Warning: *Privacy Not Included with this product
Plenty of Fish
Launched in 2003, Plenty of Fish, aka POF, is one of the OG dating services available in 11 languages and more than 20 countries. It bills itself as "the most friendly way to date" where users can "come exactly as [they] are." They take a choose-your-own-adventure approach to dating with lots of different ways to connect. Those ways include live streaming, dating games, DMs, and yes, swiping. Recently, in the interest of eliminating "uncomfy moments" that you didn't sign up for, POF introduced a "No D*ck Pics" badge users can add to their profiles... Which is probably another situation where "opt-in" consent would make way more sense. Free users can sign up, send messages, get matches, and more. Premium user features include viewing extended user profiles, seeing read receipts, and an ad-free app experience. Sounds great! Unfortunately, POF is not exactly great at privacy.
What could happen if something goes wrong?
Plenty of Fish has a new look and a new promise. They say it’s the most friendly, playful, relaxed way to date -- where you can be you! The catch? The sleeker-looking Plenty of Fish still gets plenty of privacy dings from us.
This dating app asks users to provide a whole lot of personal information when you sign up -- everything from your ethnicity and whether you smoke to if you own a vehicle and if your parents are married (seriously, they ask for that!). And though their privacy policy says that information is “optional,” it doesn't seem like there’s any way to get set up without working your way through their many intense questions. And some of that data is going to be sensitive, so know that just providing it counts as “consenting to [Plenty of Fish’s] processing of that information”. On top of that, there’s your profile information, the photos you upload, your sexual orientation, interests, and more. Then there’s the information that’s collected automatically when you use the app. Your IP address, device information, your activity, when you're online, and who you interact with. Oh and your geolocation! Even while you're not using Plenty of Fish. You can also choose to give access to biometric information (information about your unique face shape) if you want Selfie Verification. And let's not forget your chats! To be sure you're not engaging in harmful or illegal behavior, chats can be filtered by automated tools and may be reviewed by humans. Your conversations also help train those tools.
Plenty of Fish can collect even more information about you from “partners” and affiliates like those many other dating apps owned by their parent company, Match Group (over 40+ apps!). And they can create inferences about your “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” based on what else they know about you. It’s a lot!
And that does worry us a bit because Plenty of Fish can use your personal information for reasons that likely won't bring you closer to meeting your #couplesgoals, like showing you ads. They can also share your information with the many other Match Group apps which include OkCupid, Tinder, Hinge, and dozens more. And Plenty of Fish even goes a step further -- in a bad direction -- than most Match Group apps. They can "sell" your personal information to social networks, ad networks, and others. Ugh. We can't let you off the hook for that one, POF.
Not to open a can of worms here, but there is more. Plenty of Fish's parent company Match Group doesn't have the best track record. In 2022, the United States Federal Trade Commission filed a petition against Match Group Inc. to force them to hand over documents about a possible data-sharing deal between one of their apps and an AI company, where images of users’ faces were reportedly used to train facial recognition software. Tinder was also hit with lawsuits about their photo verification feature in 2022 and 2023. One says that the app didn't get proper consent from users to process their biometric information and the other claims the feature “verified” a fake account created with the plaintiff's stolen photos. Oh no! And research by Cybernews in 2023 found that a simple hack would make it possible to “track [Match Group-owned] OkCupid users and find their exact location.” Whoa. Match Group's shaky track record makes us a little nervous about their eagerness to double down on the privacy minefield of AI integration. That's something we'll be keeping a close eye on.
Here is one good thing. Plenty of Fish says they may share your personal information with law enforcement, when it’s required by law or to “assist in the prevention or detection of crime (subject in each case to applicable law).” That’s pretty standard, and Match Group does have some pretty clear guidelines around how they share user data with law enforcement, which we like to see. Just beware, all those dating app chats could end up in law enforcement's hands if they have a court order.
After reading this, users might decide they'd like to access to and delete all the information this app and its parent company has collected on them. That's fair, but unfortunately Plenty of Fish doesn't guarantee that right to all their users regardless of where they live. Boooo hiss! So what's could go wrong with Plenty of Fish? Well, the fact that POF says they can "sell" (under the California CCPA definition of sell) your email, internet activity, and demographic data to advertising networks makes this whole thing feel more like a fishing expedition than a chance to find your true love. Good thing there are plenty of dating apps in the sea (too bad most of them also raise our privacy eyebrows though)! We also wonder if the risk you take in giving up your data to POF is worth it -- especially since love on Match Group-owned apps might be a losing game. A lawsuit filed February 2024 in the United States against claims Match Group’s apps are designed to "coerce subscriptions and retain users forever" by dangling the possibility of establishing an "off-app relationship while implementing features to keep users on the app." Yeesh. That's always a danger when a happy ending is bad for business.
Tips to protect yourself
- Turn off Match Group data sharing in the app's Privacy Preferences
- Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertising.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: Yes
Tracks location
Device: N/A
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
Phone number and email address, gender, date of birth, who you’d like to connect with; sexual orientation, ethnicity, religious beliefs; details on your bio and your interests, content such as photos and videos; debit or credit card number or other financial information; insights into our products and services, responses to our questions and testimonials; information that you use to register or enter; social media data; chats with other users; data about your activity on our services, such as, when you logged in, features you've been using, actions taken, information shown to you, referring webpages address and ads that you interacted with, and your interactions with other users, for example, users you connect and interact with, and when you matched and exchanged messages with them; device information, such as IP address, device ID and type, apps settings and characteristics, app crashes, advertising IDs, and identifiers associated with cookies or other technologies that may uniquely identify a device or browser; Precise geolocation data (with consent).
Body related
Selfie Verification data, photos and videos (with consent).
Social
Information from your social media account
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In November 2022, the parent company Match Group Inc. was accused in a lawsuit from Tinder users of breaching a state privacy law in Illinois by collecting data on people’s faces from dating app selfies.
The FTC filed a petition on May 26, 2022 to force Match, owned by the parent company Match Group Inc., to comply with a civil investigative demand for documents related to an alleged 2014 data-sharing deal between Match subsidiary OkCupid and Clarifai Inc, an artificial intelligence company.
In September 2023, a New Jersey woman filed a class action suit against Tinder, owned by the parent company Match Group Inc., claiming that the app's photo verification feature failed by verifying an account that was created using stolen images of her.
In December 2023, the research by Cybernews into OkCupid, owned by the parent company Match Group Inc., uncovered that a hacker could uncover a distance from them to the victim (any user of the app) in a 10 to 20-meter radius. "With a few simple steps, we can easily track anyone on OkCupid in a given city – from home, to work, to social gatherings, to wherever. This is a terrible blow to users’ privacy."
In February 2024, Plenty of Fish parent company Match Group was accused in a lawsuit of making their apps addictive and putting profit over their customers' relationship goals.
In March, 2024, Match Group owned Tinder, following a lengthy dialogue with the European Commission, committed to " inform consumers that discounts they propose for premium services are personalised by automated means." "The network of national consumer authorities found that Tinder applied such personalised prices without informing consumers, which is in violation of EU consumer law. In addition, until April 2022, Tinder used to offer lower prices for their premium services based on age without informing the users. Tinder stopped this practice before the investigation started."
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
The parent company Match Group shared with us that "All data stores containing personal data must be encrypted at rest and in transit. Data at rest uses the latest key technologies to cover hybrid data infrastructure, including keys that are created and managed utilizing the latest KMS key policies. Data in transit must utilize predefined SSL policies of TLS-1-1-2017-01 or similar ciphers. MG Security Engineering has an encryption standard that documents the process and procedures and is shared across our brands."
Strong password
Security updates
Manages vulnerabilities
"Plenty of Fish welcomes input from the security research community to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to responsibly disclose any potential vulnerabilities uncovered to [email protected]."
"Plenty of Fish's bug bounty program is private and inclusion is by invite only. Researchers who follow generally accepted responsible disclosure practices and submit quality reports to our Security team will be evaluated for inclusion at our discretion. We explicitly prohibit testing Denial of Service (DoS) or use of automated scanning tools against any of our applications or infrastructure."
Privacy policy
Dive Deeper
-
Best Dating Apps for 2024CNET
-
The best sexting apps for safe NSFW fun in 2024Mashable
-
Plenty of Fish app was leaking users’ hidden names and postal codesTechCrunch
-
Popular dating app leak puts millions of women at riskCybernews
-
Match Group leans into AI with new teamMashable
-
Pssst! Match.com does not want you to know about this FTC caseReuters
-
Match Group releases its guiding principles for integrating AI into its dating appsFast Company
-
How Match.com is using AI to make its user experience 'more human'IAB
-
Why Plenty Of Fish Did A Hard Reset On Its Brand And Media MixAd Exchanger
Comments
Got a comment? Let us hear it.