Attention : *Confidentialité non incluse avec ce produit
For online dating done a little differently, there's Coffee Meets Bagel, a dating service founded by three sisters and launched in 2012. The idea behind Coffee Meets Bagel is you don't swipe around looking for matches. Instead, the app uses your "must-haves" to send you matches curated to your tastes everyday at noon. It gets a little complicated as men get 21 curated matches (or bagels as they awkwardly call them) and have 24 hours to pass or like. Women get 6 matches of people who have liked them. Or something like that, it's a bit confusing. If putting your profile up for everyone on a dating app to see makes you nervous, Coffee Meets Bagel could be good for you because users can't search your profile out. Only users who have matched with you will be sent your profile to view. And hey, if you buy "beans" to spend on "likes" you might find a partner faster, saving you the trouble of having to learn about confusing dating app rules and currencies again. So, how is Coffee Meets Bagel at privacy? Well, we could say their privacy is a bit like a cup of bad coffee -- weak and puzzling.
Que pourrait-il se passer en cas de problème ?
Back in 2019, CoffeeMeetsBagel was forced to send out an email on Valentine’s Day admitting the personal information of six million of their users was hacked, stolen, and put up for sale on the dark web. Not a great way to show their users love, but at least they notified their users pretty quickly of this data breach. And they did take measures to tighten their security after that. It might not have been enough though because in August of 2023, CMB had more bad news for their users: that an app outage was the result of a cyberattack. The company's systems were breached and some data was deleted. Today, we aren't able to confirm whether CoffeeMeetsBagel meets our Minimum Security Standards. All in all, we have some concerns about their security. Which isn't good.
Because they also have some work to do on their privacy policies. Coffee Meets Bagel says in their privacy policy they can use your personal information for research and share it with third-parties for things like targeted advertising. That's a shame because CMB, like most dating apps, can collect a lot of personal information about you. You have to provide your email address, zip code, birthday, gender, and gender preference, and potentially your biometric data for account verification. You'll also be asked to upload photos of yourself. If you do, the data collected will "include location metadata and inferred characterizations or data" in those image files. CMB then goes on to add that they can draw inferences about your for all the personal information they collect to create a profile on you as a consumer and then share those inferences with third parties for advertising purposes. Yuck!
Here's another potential yuck. CMB also says that if you use the video chat feature, you'll need to give access to your microphone and camera. That makes sense. But then they add that they "may collect the content and information you make available using our video chat feature" which makes us think the contents of those video chats are not totally private. Aside from the information you have to give about yourself and how you interact with other bagels (or is it coffees?) you might include more information when creating your profile: Your occupation, ethnicity, religion, political views, information relating to your sex life, and more. Providing that information, CoffeeMeetsBagel's privacy policy says counts as "explicitly consent[ing]" that it be used for matching purposes. Alrighty.
On top of all that, CMB can collect some data from Facebook, if you choose to connect your account. And from the way the privacy policy is worded, it seems like that might be required sometimes. Things like "your name, email address, birthday, work history, education history, current city, pictures stored on Facebook, and the names, profile pictures, relationship status, and information about your Facebook friends". When you connect dating apps to social media, that can open the door for both apps to exchange information about you. That's why we don't recommend doing that. CMB can collect data from other third parties too.
That's a lot of personal information for a company with a not-so-great security track record to have about you. Worse, we couldn't confirm whether the app meets our Minimum Security Standards because we couldn't determine whether or not they use encryption and whether they have a way to manage security vulnerabilities. We did email them to ask, we promise. But, alas, we never heard back from them. All this makes it extra worrisome to us that CMB's privacy policy doesn't seem to guarantee all uses the same rights to have their data deleted.
What could go wrong with CoffeeMeetsBagel? Well it would be very disappointing but not that surprising if they had another data breach that exposed their users' private information. Imagine the whole wide internet knowing how you ~like your bagels~ so to speak.
Conseils pour vous protéger
- Follow CoffeeMeetsBagel's Safety Tips.
- Visit the app's privacy preferences at the app and opt out from personalized advertsing as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertisement.
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.
Ce produit peut-il m’espionner ?
Caméra
Appareil : Ne s’applique pas
Application : Oui
Microphone
Appareil : Ne s’applique pas
Application : Oui
Piste la géolocalisation
Appareil : Ne s’applique pas
Application : Oui
Que peut-on utiliser pour s’inscrire ?
Adresse e-mail
Non
Téléphone
Oui
Compte tiers
Oui
Facebook sign-up avalaible (on Android only)
Quelles données l’entreprise collecte-t-elle ?
Personnelles
Email, phone number; Username and password, email address, zip code, birthday, gender, and gender preference; Mobile Device ID (e.g., IMEI, AD ID); Geolocation (GPS); Device Information/Specifications. Technical information about your device: type of device, web browser, operating system, IP address; Usage Information; Cookies; Web Beacons; Race, ethnicity, religion, philosophical or political views, sex life or sexual orientation, school, occupation, current city.
Corporelles
Photos, videos
Sociales
Messages; Facebook account information, including information about you and your Facebook friends who might be common Facebook friends with other Coffee Meets Bagel users.
Comment l’entreprise utilise-t-elle les données ?
Comment pouvez-vous contrôler vos données ?
Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?
In August 2023, CoffeeMeetsBagel's systems were breached by cybercriminals, who deleted company data.
In February, 2019, CoffeeMeetsBagel disclosed a data breach that leaked the personal iniformation, including name and email address, for 6 million of their uesrs. Accordoing to CoffeeMeetsBagel, the data breach happened in February 11, 2019 and they notified their users on February 14, 2019.
Informations liées à la vie privée des enfants
Ce produit peut-il être utilisé hors connexion ?
Informations relatives à la vie privée accessibles et compréhensibles ?
Liens vers les informations concernant la vie privée
Ce produit respecte-t-il nos critères élémentaires de sécurité ?
Chiffrement
We cannot confirm encryption at rest and in transit for this app.
Mot de passe robuste
Mises à jour de sécurité
Gestion des vulnérabilités
Politique de confidentialité
The app uses a deep neural network to curate matches for users.
Cette IA est-elle non digne de confiance ?
Quel genre de décisions l’IA prend-elle à votre sujet ou pour vous ?
L’entreprise est-elle transparente sur le fonctionnement de l’IA ?
Les fonctionnalités de l’IA peuvent-elles être contrôlées par l’utilisateur ou l’utilisatrice ?
Pour aller plus loin
-
How Coffee Meets Bagel leverages data and AI for loveCIO Dive
-
Coffee Meets Bagel says recent outage caused by destructive cyberattackBleeping Computer
-
Dating App Coffee Meets Bagel Sends Valentine’s Day Alert About Data BreachFortune
Commentaires
Vous avez un commentaire ? Dites-nous tout.