Is Your Sex Life Really Private? The Truth About Online Dating Sites
There are an estimated 1,500 dating sites on the web, promising everything from the delivery of a soulmate (Match.com, eHarmony) to casual sex partners located within walking distance (Grindr).
In the process of helping millions of Americans get married or get laid (or get laid by married people, like adultery themed AshleyMadison.com), dating sites amass huge amounts of private data about their users. And according to a new report by the Electronic Frontier Foundation, they do a really bad job of keeping it private, leaving personal information like sexual identity and relationship history obtainable by such diverse parties as the courts, future employers, advertising companies, and hackers.
To begin with, many sites fail to maintain the minimum level of security that could dissuade a not especially skilled hacker from logging onto someone's profile and stealing their information, or nightmarishly, posing as them and sending messages through their account. All an enterprising computer vandal needs to do is be on the same open network as someone logged into their dating profile.
"Given the lack of security on most dating sites, it would be a trivial matter for someone with mediocre skill to spy on your activity or take over your entire account if you log on to many dating sites using shared wifi account, like when you are in a hotel, coffee shop, or library," Rainey Reitman, EFF's activism director, tells AlterNet.
While banks, for example, use HTTPS encryption to guard user passwords, many dating sites don't use the technology as their default. OKCupid doesn't offer it at all, an oversight that can expose information users mistakingly think they've categorized as restricted access.
"OkCupid says it can limit who sees your profile – for example, users who identify as gay or bisexual may opt out of being seen by straight people," said EFF technologist Seth Schoen in a press release. "But without HTTPS, the fact that you identify as gay and don't want to be seen by some groups is sent in plain text, making it easy for someone with the right skills to uncover it."
In January, a hacker broke into Grindr, a smartphone app equipped with GPS tracking that alerts gay men looking to hook up with others nearby, accessing private messages, IM chats and pictures of users -- and posting them to a Web site (which has since been taken down). The Sidney Morning Herald spoke with an anonymous security expert who said that "they had no real security." The company is working to plug the security gap but has not come up with a solution yet.
The Grindr fiasco is an extreme example, but a catastrophic data breach is not required for personal information to haunt users in unpredictable ways. For one thing, many people likely assume that deleting their profile purges their information from the site. It doesn't. As EFF points out, dating networks have an incentive to keep the information in case the user comes back -- or in case they want to make some cash selling it off to data aggregation companies, which, like most social networking sites, they generally do.
"The operators of these sites cull vast amounts of data from users (age, interests, ethnicity, religion, etc.), then package it up and lend or sell the data to online marketers or affiliates," reads the EFF report. OK Cupid in particular has been called out for selling personal information without even trying to make it anonymous. Jonathan Mayer, at the Center for Internet and Society found that the site sold lifestyle information like education levels, religion, whether the user had kids or pets, and how often they drink and smoke, and where they live to data aggregation company Lokame, which packages user data for advertisers. (The dating site did not reply to a request for comment.)
But advertisers are not the only interested party that might come across how much booze you drink. Thanks to the lack of precautions like HTTPS protection, the information contained in both active and ghost accounts can surface in surprising ways. How would that Ashley Madison adultery account play during a nasty divorce?
In a piece for Computer World, Robert L. Mitchell points out that users would be wise to get to know the sites' privacy policies. "Ideally, you should have a good idea what will happen if the site is presented with a subpoena or court order."
But even sites that promise not to give it up for a subpoena can't fully protect the data, Mitchell explains in his piece, citing lawyer and privacy expert Jonathan Sablone:
"If there's information within that database that may be relevant to a divorce proceeding, then through a court order, it's possible to obtain that. If the court issues an order, you've got to do it" [says Sablone]. While businesses routinely delete old records to protect themselves from future legal discovery requests, many online dating sites don't. "The danger of retaining information longer [than is necessary] is that it opens the door for legal processes down the road," says Sablone.
There's also a multitude of ways that information from a seemingly private profile can be revealed on the web. EFF points out that photos from Web sites can end up in Google Image search, revealing the identity of a user trying to stay anonymous by using a psuedonym (increasing advances in facial recognition technology will make it easier and easier for a person's identity to be ascertained with just a picture). Sites with public profiles allow a user's info to be indexed by Google.
"So think hard about how you’d feel if a potential employer or acquaintance found personal data about you on a dating site. This might be a particular concern for individuals who use niche dating sites, such as HIV-positive or queer dating sites," warns the EFF.
Meanwhile, existing laws are not even close to adequate. The Electronic Communications Privacy Act, which deals with government intrusions, was enacted in 1986.
Court decisions tend to benefit tech companies and aggregators over users. In the 2001 In Re DoubleClick case, highlighted by Lori Andrews in her book, a judge argued in part that a data aggregator was not liable for accessing private information stored on a computer because their intent was to make a profit, rather than commit a crime.
"If someone broke into my house and put a videocam in my bedroom, would we really let him get away with it if he said, I wasn't intending to invade your privacy, I just run a business where we sell sex tapes?" Andrews says, putting the decision in perspective.
The Computer Fraud and Abuse Act, which makes it illegal to break into a computer to access information cannot apply to data aggregators because the person suing must prove a direct hit of $5,000 as a result, Andrews says. The Stored Communications Act, which prohibits accessing stored electronic information, also doesn't do the trick, even though it seems like a natural guard against cookies and other mechanisms for pulling users' data. Courts have interpreted the law in such a way that if a Web site (Facebook, OkCupid) gives consent for a user's information to be tracked by another site (data aggregation company), users whose information is being shared can't sue, says Andrews.
On February 23, the Obama administration released a proposal for an online privacy "bill of rights," calling for technology companies and consumer groups to come up with regulations that would protect consumers. A few big ones signaled that they'd agree to a Do Not Track option, but critics pointed out that the move was basically a promise for self-regulation (and effective self-policing on privacy issues is not something online companies are well known for).
"This is a big step in the right direction for securing user privacy rights in the digital environment, but we’ve still got a long way to go. And, unfortunately, it looks like online advertisers are already working to water down the Do Not Track protections," wrote Reitman in an EFF press release about Do Not Track.
"In general, technology is moving faster than the law," Reitman told AlterNet in an earlier interview. "That means that there are often gaps between user expectations about how their data will be safeguarded and how the law actually works to protect them."