updated 2/14/2012 12:52:17 PM ET 2012-02-14T17:52:17

The millions of people looking for love on Internet dating sites have more to worry about than writing the perfect, just-flirty-enough email to a potential partner; according to a new report from the Electronic Frontier Foundation (EFF), all online dating sites leave their customers' data, and their privacy, dangerously exposed.

"Whether you signed up on a lark or maintained an active profile for years, you may be exposing more information about yourself than you know," EFF activism director Rainey Reitman wrote in the EFF's report, "The Heartbreaking Truth About Online Dating Privacy."

Daters' online profiles, Reitman said, compromise customers' privacy by, in some cases, not deleting profiles, including photos, after the account has been closed, and by selling hordes of uploaded information to online marketers.

Like Facebook, most dating sites don't immediately delete profiles, the EFF found. Ostensibly, dating sites keep profiles dormant in case the person wants to reactivate his or her profile later on.

[Social 'Shadow Profiles' Mirror Your Real-Life Existence]

"But having your data hanging around on a company's servers, even if they aren't actively serving that content to the Web at large, raises a host of privacy issues," Reitman wrote. "The most pressing concern is that information about you may be exposed to future legal requests that might involve a criminal investigation, a divorce case, or even a legal tussle with an insurance company."

In its analysis of the security safeguards in place on eight major dating sites, OkCupid, Match, Zoosk, eHarmony, Lavalife, Plenty of Fish, Adult Friend Finder and Ashley Madison, the EFF found that only Ashley Madison and Adult Friend Finder, two of the, shall we say, more "risqué" sites, delete data after users close their accounts.

Let's say, though, that you're not worried about these future ramifications, and you aren't interested in enlisting Ms. Madison's help to cheat on your significant other — you're just logging on in a coffee shop to see if someone winked at you. What's the harm in that?

The EFF found that none of the sites practiced even rudimentary security practices, such as enabling HTTPS encryption  by default. It's an oversight that could allow an attacker to exploit someone's online dating data and harvest their personal information, including email address, password and stored financial details, over a shared or insecure Wi-Fi network.

The EFF warns online daters to examine a dating site's privacy policy before signing up, and using a disposable email address to keep your "real" life and your "dating" life as separate as possible. The EFF also recommends avoiding paid websites and implementing HTTPS Everywhere, a Firefox add-on that automatically encrypts HTTP Web connections.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments