While it’s certainly not embarrassing or uncommon to use a dating app, plenty of people don’t want to broadcast it. For Tinder users, though, that’s happening anyway, and it has been for a long time. Despite the fact that the company has known about its app’s security vulnerabilities for almost a year now, Tinder hasn’t yet made the necessary patches to its network to keep its users’ personal information safe.
So on Wednesday, Valentine’s Day, Oregon Sen. Ron Wyden wrote a lovely note to Greg Blatt, the CEO of Tinder, asking that his company get its act together. The problem, according to recent research, is that Tinder’s app doesn’t use HTTPS, which is a secure way of sending information online (though its website does). Wyden would like to see this fixed ASAP.
Checkmarx, one of the security companies that pointed out Tinder’s vulnerabilities, reportedly notified the dating app company in November that photos on the app are sent through an unencrypted connection. That means that anyone monitoring the network can pull information, like the user’s gender and sexual preferences. In other words, if someone knows how to monitor Wi-Fi traffic at a café or in at an airport, the type of information you’d prefer a random passerby not know could be traveling in plain sight. Business Insider first reported on Tinder’s security flaws with how the app stores photos in March 2017. And in October, Gizmodo reported that the app is also vulnerable to location tracking.
Wyden has made a habit of sending angry letters on behalf of Americans’ digital privacy to corporations and government agencies. In October 2017, he sent a letter to the country’s top voting machine manufacturers to ask what they’re doing to harden security in advance of upcoming elections. And in August 2017, he requested the Department of Justice provide more details about the agency’s policy on using stingrays, which is a device that pretends to be a cell tower and can intercept mobile phone data.
Tinder told Wired in January that the company is “working towards encrypting images” on the app, but Wyden is asking for results in addressing its security holes, and he put it in a way Tinder might understand, suggesting the company “swipe right on user privacy and security.”