Online Dating Sites: Seek Love, Find Privacy Violations

As if dating โ€“ and meeting potential mates online โ€“ weren't tough enough, the Electronic Frontier Foundation (EFF) reports online dating sites come with big holes in security that compromise at least the privacy and possibly the financial security of their users.

EFF points out six major weak points in the security and practices of online dating sites, most of which appeared first among Facebook's menu of privacy eroding and were universally panned, but have never been eliminated.

First, as with Facebook, information you put up on dating sites doesn't remain yours, at least as far as the site's data-purging practices are concerned. Dating profiles remain online for months or years after a member has let a subscription lapse. Theoretically it's necessary to type in the URL to see a photo or profile after it's been deleted from the index, but clever searching can turn up almost any photos or profiles that still exist.

Second, the authentication on most sites isn't what you'd call bulletproof. Grindr -- a mobile app that allows men to find other men looking for sexual partners nearby โ€“ was hacked in a way that allowed the hacker to impersonate other members and view photos, messages and passwords.

The straight version of the app -- Blendr -- appears to have the same weaknesses.

Third, Google spiders your profile, though more for some sites than others. Julian Assange's OKCupid profile showed up in public searches, but many others don't.

Fourth and fifth: Even if you use a fake name, you're likely to be identifiable using TinyEye, Google Image Search, or other photo-search functions. Most sites also package your preferences and profile information (theoretically sans identifying data to sell to marketers).

The last item is the no-hoper, or at least the indication that there isn't much hope of protecting or recovering your privacy once you lose it to an online dating service: HTTPS implementations are supposed to protect a user's browsing history, messages and links to other activity.

EFF's survey of online dating sites found some with only partial support and others with none at all. No HTTPS means if you're browsing wirelessly from a public place you could unknowingly be sharing your hopes of finding a mate with any of your fellow coffee-shop dwellers.

EFF suggests a few solutions, but none are absolute. Some, like reviewing the privacy settings and policies of the sites you use should be routine by now. Settings that are counterintuitive, others that are impossible to find and yet others that change in between visits, exposing standard as they do, make due diligence more difficult, though not impossible.

EFF did put together a handy reference for different sites. The information is good but the result is not. Online dating sites clearly don't have privacy as a priority, even Ashley Madison, the one aimed at married people wanting to have an affair.

If even the skulker's social-networking site doesn't do HTTPS by default, prevent the mixing of secure and insecure content or use secure cookies, it would be too much to expect other sites to do it. Fortunately for those trying mainly to avoid disappointment, it's not necessary to get, your hopes up.

In security at least, especially in online dating sites, you're on your own.

Subscribe to the Security Watch Newsletter

Comments