How Privacy Works in the Predator Alert Tools

The Predator Alert Tool for OkCupid was recently written up in a lovely, succinct, accessible article by Lifehacker‘s Alan Henry: Predator Alert Warns You If Your OkCupid Prospect Might Be Dangerous.

Of course, as per usual, the Bitter BDSMer Brigade showed up to spam the comment section with random conspiracy theories. But this actually gave me a great opportunity to talk about how data privacy and administrative access function in each of the core Predator Alert Tools. So, win!

My comment is copied here for your reading pleasure:


story645 said: “there are accusations that he’s been using this extension (or an earlier one he made for fetlife) to mine people’s data so that he could prey on them.”

First of all, Maymay uses they/them pronouns.

Secondly, I simply want to address the rumors that any of our Predator Alert Tools are being used for malicious purposes by talking a little bit about the technology behind each tool in the suite:

* PAT-FetLife: […] Runs on an 100% transparent database. It is basically just a big online spreadsheet that users can submit information to — anonymously if they wish. No log-in or password information is ever required to use PAT-Fetlife. The database is posted publicly and is visible to anybody who wants to look at it, including the administrator. But there is nothing the administrator can see that you or I can’t, and there is nothing in the database besides what users voluntarily decide to post. The other piece of PAT-Fetlife, the part that highlights flagged profiles in yellow while you’re browsing Fetlife, is a client-side extension that only interacts with your browser locally. No administrator has access to it.

* PAT-OkCupid […] Again, PAT-OkCupid only collects information that is already public. It works by looking at an OkCupid user’s publicly-answered Match questions and highlighting their profile in red if those answers suggest cause for concern. PAT-OkCupid scrapes data about how users have answered Match questions, as long as those answers are set to “public” at the time PAT-OkCupid looks at their profile. (Actually, now that I think about it, we haven’t really considered the issue of how PAT-OkC responds when a user changes or privates their Match answer. That might be something to consider for a future version.) Anyway, again, PAT-OkCupid doesn’t give the administrator any information that isn’t also available to every OkCupid user.

* PAT-Facebook […]: is a Facebook app that allows users to semi-anonymously share information about experiences of abuse, and connect that information with the Facebook profiles of the person who abused them. PAT-Facebook is the only existing Predator Alert Tool that has the technological potential for administrator abuse. This is because PAT-Facebook allows users to give their “reports” a privacy setting — for example, they can choose to share only with friends, or only with other people who have reported the same abuser, and they can choose whether or not to display their identity alongside their report. But, as with Facebook itself, all of these “private” messages are hosted on a central server and visible to the administrator of that server. Even though PAT-Facebook does not surreptitiously collect any data besides what users voluntarily provide, it does technically allow an admin access to data that the user probably intended only for their friends or another limited audience.

Personally, I feel confident that Maymay has never used their admin access to look at any non-public PAT-Facebook post, and I trust them not to do so in the future. But I don’t expect Internet strangers who don’t know me from Adam to take my word for that, and they shouldn’t. Because PAT-Facebook is the only Predator Alert Tool that is potentially vulnerable to this kind of administrative abuse, we have gone to extra pains with this tool to decentralize *administrator* control, and we have also been especially painstaking about reminding users that no information you post on the Internet is ever 100% private, and encouraging them to prioritize their own safety when making a report.

In short: If you don’t trust Maymay, you probably shouldn’t use PAT-Facebook. But, since we know there are people who don’t trust Maymay, we’ve made a point of building PAT-Facebook in ways that will make it easy for them to run and control on their own server. You can read more about how to do that here:…

* PAT-Twitter […]: is the simplest tool to explain in terms of privacy. PAT-Twitter lets you make lists of Twitter users who you want to flag, and allows you to add a comment about why you are flagging them. It uses a similar interface to regular Twitter Lists, with one big difference: Twitter Lists are stored on the Twitter server. PAT-Twitter lists are stored on your computer. That’s it. Your PAT-Twitter lists live in your browser. This is called an “unhosted app.” The only way Maymay can get any data about you via PAT-Twitter is if you lend them your laptop.

If you want other people to be able to use your PAT-Twitter lists, you can also publish them to a simple server called a “Facilitator.” Then, anybody who has access that facilitator can download them — and anyone who doesn’t, can’t. Starting your own facilitator is easy as pie. Maymay runs a publicly-accessible one here: I run another one here: And simple instructions for installing your own are at the bottom of the PAT-Twitter README. If you want to prevent someone from seeing who you’re flagging, just keep your list private on your computer, or only publish it to a password-protected facilitator that you share with your friends.

* PAT-Lulu, PAT-BangWithFriends, PAT-ChristianMingle, and the upcoming PAT-JDate are all built on top of the four core Predator Alert Tools described above. (PAT-Lulu and PAT-BWF use the PAT-Facebook engine. PAT-CM and PAT-JD use the same framework as PAT-Fetlife.) They share the privacy model of whichever core PAT they are based on.

We have also been working with another developer who has some good ideas for PAT-Tumblr, and we recently got word that there may be a Predator Alert Tool in the works for!) We don’t know what the technology will look like for either of those tools yet, but we will remain committed to the same principles of transparency, prioritizing survivor safety, and user control/ownership of data that we always have.

I’m happy to answer more questions if people have them. 🙂


One comment

  1. maymay

    A minor correction: I actually have given thought to what would happen if a user on OkCupid changes their answer from public to private. What would happen is analogous to what would happen if someone told you a secret: that is to say, nothing changes for your view of that information.

    If you view an OkCupid user’s profile with PAT-OkCupid activated in your browser, your browser views and “writes down” all the answers to their public questions. It then remembers each question and each answer it has seen for as long as PAT-OkCupid is installed in your browser. (When you uninstall PAT-OkCupid, your local copy of their public answers is removed from your computer.) If, later on, you return to that same user’s profile after they have changed the visibility setting on a given question, you are not able to see whether or not their answer is the same as it was when you first viewed their profile, but you ARE still able to “see” their *old* answer.

    This is how information works in the real world. Once information is made public, it is available to anyone, and anyone else may make a copy of that information. That’s why you have probably, at some point, been advised not to tell secrets to people you don’t trust. The same exact principle applies here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: