Funding for To The Contrary provided by: Apps are replacing, in many ways those in-person social networks that we use to find people to date.

Women who were giving their personal details to join the app so they could feel safer while dating, those details were ultimately leaked.

This week on To The Contrary: Dating apps have exploded in popularity, but safety remains a major concern for women.

The Tea app, which at some point hit the top of the App Store charts, promised to help women stay safe.

Instead, it resulted in the exposure of sensitive information in a security breach.

Research shows that wome frequently encounter harassment on apps like Tinder and Hinge, where systematic failures have allowed abusers to remain active despite efforts and reports of abuse.

With us to discuss this issue are two experts— Jennife King of the Stanford Institute for Human Centered Artificial Intelligence, and Isabella Kwai, who covered this story for The New York Times.

So, Isabella, let's start with you since you've done most of the journalistic writing about this topic.

How dangerous are these apps for women and what are— Give me some instances of where these apps are equipped to protect women and instances where they're not.

Well, I'm happy to start with telling you what this app was all about.

So the Tea app is a US based app that framed itself as a resource for women who were worried about their safety while they were dating.

You know, dating apps often involve meeting strangers for the first time, based off profiles they put up of their photos and just the information tha people want to share on there.

So, you know, many women have expressed concerns about going out and going on a first date with a strange that they've never crossed paths with before.

So the founder of this app said that he was inspired to start it because he saw his mother encountered terrifying situations while dating.

And the app itself, calls itself more of a sisterhood, and it says it provides a community for wome who want to share information.

It does this through several resources.

You can run background checks on people that you're dating.

You can do what's called a reverse image search to see if someone's, you know, catfishing, which means using a photo of the internet that's not actually them.

And you can talk to other women on the app about their experiences, you know, perhaps dating men i the same city or the same town.

They might be able to share or flag you know, negative experiences that they've had or bad behavior.

But to sign up for this app, users had to verify that they were women.

You know, verify personal details.

In the past, sending photographs of themselves.

And so, this app really came into more mainstream attention at the end of July.

Actually, social media pushed it forward.

You know, a lot of people began discussing this, you know, app they discovered and sharing it.

And so in late July, it shot to the top of the free download chart on Apple.

You know higher than apps like ChatGPT.

Of course, when things become under greater scrutiny, it also means critics can come in and share their opinions.

And, you know, while some wome praised the app for giving them a space to, you know, have what would traditionally have just been a casual way to talk amongst themselves.

There were a lot of people that felt that this app raised some privacy concerns.

Could, you know, be potentially defamatory.

And it really stoked divisions, especially amongst men and women and angered people.

Well, tell me, yo mentioned earlier about a guy, I suppose you interviewed him for your article where his mother had been seriously frightened by one of the apps, one of the dating apps.

Tell me about us.

Tell us about that, please.

This was the founder of this particular app, the Tea app.

It's mentioned on their site, that this was the inspiration for him to start the app and, you know, since then, he has other people involved in the management team.

But I think what he was speaking to was, you know, an experience that many women would say is one of their concerns which is, you know, when you are dating, especially off the internet, you just don't know who's coming on that date.

And as you mentioned, Bonnie, harassment and stalking are major issues, you know, for a lot of women.

And so the story of this app.

At first, it was meant to be a resource to protect women, but it quickly became a very different kind of story.

Is there any way for apps and, Jennifer, we'll get you in here in a second, but is there any way for them to be open and free and allow exposure of all kinds of people to all kinds of people, without really censoring them in some wa and making them less appealing to the people who want to use them?

The issue that came up with this situation is the app was eventually hacked, its security purposes, or I guess the best way to say is, you know, it said that its systems would be secure.

So women who were giving their personal details to join the app so they could feel safer while dating, those details were ultimately leaked after people online said it was easy to breach the systems.

And ultimately, some 70,000 images were released without thes women's consent to the public.

And these images were shared around.

You know, there were right wing groups online or misogynistic groups online that took these photos and, you know, made jokes about them, made apps to compare women's photos with each other.

And it ended up being what many felt was an unsafe situation for them.

Some of these women have now brought, you know, a class action lawsuit against the makers of the Tea app because they feel that they joine because they wanted to be safer.

And in fact, the cyber security incident made them feel unsafe.

So let's step back a second and get back to my first question, which was, is there any way to set up an app that's— that doesn't grin every potential user of the app into the ground with questions about his or her background?

And where exposes everybody to a lot of new people and yet doesn't, you know, tear them all up investigating them to make sure they're safe?

Yeah.

I mean, Jennifer, feel free to step in on this one.

I think it's a challenge for many platforms.

Because perhaps they have to balance, you know, a sense of responsibility to their users.

But at the same time, you know, privacy is a big concern these day for people who want to sign up.

And what exactly they're agreeing to when they share personal details.

Yeah.

Bonnie, you raise a really good question.

And, I think there's a couple of ways to think about it.

First, apps are replacing, in many ways, those in-person social networks that we use to find people to date, you know, whether that's people we know from work, through friends, through activities we're doing in our lives.

And so, you know, social media but particularly dating apps allow us to break those boundaries.

So we're engaging in this circle of people that we don't know personally.

And so part of the challenge is how do we trust those people, especially when we have no one vouching for them?

And so what we see with dating apps is they're kind of contending with two separate pieces.

One are the actual people on the app.

How do you ensure that those people potentially are trustable and safe?

And then there's the large question of the platform itself.

And what you see with Tea for example, is that the larger platform itsel ultimately could not be trusted because they did not pay sufficient attention to security issues and eventually had the data breach.

But in terms of how do we trust the actual people on these apps?

There are a large spectrum of dating apps out there, from very casual apps, you know where it's about friends, about, you know, very casual relationships to the ones that are really focused on matchmaking.

And so in that sense, you know people do have a lot of options, but I think there's this tension between what the platforms can do to assure safet for their users versus the how, how deep do we want a platform to go, for example, to do background checks on people?

I will say, having worked in trust and safety in the past, as well as for a dating platform, that the platforms are often quite deficient in the amount of wor they could do to ensure safety.

And a lot of that starts with not even just the interpersonal concerns about is this person safe?

But the larger concerns we see with fraudulent actors on these platforms that make it really challenging to even find people to date, because often the profiles are fake.

Ofte they are people who are posing as somebody else in other countries.

And so you have that level of of trust and assurance that you have to work through before you even get to the is this individual person somebody I want to date?

And are they somebody who I can rely on?

And I'm someone who's information was hacked.

My date of birth and other very private personal information was hacked and ended up on the dark web.

And I'm just starting to think that you can't be online and think that you're able to secure your identity because you're not.

Largely.

That is true.

Now, there are— certainly companies, in many cases, could do a lot better.

And part of the problem I would argue, is that we don't have—we have industr specific standards in a lot of areas, but we don't have kind of broader security legislation that basically mandates that when you're— you're processing certain types of data, that you're obligated to use a certain level of security.

Those are, you know, bes practices and recommendations.

But, you know, with—in the case of Tea, they were collecting people's identity documents.

So driver's licenses and the such, so you know, that's biometric information.

And frankly, they should have known that they were needed to be held to a much higher security standard than obviously they were, when you're processing that type of data.

This has just so deeply invaded my life.

You can't sign up to go see a doctor on his or her portal, his or her medical portal, without giving up your date of birth, your actual date of birt and your Social Security number.

And once they have that, they might as well throw you in a grave and start throwing the dirt over you because they can get anything else they want.

And it's really I will not sign up for anything for portals anymore.

I'm sick of the junk email.

That's the least of it.

I'm even more so sick— I had to spend about 40 hours of my own time running around to the IRS office, to the utilities office, to all these various offices to freeze my credit and freeze my account because it was hacked in so many places.

And it's not worth it.

It really isn't worth it.

So I don't know what to say to people, but that was my experience.

What do you say to that?

I agree, it is absolutely wretched when you are subject to any type of impersonation scam, any personal hack.

And again, we have data breach notification laws that inform you that this has happened.

We didn't even used to have that.

But it just begs this bigger question of how we deal with identity and trust online.

And so I think what we're seeing, to some extent, are the limitations of basically putting all the burden on individual sites to manage all of these different identity problems.

It's, you know, there's just inconsistency.

Again, in the absence of legislation, what we end up with are hacks and then class action lawsuits that tend to correct the actions of those who have been irresponsible.

But obviously, I think none of us want to go through this ourselves.

So it is extremely frustrating.

And in the online dating space, I think in particular, it's— what we're seeing too, is that there's a transition to the use of artificial intelligence, which is one of the areas I work in, that really even ups the game in terms of the types of impersonation threats that I mentioned earlier.

It used to be that companies or individuals that were trying to sca people would just pull a photo or another profile off the web and impersonate that person.

Now we have the capacit to actually create video, audio, deepfakes essentially, and even just synthetic, completely synthesized profiles and personalities as fronts to potentially, you know, manipulate or defraud people on dating sites.

So the stakes are really getting higher.

But again, I would argue that a lot of that responsibility sits with these sites to the extent that they have it now, to try to fight the use of their platforms for this type of activity.

Well, why can't some la enforcement agency just say to apps—all of them, medical apps, I don't care, you want your people to have a code that they can use, that nobody else can harvest and steal their identity.

We'll give you a number when you sign— we'll give you a 2 digit number when you sign up.

And that's the way you get into our system.

Why can't that be done?

I mean, I think you're seeing more sites move toward especially not using identifiers like Social Security numbers, which we know are extremely weak and compromised.

You mentioned earlier the medical space, you know, that is one of the few areas in the US where we do have specific legal privacy protections.

So that's HIPAA.

Although again that's not really a privacy law.

It has some privacy consequences.

But it was not really— the focus was not consumer— And it doesn't protect— It doesn't protect you from all those hackers in whatever continent theyre in, working through the middle of the night to try to get your information and make it public.

It is a useful contrast to the dating app space, just to say that with HIPAA, there are a minimum standard that your doctor, for example, must use when they have those patient portals, when they communicate with you over the internet versus the dating space where there are none, you know, there's no legal obligations in place.

So the types of things I'm describing, you know, within the medical space, I think would be useful for thinking about, you know, in perspective how little data is probably comparatively breached under practitioners and products that are governed by HIPAA versus, you know, the whole consumer space that isn't held to any specific standard.

Isabella, your thoughts on assigning people a special code or a number?

Did you talk to anybody abou that when you wrote the article and when you were doing the research for it?

I just want to say I'm very sorry that happened to you, Bonnie.

And, you know, it— I can only imagine it's a very unsettling thing when you realize that hackers are trying to get into your accounts and so on.

You know what was striking me when, you were sharing that is, you know, this kind of doxing or trying to find out people's personal information, these days you know, groups have used this as a way to express their anger or their criticism or perhaps, you know, threaten people.

And you know, in these cases, as much a cybersecurity can be tightened and there are some responsibilities to protect consumers from this.

You know, the cyber space seems to have become a way in which, you know, people can use it to threaten individuals or, you know, scam or try to as you know, falsely gain information from them.

You know, when it comes to the Tea app, one thing that emerged wa when this app was flying up the download charts, on forums like 4chan, you know, which is a, popular forum for right wing people to gather, you know, they were saying things like hack and leak, which were basically calling on people to hack this site that they disagree with in terms of its philosophy.

And so these threats arent also coming from people who are critical.

I'm not saying that everyone who is critical of, you know, an apps premise is, wanting to do this, but it's interesting to m that it has become weaponized.

And so, you know, in this world, it's one more thing we should be concerned about.

And, yeah, there's some risk there when we sign up for any site, really.

So, please, each of you, if you know of situations where people were not able to find a partner in life and went and used Tea or one of these other dating apps and found somebody, tell us about that.

Is it really helping a lot of people?

Was it, I should say, was it because it's no longer really helping a lot of people?

Many people these days meet their significant others on dating apps.

You know, it's it has kind of taken over as one of the main ways in which, you know, if you're seeking a life partner or you want a date, you know, you download an app and if you read kind of the columns of people who say how they met, you know, certain apps just regularly pop up again and again.

And so, you know, people do have a very positive experience with them.

But it's not the only way that you can broaden your community.

It just— it's a catalyst for people to make connections, you know, to communities that they might not have otherwise come across.

Isn't there a point at which the government should step i and say, okay, no more of this or you're not using any actual personal information, you're not requiring it of anybody because they're getting hacked and it's getting stolen, and they're getting financially ruined.

So, why can't that be done?

And these dating apps just come up with their own codes?

I would suggest that, you know, dating apps are part of the larger consumer ecosystem.

You know, we don't treat them any differently from, you know, fitness apps, nonmedical health apps, you know, more or less any type of app.

And one of the biggest vulnerabilities for all of us is the fact that we lack general consumer privacy protections.

And that's why so many of us in the privac community have been arguing for close to 20 years now, trying to get federal level legislation passed.

You know, we're seeing that on role at the state level, state by state.

But it's been a slow process.

And Congress, you know, has brought multiple bills almost through committee but they've died continuously.

So you know, as part of that, certainly attention to cybersecurity is a part of the data privacy landscape, I think it is an important part of that.

And again, trying to establish some minimum thresholds or standards for data security, particularly when it's tied to identity data, identity documents and so on, I think is a really important piece of this.

But again, we don't have that at the federal level in the consumer space.

And it's so sad.

And I, for one, believ I could be totally wrong about this, its not based on any dat that I know of, but it would be so easy for these app to come up with their own codes and require people to use those instead of something so personal as your Social Security number or your, you know, your date of birth.

Do you not agree?

Would that make it too impossible and nobody would use these apps anymore?

You know, for this Tea app, one of the key things it was marketing was it was an app for women.

And to verify that, they asked people to share, you know, a photo of them or IDs, right, to create that kind of more, I guess, exclusive community.

And so that was one of the ways they used to make sure it was women that was signing up and not, you know, men who would— you know, men who were just curious about what was being said.

But, you know, the questio kind of that comes up for me is if you want to create these communities, but you don't want people to share, you know, their IDs to confirm who their identities are, is there a better way to do that?

Does it have to be you know, verification through photographs?

Or if it is, what's a way to tell people how they're being stored or tell users, you know, hey, there is a risk there.

You know, if you share photos, this could be shared.

But at the same time, it doesn't happen to every app that they're hacked.

Right?

In this case, it cyber security was not able to protect that data.

Yeah.

To be clear, you know, Tea itself was not a dating app.

You know, Tea was a way for women to— I mean, it productized basically a whisper network that emerged out of #MeToo, you know, emerged out of a community of women who had been frustrated with dating and finding that they've, you know, repeatedly engaged with, with suitors who have criminal backgrounds or, you know, engaged in repeated behavior.

So, you know, in part Tea was a way to try to emerge as a way to kind of provide assurance to women who weren't sure, you know, if they were dating somebod who may have had some type of, you know, pas that they were concerned with, but obviously it kind of, you know, operated as an informal back check, background check process.

And the app developers did not take the data security concerns, I think that they needed to, a seriously as they should have.

And before we go, do we have— are there any data on the percentage of crossed communications that are successful?

Not necessarily to the extent where people who meet through the app get married but at least have a satisfying relationship.

Have any of you— has either of you seen any data to that effect?

I think the Pew Internet Research Study has tracked online dating in the past.

I don't know off the top of my head what percentages, all the sites will make their own claims, you know they'll tell you that they have, you know, a number of happy couples that have gone on to get married from meeting on their site.

It can be a very subjective experience.

You know, there are people who say they got married through the app and have only positive things to say.

And there are people who have used dating apps and say that, you know, they've met people that have misrepresented who they are and, you know, it is an avenue to meet new people.

But it's, I would say, just like meeting many strangers, you know, anywhere.

There is an element of the unknown.

And so that's something to keep in mind is ultimately, you know, whoever it is on the other side, it's— unless you, you know, you have some kind of mutual connection, you don't know who they ar and they don't know who you are.

And that can be, you know, part of the fun of meeting new people.

But of course, especially for women, given some of the statistics around harassment, you know, that's, that's of a concern.

And that's part of, you know, why this became such a big topic of conversation.

And so we can put that out there as an assignment for all our viewers.

You know, whoever comes up with the first way to keep somebody secure without setting them up to lose extremely valuable, irreplaceable information, wins the whatever prize we want to call it.

But there's clearly a need for something like that.

Thanks to you, Isabella.

Thanks to you, Jennifer.

Really appreciate you information on the dating apps.

That's it for this edition of To The Contrary.

Let's keep talking on social media, including X, Facebook, Instagram and TikTok.

Reach out to us @tothecontrary and visit our website, the address on the screen and whether you agree or think to the contrary, see you next time.

Funding for To The Contrary provided by: You're watching PBS.