Looking For Love? Dont Trust Online Dating Sites

When it comes to how dating websites secure and share information about their users, be sure to read the fine print, and dont be afraid to walk away.

Beware online dating websites, at least when it comes to their data privacy practices.
That warning comes by way of the Electronic Frontier Foundation (EFF), a non-profit group devoted to protecting digital rights. According to the organization, numerous dating sites--which are for-profit businesses, after all--sell data on their customers to third parties, including Google and Facebook. Furthermore, many online dating sites suffer from
poor information security practices
and may not delete profiles or images in a timely manner.
Online dating websites may also allow third-party search engines to index your profile. Notably, a public profile for Julian Assange, the editor in chief of WikiLeaks, was discovered in late 2010 on the free dating website OkCupid. While the site allows users to disable such indexing, even the
privacy obsessed Assange
apparently didnt realize that by default, all profiles are public.
[ Facebook and other social networking sites dont do enough to protect privacy, say users. See
Social Media Survey: Privacy, Security Concerns Persist
. ]
People might also be surprised to find that some online dating website profiles are being
sold en masse
to third parties. Often, this transaction is gift-wrapped with the promise that your individual data is anonymized or sold in aggregate form, yet users should be wary of such promises,
said Rainey Reitman
, EFF activism director, in a blog post. Using data from social networking sites sold to advertisers, Stanford researcher Arvind Narayanan demonstrated that its hard to truly anonymize data before its packaged and sold.
The data being shared may also give people pause. Notably, Stanford computer science graduate student Jonathan Mayer last year released a study showing that OkCupid was selling or sharing user information with almost 30 third-party companies. That finding came from Mayers review of the information-sharing practices of the
top 250 websites listed on Quantcast
.
All told, he found that 61% of the websites in his sample shared a username or user ID with a third-party website. Those third-party sites were ComScore (for 44% of the top 250 websites), Google Analytics (42%), Quantcast (34%), Google Advertising (34%), and Facebook (24%). In the case of OkCupid, shared information also included everything from age and religion to details about pets and frequency of drinking or smoking.
Leave it to a digital rights group to pour cold water on potential Valentines Day romance? Perhaps, but by keeping an eye on online privacy practices for dating websites may offer people better long-term satisfaction.
One place to start is by reviewing a companys privacy policies to see what it promises. Also look at a companys information security history. One case in point is Grindr, a mobile app thats been embraced by the gay community. On Jan. 20, the company confirmed that there was a vulnerability in its software that could allow an attacker to access photos and messages and impersonate other users, and promised a fix over the next few days. The company ultimately released a fix on February 10. But in the interim, security experts had recommended that the sites 3 million users
temporarily delete their Grindr profiles
.
Also check whether dating websites have implemented HTTPS to secure Web sessions, especially against local attackers who are sniffing packets, for example by using a tool such as
Firesheep
. Our recent survey of major online dating sites found that most of them were not properly implementing HTTPS, said EFFs Reitman. Some online dating sites offer partial support for HTTPS, and some offer none at all. This leaves user data exposed.
One Firefox plug-in that can help, she said, is
HTTPS Everywhere
, which is maintained by the Tor Project and EFF. The tool automatically enables HTTPS for any site that offers it. As more dating sites begin to provide support for HTTPS, well expand the ruleset for HTTPS Everywhere to include those sites so youll be better protected.
There are no silver bullets when it comes to protecting company and customer data from loss or theft, but there are technological and procedural systems that will go a long way toward preventing a WikiLeaks-like data dump. Download our
How To Prevent An Online Data Dump
report. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Looking For Love? Dont Trust Online Dating Sites