#Tag · bonfire.cafe

Last year, I wrote this article about dating apps privacy ❤️🔒

It has a focus on queer dating apps for Pride, but I think it contains valuable information for anyone using any dating apps.

If you are currently using a dating app,
or thinking of using one, you might find some useful tips and warnings in there: https://www.privacyguides.org/articles/2025/06/24/queer-dating-apps-beware-who-you-trust/

It's easy: Never, ever use *any* #datingApp. I'm not aware of a good one.

Most are owned by the #MatchGroup. Run. Away. Fast.

No matter, if you are straight, queer, genderfluid, whatever.

Never, ever use *any* fucking #dating app!

🔓 Found critical vulns in Taimi (LGBTQ+ dating app) - all fixed, $10k bounty

What I found:

"Expiring" videos didn't expire, URLs stayed valid forever
Decrement attachment ID = anyone's private videos
Location feature bypassed photo permission checks (why upload a map preview image through the photo system??)
Fake system messages (made a Raid Shadow Legends sponsorship lol)

The good news: Taimi actually handled this right. Fast response, $10k bounty, everything fixed quickly. No lawyers, no threats.

This is how disclosure should work. Take notes, Lovense.

Taimi: Finding Everyone's Private Photos Was Easy, But So Was Getting Paid

🔓 Found critical vulns in Taimi (LGBTQ+ dating app) - all fixed, $10k bounty

What I found:

"Expiring" videos didn't expire, URLs stayed valid forever
Decrement attachment ID = anyone's private videos
Location feature bypassed photo permission checks (why upload a map preview image through the photo system??)
Fake system messages (made a Raid Shadow Legends sponsorship lol)

The good news: Taimi actually handled this right. Fast response, $10k bounty, everything fixed quickly. No lawyers, no threats.

This is how disclosure should work. Take notes, Lovense.

Taimi: Finding Everyone's Private Photos Was Easy, But So Was Getting Paid