New consumer sites like Cheaterbuster and CheatEye promise to unmask dating app users using a single photo
A new generation of commercial websites is systematically dismantling the last vestiges of anonymity in online dating, weaponizing facial recognition to expose users on platforms like Tinder, Bumble, and Hinge.
What began as a viral sensation for suspicious partners is rapidly becoming a mass-market surveillance tool, capable of unmasking anyone who has ever recycled their profile picture across the internet.
Services like Cheaterbuster and CheatEye claim they can use just a selfie and basic location details to pinpoint a person’s Tinder profile and narrow down their neighbourhood. Testing conducted by 404 Media confirmed the tools’ efficacy, with one service accurately identifying a participant’s residential area in Brooklyn.
While the location data is not precise GPS, the level of accuracy is enough to raise serious safety concerns, particularly for vulnerable groups relying on anonymity within these ecosystems. Tinder has confirmed these services violate its policies, but the sites remain operational, buoyed by influencer campaigns that mask their invasive nature.
Scraped Biometric Databases
This surge in “cheater-finder” tools is merely the visible tip of a much deeper, unregulated problem: the existence of massive, searchable biometric databases built over years by harvesting billions of facial images.
The precedent for this mass scraping was set by Clearview AI, which became infamous for vacuuming up photos from public social media sites and selling access to its database primarily to law enforcement. Though legal actions—such as the settlement under Illinois’s pioneering Biometric Information Privacy Act (BIPA) and multimillion-dollar fines in Europe—have restricted Clearview’s activities, the colossal datasets remain largely intact.
Consumer-facing services like PimEyes offer a similar functionality, allowing anyone to upload an image and instantly trace where that face appears across the web. These vast, unregulated archives form the invisible infrastructure for the latest wave of surveillance-as-a-service.
Cheaterbuster and CheatEye leverage this infrastructure by comparing uploaded photos against these large web-scraped image libraries, attempting to link the result back to an active dating profile and, crucially, its associated location signals.
Exploiting Dating App Vulnerabilities
The effectiveness of these tools relies heavily on persistent vulnerabilities in dating and hookup apps. A 2024 academic paper, Swipe Left for Identity Theft, analysed 15 location-based dating apps and found that at least six leaked enough proximity data to allow determined attackers to infer users’ exact locations under certain conditions.
Even when explicit distances are hidden, subtle clues—such as the order in which profiles appear—can reveal proximity. Once a face is matched to a name, these background signals can be exploited to accurately estimate where a person lives or works.
This vulnerability extends across the entire spectrum of dating and hookup platforms, including Grindr, Hornet, and Jack’d, which have all been scrutinised for location inference flaws. For LGBTQ users or those exploring alternative relationships, the exposure of an anonymous dating profile can quickly escalate into harassment, blackmail, or even physical danger.
Privacy Experts’ Warning
Privacy experts warn that these services represent a dangerous normalization of intimate surveillance. Eva Galperin, the Electronic Frontier Foundation’s director of cybersecurity, has long cautioned that such technologies enable coercive control and intimate-partner monitoring.
A privacy technologist interviewed during the 404 Media investigation described the “catch-your-partner” sites as “perfect stalking tools,” warning they put powerful search capability into anyone’s hands, turning intimate curiosity into institutionalised surveillance.
This crisis is compounded by the slow pace of legal oversight. Illinois remains the sole US state with robust biometric privacy legislation, and while European regulators have issued fines, smaller websites often evade enforcement by simply moving servers or rebranding.
The combination of perpetually searchable face databases, leaky dating app protocols, and aggressive digital marketing has created a perfect storm, transforming people’s romantic lives into an open-data commodity. Once a face is indexed by these systems, the danger is that it will remain searchable indefinitely.
