Love and Theft: Online Dating Sites Put Daters' Privacy At Risk
That's one way to meet Mr. Right.
CREDIT: Hart Photography/Shutterstock
The millions of people looking for love on Internet dating sites have more to worry about than writing the perfect, just-flirty-enough email to a potential partner; according to a new report from the Electronic Frontier Foundation (EFF), all online dating sites leave their customers' data, and their privacy, dangerously exposed.
"Whether you signed up on a lark or maintained an active profile for years, you may be exposing more information about yourself than you know," EFF activism director Rainey Reitman wrote in the EFF's report, "The Heartbreaking Truth About Online Dating Privacy."
Daters' online profiles, Reitman said, compromise customers' privacy by, in some cases, not deleting profiles, including photos, after the account has been closed, and by selling hordes of uploaded information to online marketers.
Like Facebook, most dating sites don't immediately delete profiles, the EFF found. Ostensibly, dating sites keep profiles dormant in case the person wants to reactivate his or her profile later on.
"But having your data hanging around on a company's servers, even if they aren't actively serving that content to the Web at large, raises a host of privacy issues," Reitman wrote. "The most pressing concern is that information about you may be exposed to future legal requests that might involve a criminal investigation, a divorce case, or even a legal tussle with an insurance company."
In its analysis of the security safeguards in place on eight major dating sites, OkCupid, Match, Zoosk, eHarmony, Lavalife, Plenty of Fish, Adult Friend Finder and Ashley Madison, the EFF found that only Ashley Madison and Adult Friend Finder, two of the, shall we say, more "risqué" sites, delete data after users close their accounts.
Let's say, though, that you're not worried about these future ramifications, and you aren't interested in enlisting Ms. Madison's help to cheat on your significant other — you're just logging on in a coffee shop to see if someone winked at you. What's the harm in that?
The EFF found that none of the sites practiced even rudimentary security practices, such as enabling HTTPS encryption by default. It's an oversight that could allow an attacker to exploit someone's online dating data and harvest their personal information, including email address, password and stored financial details, over a shared or insecure Wi-Fi network.