Dating app Tinder leaks data from its users, potentially posing a threat to national security. That shows research of research platform Follow the Money (FTM).
By creating fake accounts, FTM managed to map hundreds of soldiers on NATO bases at home and abroad. The researchers were able to follow the soldiers on deployment in Estonia, on exercises in Germany, and even to the street where they lived.
Tinder has such worldwide sixty million users per month. In 2019 it was estimated two million Dutch people are active on the platform. Users of the app can view each other’s profiles and rate them as ‘like’ or ‘dislike’ (so-called ‘swiping’). If two people like each other, they have a ‘match’ and a chat conversation begins.
To connect users who are near each other, Tinder uses location data. If users consent, the app also tracks precise location data when it is not open. In its privacy terms, Tinder reserves the right to share location data with suppliers and advertising partners.
Fake profiles
However, the research shows that a user’s approximate location can also be determined by anyone who has ‘liked’ their Tinder profile. This is possible without there being a match; the user does not have to like the other person back first. The researchers tested this by setting up three fake profiles. They used this to collect information about a hundred thousand Tinder profiles in just a few weeks.
By supposedly locating their fake profiles near known NATO bases, the researchers also managed to identify the Tinder profiles of more than four hundred soldiers at home and abroad. The soldiers could be recognized as such because, for example, they posed in photos in their uniforms, had their photos taken with weapons, tanks or fighter jets, or because their profile stated that they worked in the armed forces.
By following the profiles for a longer period of time, their travel movements, places of residence and workplaces could be mapped out. Home addresses could also be found using linked social media and other public sources. For example, an employee of the Air Mobile Brigade could be followed to various barracks in the Netherlands, to Romania, and to his home in Assen. A Canadian diplomat could be followed from London, via Germany and Poland, to Ukraine.
Russian spies
The public data on soldiers is a threat to national security, says security expert Matthijs Koot. If soldiers activate their GPS function on Tinder, the Kremlin, for example, can find out (in combination with other data) whether NATO armies are scaling up in an area, he says. Russian spies can also relatively easily build an intimate relationship with a NATO soldier via Tinder. “The conversation will not immediately be about state secrets, but less important information can also be very valuable for the Russians,” said Koot.
Intelligence services, including the Dutch AIVD, warn has been facing security risks for years due to the location data that social media and apps such as Tinder track. Tinder is also not unknown territory for enemy spies: in April 2023 reported German military intelligence MAD that Russian spies used the dating app to contact members of the German Bundeswehr. Tinder did not want to comment substantively on FTM’s findings.
Fortunately, the Ministry of Defense cannot ban the activities of employees on their personal telephone, a spokesperson said when asked. But “mentioning your employer on a dating app and being recognizable there as being active in the military is not wise,” he says. The news from FTM is reason for the ministry to once again remind employees of the dangers of apps such as Tinder.
Previously, in 2018, an Australian student discovered that secret military bases could be found via fitness app Strava. After a leak of the Polar app that same year, the Dutch Ministry of Defense had these types of apps blocked on service phones.