Report highlights risks of LGBTQIA+ dating apps

A new report has revealed some of the dangers associated with online dating apps, especially in countries where LGBTQIA+ users face criminalisation and blackmail.

The research was conducted by Recorded Future’s Insikt Group and looked at cyber threats facing members of the LGBTQIA+ community around the world who use apps like Tinder, OKCupid, Grindr, SCRUFF and HER.

The cybersecurity specialists also researched the international targeting, surveillance and censorship of the LGBTQIA+ community across Russia and Eastern Europe, the Middle East, Asia, Latin America and Africa.

“The aim of this research is to raise awareness and visibility, and to provide pragmatic recommendations to help equip the LGBTQIA+ community in combating the threats that they face around the globe,” says the report.

According to the study, some African governments are partnering with private sector surveillance organisations to target groups that include the LGBTQIA+ community.

“Entrapment by law enforcement agencies and criminals is a common theme observed across Africa, with the outing of LGBTQIA+ individuals posing a significant threat due to strict anti-LGBTQIA+ legislation and socially conservative views among the public.”

Members of the LGBTQIA+ community in the Middle East have also been met with limited freedoms and protections against discrimination and endured online attacks, surveillance and censorship.

The research found that SCRUFF is “doing the most proactive work to secure the data of its users,” including randomising location data and issuing alerts when users travel to countries that criminalise homosexuality, cutting ties with ad- and location-data brokers, and establishing in-house ad and analytics operations to avoid third-party sharing.

By contrast, the study claims that OKCupid, Grindr and Tinder “have been found to collect user data — including users’ exact location, sexual orientation, religious beliefs, political beliefs, drug use, and more — and share that data with at least 135 different third-party entities.”

Data protection is the new frontier in human rights

British LGBTQ rights campaigner Peter Tatchell commented that “It is the responsibility of app operators to respect and protect their users’ privacy.” He added: “Repressive regimes will continue to target, monitor and repress the LGBT+ community for as long as these apps allow them to get away with it. Data protection is the new frontier in human rights.”

Recorded Future also reported multiple instances of broadly defined cyberattacks (including targeted cyberattacks, censorship and surveillance) targeting LGBTQIA+ communities and individuals in Russia and Eastern European nations. “Surveillance and censorship was widespread across Russia and Eastern Europe with many nations passing restrictive legislative policies against open expression of LGBTQIA+ content online,” says the study.

“In many countries, governments have used domestic telecommunications companies to block pro-LGBTQIA+ apps and websites. Further, Recorded Future has found that law enforcement and, very likely, intelligence agencies have deployed the use of entrapment to expose members of the LGBTQIA+ community for imprisonment and torture.”

Similar activity was observed affecting LGBTQIA+ individuals in various Asian countries in the past five years, specifically Azerbaijan, China, Georgia, India, Indonesia, Malaysia, Myanmar, Pakistan, Singapore, South Korea, and Sri Lanka.

The study warns that without user pressure or substantial fines, some apps will continue to share data with third parties. “Compromised account credentials and user data from social and dating apps will continue to be posted on dark web and underground sources. This offers an extortion opportunity for cybercriminals who could purchase leaked credentials to obtain intimate personal details and photos of individuals,” the research states.

“Nation-states will continue to target, surveil, and censor the LGBTQIA+ community for as long as they view the community as an external threat to security, society, or morality. Criminalising the community will continue to encourage criminal acts against the community.”

The researchers urged users to “exercise caution when using apps that use location data and learn more about the privacy policies of specific apps, paying particular attention to the apps that do not obfuscate geolocation data in countries with a poor stance on LGBTQIA+ rights.”

Users should also follow general best practices for cybersecurity, such as using multi-factor authentication and password managers like LastPass to manage long, unique passwords that are not reused across multiple accounts.

The full research report can be downloaded here (PDF).