beliefs, and political opinions; precise geolocation data (with consent); information from and about the device(s), including hardware and software information such as IP address, device ID and type, apps settings and characteristics, app crashes, advertising IDs (which are randomly generated numbers, identifiers associated with cookies or other technologies that may uniquely identify a device or browser; data about your activity on the services: when you logged in, features you've been using, actions taken, information shown to you, referring webpages address and ads that you interacted with) and your interactions with other users, for example, users you connect and interact with, and when you matched and exchanged messages with them; information from your social media account.
Body related
Photo Verification data (with consent); photos & videos.
Social
Information from your social media account.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In November 2022, the parent company Match Group Inc. was accused in a lawsuit from Tinder users of breaching a state privacy law in Illinois by collecting data on people’s faces from dating app selfies.
The FTC filed a petition on May 26, 2022 to force Match, owned by the parent company Match Group Inc., to comply with a civil investigative demand for documents related to an alleged 2014 data-sharing deal between Match subsidiary OkCupid and Clarifai Inc, an artificial intelligence company.
In September 2023, a New Jersey woman filed a class action suit against Tinder, owned by the parent company Match Group Inc., claiming that the app's photo verification feature failed by verifying an account that was created using stolen images of her.
In December 2023, the research by Cybernews into OkCupid, owned by the parent company Match Group Inc., uncovered that a hacker could uncover a distance from them to the victim (any user of the app) in a 10 to 20-meter radius. "With a few simple steps, we can easily track anyone on OkCupid in a given city – from home, to work, to social gatherings, to wherever. This is a terrible blow to users’ privacy."
In February 2024, OkCupid parent company Match Group was accused in a lawsuit of making their apps addictive and putting profit over their customers' relationship goals.
In March, 2024, Match Group owned Tinder, following a lengthy dialogue with the European Commission, committed to " inform consumers that discounts they propose for premium services are personalised by automated means." "The network of national consumer authorities found that Tinder applied such personalised prices without informing consumers, which is in violation of EU consumer law. In addition, until April 2022, Tinder used to offer lower prices for their premium services based on age without informing the users. Tinder stopped this practice before the investigation started."
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
The parent company Match Group shared with us that "All data stores containing personal data must be encrypted at rest and in transit. Data at rest uses the latest key technologies to cover hybrid data infrastructure, including keys that are created and managed utilizing the latest KMS key policies. Data in transit must utilize predefined SSL policies of TLS-1-1-2017-01 or similar ciphers. MG Security Engineering has an encryption standard that documents the process and procedures and is shared across our brands."
Strong password
OkCupid requires 6-digit password with no insecure passwords.
Security updates
Manages vulnerabilities
"OkCupid welcomes input from the security research community to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to responsibly disclose any potential vulnerabilities uncovered to [email protected]."
"OkCupid’s bug bounty program is private and inclusion is by invite only. Researchers who follow generally accepted responsible disclosure practices and submit quality reports to our Security team will be evaluated for inclusion at our discretion."
Privacy policy
OkCupid employs ChatGPT to generate prompts.
OkCupid employs the matching algorithm.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
Popular dating app leak puts millions of women at riskCybernews
-
OkCupid Employs ChatGPT to Interrogate Its UsersGizmodo
-
Is ChatGPT to thank for your latest OkCupid match?Fast Company
-
Pssst! Match.com does not want you to know about this FTC caseReuters
-
Match Group releases its guiding principles for integrating AI into its dating appsFast Company
-
How Match.com is using AI to make its user experience 'more human'IAB
Comments
Got a comment? Let us hear it.