Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Looking For Love? Don't Trust Online Dating Sites

When it comes to how dating websites secure and share information about their users, be sure to read the fine print, and don't be afraid to walk away.

Beware online dating websites, at least when it comes to their data privacy practices.

That warning comes by way of the Electronic Frontier Foundation (EFF), a non-profit group devoted to protecting digital rights. According to the organization, numerous dating sites--which are for-profit businesses, after all--sell data on their customers to third parties, including Google and Facebook. Furthermore, many online dating sites suffer from poor information security practices and may not delete profiles or images in a timely manner.

Online dating websites may also allow third-party search engines to index your profile. Notably, a public profile for Julian Assange, the editor in chief of WikiLeaks, was discovered in late 2010 on the free dating website OkCupid. While the site allows users to disable such indexing, even the privacy obsessed Assange apparently didn't realize that by default, all profiles are public.

[ Facebook and other social networking sites don't do enough to protect privacy, say users. See Social Media Survey: Privacy, Security Concerns Persist. ]

People might also be surprised to find that some online dating website profiles are being sold en masse to third parties. "Often, this transaction is gift-wrapped with the promise that your individual data is 'anonymized' or sold in aggregate form, yet users should be wary of such promises," said Rainey Reitman, EFF activism director, in a blog post. "Using data from social networking sites sold to advertisers, Stanford researcher Arvind Narayanan demonstrated that it's hard to truly anonymize data before it's packaged and sold."

The data being shared may also give people pause. Notably, Stanford computer science graduate student Jonathan Mayer last year released a study showing that OkCupid was selling or sharing user information with almost 30 third-party companies. That finding came from Mayer's review of the information-sharing practices of the top 250 websites listed on Quantcast.

All told, he found that 61% of the websites in his sample shared a username or user ID with a third-party website. Those third-party sites were ComScore (for 44% of the top 250 websites), Google Analytics (42%), Quantcast (34%), Google Advertising (34%), and Facebook (24%). In the case of OkCupid, shared information also included everything from age and religion to details about pets and frequency of drinking or smoking.

Leave it to a digital rights group to pour cold water on potential Valentine's Day romance? Perhaps, but by keeping an eye on online privacy practices for dating websites may offer people better long-term satisfaction.

One place to start is by reviewing a company's privacy policies to see what it promises. Also look at a company's information security history. One case in point is Grindr, a mobile app that's been embraced by the gay community. On Jan. 20, the company confirmed that there was a vulnerability in its software that could allow an attacker to access photos and messages and impersonate other users, and promised a fix "over the next few days." The company ultimately released a fix on February 10. But in the interim, security experts had recommended that the site's 3 million users temporarily delete their Grindr profiles.

Also check whether dating websites have implemented HTTPS to secure Web sessions, especially against local attackers who are sniffing packets, for example by using a tool such as Firesheep. "Our recent survey of major online dating sites found that most of them were not properly implementing HTTPS," said EFF's Reitman. "Some online dating sites offer partial support for HTTPS, and some offer none at all. This leaves user data exposed."

One Firefox plug-in that can help, she said, is HTTPS Everywhere, which is maintained by the Tor Project and EFF. The tool automatically enables HTTPS for any site that offers it. "As more dating sites begin to provide support for HTTPS, we'll expand the ruleset for HTTPS Everywhere to include those sites so you'll be better protected."

There are no silver bullets when it comes to protecting company and customer data from loss or theft, but there are technological and procedural systems that will go a long way toward preventing a WikiLeaks-like data dump. Download our How To Prevent An Online Data Dump report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GabrielC860
50%
50%
GabrielC860,
User Rank: Apprentice
8/9/2015 | 6:03:19 AM
re: Looking For Love? Don't Trust Online Dating Sites
hi there,it is very true all they are interest in is your money,and are full of scams the woman that you are into you are talking to a differnt woman all together, i know i was caught by the scam because i was new to the dating site at the time because you see the picture of the woman  that you would like to spend your life with,but you are not talking to her at all a compleatly differant woman ok all the best,gabriel.♥ 
Bprince
50%
50%
Bprince,
User Rank: Ninja
2/15/2012 | 3:11:41 AM
re: Looking For Love? Don't Trust Online Dating Sites
Good advice would also be for people to read the terms of service before uploading any information.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1842
PUBLISHED: 2020-02-18
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Succe...
CVE-2020-8010
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CVE-2020-8011
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
CVE-2020-8012
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
CVE-2020-1791
PUBLISHED: 2020-02-18
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode.