You can’t offload these kind of decision to the user. Just think about how effective the various fishing and social engineering attacks are. No, a fediverse dating app would have to be secure by default. The only possibility I see for this is something that involves homomorphic encryption, an encryption method that allows you to operate on data without having to decrypt it first, but I know nothing about that topic so I could be completely wrong. This vague idea of a solution might be technically impossible after all.

I don’t think control features help much when one of the most basic question that you can ask is “What is your gender and who would you like to date?”. As I have already outlined in another comment in this thread, this information has to be shared with the federated network and is already enough to get people into serious trouble should it get into the wrong hands.

Alternatively think about it this way. Would you hand over this kind of information to a total stranger? Would you take on the responsibility of handling data that could literally kill someone if you make a mistake?

You already lost the data at that point and you really don’t want to play roulette with data that has the potential of killing your users. Just imagine what could happen if a gay man from Saudi Arabia joined your instance and that data leaks.

No, data must be shared between instances for federation to make any sense and the operators of other instances don’t necessarily share your views about privacy and security. Lets take for example a matching algorithm like the one OkCupid used to use. You answer some questions and based upon those people are recommended to you. If you want to see people from other instances as well, the answers to the questions must be shared between all federated instances; but at the same time these answers contain private details about you. I don’t think a workable solution to this problem exists, even if you come up with an algorithm that allows you to make decisions on anonymized data. The danger of deanonymization due to a bug is too high.

I would have serious concerns regarding data privacy. You share intimate and very private details about yourself on these apps that could be used for blackmail. I wouldn’t feel comfortable sharing that on a federated network. For example, how would you ensure data isn’t logged by a hostile server operator. A company is at least forced to play lip service to privacy laws. The theoretical operator of fedi-date.ru can do what they want.

Obsidian stores the notes in a well known plaintext format on your computer. They can’t easily hold you hostage like with other closed source apps.

devenv.sh contains invasive telemetry that literally exfiltrates your entire repo to their servers.