Is Your Sex Life Really Private? The Truth About Online Dating Sites
Stay up to date with the latest headlines via email.
There are an estimated 1,500 dating sites on the web, promising everything from the delivery of a soulmate (Match.com, eHarmony) to casual sex partners located within walking distance (Grindr).
In the process of helping millions of Americans get married or get laid (or get laid by married people, like adultery themed AshleyMadison.com), dating sites amass huge amounts of private data about their users. And according to a new report by the Electronic Frontier Foundation, they do a really bad job of keeping it private, leaving personal information like sexual identity and relationship history obtainable by such diverse parties as the courts, future employers, advertising companies, and hackers.
To begin with, many sites fail to maintain the minimum level of security that could dissuade a not especially skilled hacker from logging onto someone's profile and stealing their information, or nightmarishly, posing as them and sending messages through their account. All an enterprising computer vandal needs to do is be on the same open network as someone logged into their dating profile.
"Given the lack of security on most dating sites, it would be a trivial matter for someone with mediocre skill to spy on your activity or take over your entire account if you log on to many dating sites using shared wifi account, like when you are in a hotel, coffee shop, or library," Rainey Reitman, EFF's activism director, tells AlterNet.
While banks, for example, use HTTPS encryption to guard user passwords, many dating sites don't use the technology as their default. OKCupid doesn't offer it at all, an oversight that can expose information users mistakingly think they've categorized as restricted access.
"OkCupid says it can limit who sees your profile – for example, users who identify as gay or bisexual may opt out of being seen by straight people," said EFF technologist Seth Schoen in a press release. "But without HTTPS, the fact that you identify as gay and don't want to be seen by some groups is sent in plain text, making it easy for someone with the right skills to uncover it."
In January, a hacker broke into Grindr, a smartphone app equipped with GPS tracking that alerts gay men looking to hook up with others nearby, accessing private messages, IM chats and pictures of users -- and posting them to a Web site (which has since been taken down). The Sidney Morning Herald spoke with an anonymous security expert who said that " they had no real security." The company is working to plug the security gap but has not come up with a solution yet.
The Grindr fiasco is an extreme example, but a catastrophic data breach is not required for personal information to haunt users in unpredictable ways. For one thing, many people likely assume that deleting their profile purges their information from the site. It doesn't. As EFF points out, dating networks have an incentive to keep the information in case the user comes back -- or in case they want to make some cash selling it off to data aggregation companies, which, like most social networking sites, they generally do.
"The operators of these sites cull vast amounts of data from users (age, interests, ethnicity, religion, etc.), then package it up and lend or sell the data to online marketers or affiliates," reads the EFF report. OK Cupid in particular has been called out for selling personal information without even trying to make it anonymous. Jonathan Mayer, at the Center for Internet and Society found that the site sold lifestyle information like education levels, religion, whether the user had kids or pets, and how often they drink and smoke, and where they live to data aggregation company Lokame, which packages user data for advertisers. (The dating site did not reply to a request for comment.)