Here’s a heads up to the millions of people looking for love on line: Your security and privacy are probably at risk. Many of the most popular dating sites are playing fast and loose with your romantic avatars. Some of them are susceptible to hackers and, to paraphrase a Microsoft cybersecurity expert, anything that you post on line is pretty much permanent after 20 minutes, whether you’ve deleted the file or not.
Still feeling brave? A few more facts, then. Of the most trafficked sites, only Zoosk and the alternative dating site Fetlife offer standard HTTPS encryption, and Fetlife only implemented it after user complaints. Sam Yagam, CEO of the wildly popular OkCupid, has said that his company just doesn’t see a need for encryption because users haven’t asked for it. Well, OK.
Love Over Safety?
Is it possible that users just aren’t paying attention to whether a site’s encrypted or not? Either that, or they don’t care. If you’re at least thinking about the risks, one bit of advice is to avoid surfing for dates when using a shared network. With the birth of Firesheep, even a noob can hack you. A better remedy is to install HTTPS Everywhere, a Firefox add-on created by the Electronic Frontier Foundation and the Tor Project. While you’re at it, email your favorite dating sites requesting HTTPS. As Yagam implies, the better sites listen to their customers.
The EFF says that Adult Friend Finder, Ashley Madison and Lavalife are the only companies that explicitly say they’ll delete your data if you close your account. Given the focus of the first two, that’s particularly reassuring. Most other sites offer what can best be described as vague assurances.
While some people don’t mind having their personal information available for everyone to find, a larger group would prefer some modicum of anonymity. If discretion is important to you, carefully go over your site’s privacy settings. Keeping yourself off of search engines may be as simple as checking a box. WikiLeaks founder Julian Assange, a former OkCupid user, found out the hard way that his requirements for female companionship were just a Google search away.
The same holds true for the headshot you posted, or the pictures of you sweating after your last 60-mile bike ride. They may have a longer life on line than your stated desire to date a guy who’s over six feet tall. Since many sites host user-uploaded photos with content delivery networks, your photos are sitting on an outside company’s servers. The dating site provides an obfuscated URL to anyone allowed to view the images, but removing them from the main site doesn’t always remove them from the CDN. In some cases, anyone who has the destination URL can keep looking at the photos, and potentially hack them.
By the way, if you think we’re being too basic here, remember John McAfee.
As a result, it’s wise to pay attention to your security settings with images as well. Photo identification services make it easy to find pictures that you’ve used on line, and metadata can allow viewers to figure out where the photos were taken. Learn how to disable geo-tagging on your camera or scan the photo before sending it, which should eliminate the information. Even when you post pictures that should appear in no other context, act as if even those images may eventually be able to identify you.
But the most danger may come from a dating site’s smartphone app. Last year an Australian hacker exposed vulnerabilities in sister sites Grindr and Blendr. Both are geared toward anonymous hook-ups, and users often post NSFW photos. Grindr’s Australian site was briefly shut down and the app’s creator, Joel Simkhai, admitted that there were vulnerabilities that needed urgent attention.
Finally, your online dating self is infected with third-party love. Just as more and more social and community websites do, dating sites are gathering all the data they can to sell to advertisers. Nearly all of the bigger sites know which boots you looked at on Zappo’s, that you bought homeopathic indigestion tablets on Amazon, and that you want to date former gymnasts under the age of 35. They’re tracking you and there are few ways around it.
An estimated one in five couples meet on line. Best of luck as you search for a mate. It’s a jungle out there.