Raw Dating App’s Security Flaw Exposes User Data; AI-Powered ‘Loyalty Tracker’ Ring Sparks Controversy
Dating app Raw, launched in 2023, claims to offer authentic connections through daily selfies. However, a recent security lapse has exposed sensitive user data, raising serious privacy concerns. Simultaneously, the company's announcement of the Raw Ring, a wearable device marketed as an AI-powered 'loyalty tracker', has ignited ethical debates about emotional surveillance.
TechCrunch discovered that Raw publicly exposed users' display names, dates of birth, dating and sexual preferences, and precise location data, potentially allowing for street-level tracking. This vulnerability, an insecure direct object reference (IDOR), allowed anyone to access another user's private information by simply changing a unique identifier in a web browser URL. CISA has warned of the risks of IDOR bugs, which can allow access to sensitive data at scale.
After being contacted by TechCrunch, Raw quickly fixed the data exposure. Co-founder Marina Anderson stated, "All previously exposed endpoints have been secured, and we've implemented additional safeguards to prevent similar issues in the future." However, the company admitted it had not performed a third-party security audit, prioritizing product development over security.
Adding fuel to the fire, Raw announced the upcoming Raw Ring, a wearable device that purports to monitor a partner's heart rate and other sensor data, providing AI-generated insights to detect potential infidelity. This concept has been met with skepticism and criticism. Some view it as a "dystopian loyalty tracker," raising concerns about privacy, trust, and potential abuse in relationships.
Anderson claims the ring is intended to "give couples more ways to explore each other’s feelings on a deeper level and build more trust." However, the very need for such a device suggests a pre-existing lack of trust and could be easily misused by controlling partners.
The Verge highlights the potential for abuse, drawing parallels to the misuse of Apple's AirTags for stalking. While Raw asserts it has considered these issues, the lack of a prototype and the device's bold claims about "bio-sensor fusion" and "AI detection" raise questions about its feasibility. Despite Raw's claims of encryption, TechCrunch found no evidence of end-to-end encryption within the app.
This incident raises critical questions about the balance between innovation and security in the dating app industry. How can companies prioritize user privacy while developing features designed to foster connection? Is technology a viable solution for building trust in relationships, or does it risk exacerbating existing insecurities?
What are your thoughts on the Raw Ring and the broader trend of using technology to monitor relationships? Share your opinions in the comments below.