Friday, February 10, 2012

As if dating – and meeting potential mates online – weren't tough enough, the Electronic Frontier Foundation (EFF) reports online dating sites come with big holes in security that compromise at least the privacy and possibly the financial security of their users.

EFF points out six major weak points in the security and practices of online dating sites, most of which appeared first among Facebook's menu of privacy eroding and were universally panned, but have never been eliminated.

First, as with Facebook, information you put up on dating sites doesn't remain yours, at least as far as the site's data-purging practices are concerned. Dating profiles remain online for months or years after a member has let a subscription lapse. Theoretically it's necessary to type in the URL to see a photo or profile after it's been deleted from the index, but clever searching can turn up almost any photos or profiles that still exist.

Second, the authentication on most sites isn't what you'd call bulletproof. Grindr – a mobile app that allows men to find other men looking for sexual partners nearby – was hacked in a way that allowed the hacker to impersonate other members and view photos, messages and passwords.

The straight version of the app – Blendr – appears to have the same weaknesses.

Third, Google spiders your profile, though more for some sites than others. Julian Assange's OKCupid profile showed up in public searches, but many others don't.

Fourth and fifth: Even if you use a fake name, you're likely to be identifiable using TinyEye, Google Image Search or other photo-search functions. Most sites also package your preferences and profile information (theoretically sans identifying data to sell to marketers)...