The New Oil

Love it or hate it, online dating is here to stay. According to Pew Research, 30% of US adults say they’ve used online dating sites or apps, 1/10 say they’ve met their current partner via such a site/app, and 40% say that online dating has made the search for a long-term partner easier. I assume these numbers aren’t including non-dating sites like Facebook or Discord where it’s also possible to run into someone, hit it off, and begin a relationship. Like any other digital space, however, online dating is not without privacy and security concerns. As Valentine’s Day lies just around the corner, let’s revisit some privacy and security advice for those wading into the dating pool. (Don’t worry, not all of this advice is specific to online dating, so even if you’re against online dating there may still be something here for you, too.)

Picking a Service

If you’re considering online dating, that means you’ll have to pick a platform. It’s generally recommended to select from well-known, reputable choices. This serves you in both the safety and cybersecurity departments: a reputable outlet is more likely to have good moderation in place to weed out potential scammers and abusers, and also is more likely to have qualified security personnel on payroll to create a secure product. Of course, in many organizations security is more of an afterthought on a compliance checklist, so I’m not saying that the big platforms are scam-free or hackproof, but they’re still probably safer than some random site that just popped up yesterday who’s may already be selling your credit card on a cybercrime forum (which they might not even be doing on purpose, it might just be bad security allowing for Magecart skimming). On the other hand, larger sites make for more attractive targets given the larger amount of users and thus user data. There’s never a perfect solution.

On the privacy front, you should further consider things like which services allow for Progressive Web Apps or desktop sites instead of regular apps – which will function mostly the same as a regular app but have much less access to sensitive data on your device – and of course you should always peruse the privacy policy to get an idea of what you’re getting into. If the service you want to use doesn’t offer a PWA/desktop site or it doesn’t function well (I’m looking at you, Apple Music) then remember to carefully check the permissions in your device’s App Settings menu and remove any unnecessary permissions.

Sign Up & Profiles

Once you’ve settled on a service, you’ll have to make an account. As with any other website, I recommend you make use of an email aliasing service to create a unique email address for that account, a password manager to create a strong and unique password for said account, and enable two-factor authentication in the settings. This will make your account significantly harder to hack, make it harder for you to be traced across multiple other accounts, and allow you to more easily limit the damage from any sort of spam or compromise.

On that note, I strongly encourage using a unique username for every account, and this is no exception. Unless you’re trying to build a brand (for example, as a Twitch streamer), I don’t recommend being “nateb” on every account you have. One easy way to do this is by using your password manager’s passphrase generator option to generate random words and combine two or three of them to create random usernames. This, again, will make it harder (but not impossible) for a potential stalker to find you on other social media accounts. If the service you use requires a real name instead of a username, try to pick a nondescript or common name – such as “Nate B” instead of “Nate Bartram,” a middle name instead of a first name, or a nickname. This is especially important if you have a unique name or spelling that might make it easier to find you on other websites. In that case you may want to consider purposely spelling your name wrong to make it look more common; for example, “Alex” instead of “Alyx” or “Alecz.”

Finally, after you sign up for an account, be cautious what information you fill out on your profile. I do believe you should volunteer some information to get to know you – after all, you’re trying to find someone you have chemistry with, right? – but there’s no need to overshare. “I have a four-year degree and work in marketing” is plenty of information. There’s no need to list the school or company you work for, you can share that at a later time if you feel comfortable. This also extends to your settings: check your privacy settings in particular to see what options you have over who can see your profile, photos, and posts. Some sites may limit your profile to only people who are signed in, local, or you’ve friended. These are great ways to not only avoid people you’re not interested in (such as long-distance relationships) but also to limit your personal information and protect your privacy a little better.

Posting & Content

This may seem obvious but I’d be remiss if I didn’t mention it: always be careful what you share online. This goes not only for the dating site, but all your online presence. Even if you’re careful not to post obvious stuff online – like your full name or address – there are a plethora of tools online that can be used to parse through your posts, photos, and more to pull information you never realized you had let slip. Services like PimEyes, for example, make it easy for any would-be stalker to run a facial-recognition search on you and find any other pictures of you for a nominal fee, including you in the background of a concert or news article. This could reveal old posts that share information about your social network, your employment, or places you’ve lived (or currently live). Photos you upload may accidentally contain identifying landmarks or logos. In one case, a rapper uploaded a photo to Instagram that had his address on a piece of mail, allowing criminals to find and rob his home. He was sadly killed when the robbery went wrong. Be mindful and paranoid about what you share, both on and off the dating site. If you’re interested in purging old posts online, I recommend a service like Redact (non-affiliate link here).

Meeting Up

So you’ve created a profile with privacy in mind – you’ve used a different email address, a strong password, 2FA, and been careful what you post. You found someone you hit it off with and now you’re talking about meeting up for a first IRL date.

Even before you meet up, there are some steps you can take to help verify your safety. For example, many reputable dating sites offer profile verification where users can upload a government ID and a selfie (or similar verification process) to help prove they’re a real person and who they say they are. If the person you’re talking to has opted not to do this (maybe for privacy reasons) – or even if they have – you can also request a video call prior to meeting up. Considering you’re about to meet up in person, this doesn’t seem like an unreasonable request, and if they’re unwilling to do so then you can consider that a huge red flag. You should also be wary of people trying to take you off-site too fast, usually to platforms like Snapchat, WhatsApp, or even Signal. That said, many dating apps don’t yet offer real-time calling features, so you may need to find another service like the aforementioned to do a video verification call. Try to opt for username-based services here instead of ones that require a phone number – so for example, Signal may not be a good choice since at this time it doesn’t offer usernames (though using a VoIP number or a secondary Signal account – if you have access to that – could be a good way to go). iMessage allows you to use an email address instead of a phone number if you’re an Apple user, and there’s also choices like Session, Jitsi, and Wire. Of course, there’s always a high chance that the person you’re trying to verify isn’t super privacy-focused like you are, and they may get exhausted trying to jump through a million hoops. It may create a better first impression and keep things moving along if you compromise here and create an account with a more mainstream service like Snapchat or WhatsApp or Discord strictly for dating verification purposes. Of course, I’m not suggesting you completely throw your privacy to the wind. Try to isolate whatever service you choose as much as possible to preserve privacy (such as only downloading it for the verification phase or using a separate device). I’ll take more about this later.

Once the night of the meetup comes, there’s several things you can do to keep yourself safe. First, tell a trusted friend exactly where you’re going and when you expect to be home. Arrange a check-in time to have them contact you and make sure you’re okay. A few sitcoms – like How I Met Your Mother and Letterkenny – have presented the idea of having an excuse early on in the date to leave – a prearranged phone call where you can say an emergency came up, for example. I can’t imagine that would feel good for the other person, but if you’re detecting any red flags, better safe than sorry.

Be sure to meet up somewhere public – a restaurant, bar, concert, museum, theme park, mall, etc. If you’re especially concerned, you can share your location with a trusted friend. Apple and Google both have built in features that allow this, and there are dozens of third-party apps, too. Keep in mind that your privacy is basically out the window with these sort of apps while you’re using them, but it’s probably worth giving up your location privacy for one night in exchange for being physically safe. If you’re feeling especially cautious, you could consider taking an Uber, cab, or public transit to your date. This will prevent the person from being able to note your license plate or other identifying features about your car, but keep in mind it could also make a quick getaway harder if you feel especially threatened. It’s probably overkill in most situations, but it’s worth a mention.

Finally, listen to your gut. No matter how long you’ve been talking or how deep your online conversations may have been, you don’t owe your date anything. Period. End of story. No exceptions. Regardless of how expensive the meal was, how far they’ve traveled, or the genders. If you feel unsafe, if the person is giving off red flags, if anything feels off, better to play it safe. There are plenty of fish in the sea. Even if it turns out you’re just being paranoid, that just means the other person will – at worst – be disappointed, think you’re kind of weird/crazy, block you, and move on. If it turns out you were right, then you may have literally saved your life. Don’t take any chances.

A Final Note on Compromise

Earlier I suggested that when it comes to online dating, you may have to make some compromises. This is true of life in general, and is a topic I’ve addressed many times. In any relationship – professional, platonic, or romantic – it’s typically never a good idea to overwhelm someone with a bunch of demands, especially if this date may not even pan out. Don’t start out your communications by expecting the person you’re talking to to download XMPP and verify PGP keys. You may have to settle for using VoIP apps, or less-than-ideal apps to verify yourself. Not to sound calloused or harsh, but why should be people put in too much work for something that probably won’t go anywhere? On any given dating site, you may be one of several ongoing conversations. If you’re putting up all kinds of obstacles for the sake of privacy, there’s probably at least 2-3 other people (maybe more) who aren’t putting up any, and there’ll hit a point where it’s just not worth the amount of effort for the other person. Remember: your extreme interest in privacy – while commendable – isn’t the norm, and while most people may be willing to humor you to some extent (like using Signal instead of WhatsApp or accepting that you’re not ready to say where you work yet), there’s only so much they’re willing to do. Additionally, it takes time to build up that trust and rapport with a new person regardless of the nature of the potential relationship. If you’re into dark humor – and you have any degree of social skill – you know that you don’t just walk up to a stranger and start cracking the most messed up jokes you know. You take time to get to know the person and if that’s even their sense of humor or if they’re going to be offended. Dating is no different. You have to take time to get to know the person. If your first message is “hey let’s move to Signal,” you’ll probably get reported as a spammer pretty quick. All that said, that doesn’t mean don’t advocate for yourself. If someone says “hey I hate this app, let’s move to Discord” you don’t have to instantly say yes. Don’t be afraid to ask “I don’t have a Discord, would you be okay with Signal?” You might be surprised by their answer. (Also I’m sorry I keep shilling Signal, it’s just the most mainstream, user-friendly option that you’re likely to find other people using.) Look for opportunities to protect yourself and be aware of what risks you might be opening up by compromising (and if you’re willing to accept those risks) but also be willing to make reasonable concessions to “meet them halfway.” If things start getting serious, then you can start nudging them toward better options, but also remember that they’re an individual person who is free to do whatever they want, so if they’re not willing to use or try out the things you suggest, you’ll have to decide if that’s okay with you or not. You could also start planting the seeds of this stuff early on by, for example, putting things in your profile like “I’m really passionate about cybersecurity.”

Dating in general can be rough, online dating moreso, but it doesn’t mean you have to give up all your privacy or surrender to being alone forever. As with most things in privacy, this topic at its core comes down to “be intentional and thoughtful.” Be sure to think ahead, put proper protections in place, and be prepared for a lot of dead-end conversations and compromises with your communication. Threat modeling really helps a lot here. Good luck with your search, and stay safe out there.

You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...