Technology is great. It has enabled & empowered so many to live their life on their own terms. It has opened up new possibilities that we could never have imagined. Unfortunately, not all of these new possibilities are good for us.
There seems to be a never-ending supply of fakers and trouble makers who seek out weaknesses to exploit for their own financial gain or simply to wreak havoc and hurt others. Many in the swinging lifestyle are seeking out the latest & greatest dating apps without realizing what privacy risks they might be facing.
In 2019, there was a shocking lapse of security with the 3Fun dating app that impacted all 1.5 million of their users. It was discovered by Pen Test Partners that 3Fun was exposing specific GPS coordinates, birthdates, private pictures, and more. This led some people to think that 3Fun had the worst security in the history of dating apps.
We aren’t trying to stoke your fears of online swinger apps. Rather, we want to help you to enjoy them safely. The first step in protecting yourself is becoming informed so you can make better choices.
To help educate people on the 3Fun situation and dating app security in general, we reached out to Alex Lomas, who led the 3Fun and dating app security research for Pen Test Partners. We hope this helps to inform you so you can make safer online choices and better protect yourself.
Swingers Help: How was the 3Fun security problem discovered? There have been many security issues across the internet, what was different about the 3Fun situation?
Alex Lomas: The issue was found by myself and a colleague last year during a review of the whole dating apps ecosystem. We found three applications that were leaking a user’s location when they displayed the distance from you to another profile. By spoofing location ,we were able to triangulate positions.
3Fun was different in that it just handed over the exact location in server responses without having to do this triangulation step. It also disclosed a user’s date of birth and private pictures.
Swingers Help: How often do you uncover security issues like 3Fun?
Alex Lomas: We’ve found issues in all kinds of dating apps and adult toys, including most recently the Qiui Cellmate male chastity device which was kind of a hybrid – it was both a physical toy but also operated a community area through the mobile app. Again, we were able to access every user’s profiles and private messages.
Dating apps are really no different from any other sector really, our researchers find issues in all kinds of internet-connected devices from smartwatches, kids’ toys, kettles, to network equipment and industrial controls.
[Note from Swingers Help: Different Bluetooth sex toys have been targeted by hackers. It has happened so much that in 2017, Pen Test Partners coined the term “screwdriving” to describe when Bluetooth sex toys (like the Lovense toy line) are hacked and taken over.]
Swingers Help: How can a regular person know if a dating website or app can be trusted?
Alex Lomas: To be honest, that’s exceptionally difficult. My general advice is to run a Google search for something like “product name + security” or “product name + vulnerability” and see what turns up.
The sad fact is that many companies and products will experience breaches. It’s just how they deal with it that’s the major issue in my opinion. Look for companies that have security or vulnerability contact details for researchers, or a bug bounty, and publish information on how they secure your information.
Generally, though, you may have to assume a breach at some stage.
Swingers Help: If someone wanted to build a better dating site or app, how can they ensure proper security?
Alex Lomas: Consider security from day zero and engage in some threat modeling. Be transparent and honest with your users about what information you gather, and how and where it’s stored. Have a contact page (and/or security.txt) so that researchers can easily get in touch with you. And, of course I would say it, but, get your app or site tested.
Swingers Help: What is the most common misconception regular people have about online security?
Alex Lomas: I don’t think this is down to end-users really. My personal feeling is that dating apps should be classed in the same area as banking and healthcare, and should take extreme care in how they handle people’s most sensitive and intimate information.
Swingers Help: What tips can you share to help people keep their private lives private?
Alex Lomas: Running multiple online identities is actually pretty hard, but there are some simple steps that can help – use a pseudonym, use an alternative email address (and certainly don’t use your employer’s email on a dating site!), and be wary about what information and pictures you share. If you’re using IOS14 you should use the “approximate location” feature with dating apps so you don’t disclose your exact work or home address.
Swingers Help would like to thank Alex Lomas for sharing his insights with us. We have also put together additional tips if you are interested in protecting your online swinger privacy. Privacy is quite hard to regain once it has been lost so we do encourage everyone to take as many precautions as possible. Remember, you can always share more about yourself tomorrow if you choose.