Just in time for Valentine’s Day, the privacy watchdogs over at the Electronic Frontier Foundation have put together a guide for those tempted to dance the algorithm electric. Their findings: online dating services may be getting around with your personal data.
Leading online dating sites hold onto customers’ data, including profiles and photos, even after those customers have deleted them, EFF found. The report is just the latest to raise alarms about the data retention and privacy policies employed by burgeoning social networks, including Facebook.
Dating sites may hold onto profiles after a user believes he or she has deleted it to make it easier for users who have second thoughts to reactivate their account. Its harder to explain away the sites’ poor data security, EFF said. Dating sites reviewed by EFF had failed to implement HTTPS – or secure HTTP- leaving users vulnerable to man in the middle attacks, especially on insecure WiFi hotspots. Worse still, many of the sites have been shown to be riddled with security holes. In a recent incident, the Web site Grindr was compromised, allowing attackers to impersonate other users on the network, which connects gay men with potential partners. The Web site for PlentyOfFish, was also rumored to be the target of an attack that compromised the personal information of its 30 million users, according to published reports.
The EFF recommends that users of online dating sites should first make sure that their dating profile isn’t publicly indexed by Google. Users who want to maintain a separation between their real life and online dating profile also want to be careful about the photos they upload. Image search and facial recognition technologies are becoming more accurate, allowing motivated parties to use photos and other data to connect multiple online personas that may belong to the same person.
Finally, the EFF cautions users about the sale of their personal data to third-party marketing companies, which, depending on the privacy policy everyone must agree to you, is used anonymously or not-so-anonymously to target advertisements.