Users Beware: Many Sites Have Serious Security Holes
San Francisco, CA – Millions of people use Internet dating sites to search for love and connection every day, but it could come a big cost for their privacy and security. The Electronic Frontier Foundation (EFF) has found that many services are taking shortcuts in safeguarding users’ profiles and other sensitive data.
In “Six Heartbreaking Truths About Online Dating Privacy,” EFF identifies serious security holes and counter-intuitive privacy settings that could expose daters’ private information. For example, your dating profile – including your photo – can hang around long after you think you’ve taken yourself off the market. Some sites are also sucking up the vast quantity of data their users share and selling it to online marketers. If you aren’t careful, your profile can also be indexed by Google, perhaps popping up in search results if you have an unusual nickname or other unique ways of describing yourself.
“Whether you signed up on a lark or maintained an active profile for years, you may be exposing more information about yourself than you know,” said EFF Activism Director Rainey Reitman. “There are a number of ways your online dating profile can be connected to your real identity, exposing things like religious and political beliefs, drug and alcohol use, and sexual preferences. That’s why we created this list of the biggest risks, and included some simple tips for online daters who want to protect themselves.”
As part of its campaign to raise awareness about the privacy and security risks on popular online dating sites, EFF analyzed the security practices of eight major sites. Many of the most popular sites, like eHarmony and Match.com, don’t offer secure access through HTTPS by default, and OkCupid doesn’t provide HTTPS access at all. That means every OkCupid username, email, chat session, search, and page viewed are all transmitted in plaintext instead of in encrypted form.
“OkCupid says it can limit who sees your profile – for example, users who identify as gay or bisexual may opt out of being seen by straight people,” said EFF Senior Staff Technologist Seth Schoen. “But without HTTPS, the fact that you identify as gay and don’t want to be seen by some groups is sent in plaintext, making it easy for someone with the right skills to uncover it. Major sites like Twitter and Facebook have implemented HTTPS recently to protect their users. But dating sites like OkCupid are sadly lagging behind.”