Contributed by: ElyseRomano Tuesday, December 03 2013 @ 09:02 pm
Are you concerned about your privacy when you use online dating sites? EFF is, and you should be too.
What is EFF? EFF is the Electronic Frontier Foundation, an organization dedicated to confronting cutting-edge issues defending free speech, privacy, innovation, and consumer rights in today's digital world. Of course, no discussion of today's digital world would be complete without a conversation about online dating sites. When EFF examined eight popular online dating sites to see how well they safeguard user privacy, they found that the majority of the sites tested did not take even basic security precautions.
We already took a look at how well the two most popular free dating sites, Plenty of Fish and OkCupid, performed on EFF's tests, and the results were less than stellar. Now the question is: does paying for a dating service guarantee better protection of your privacy? Let's take a look at how major dating sites eHarmony and Match stacked up against the freebies...
Neither Match nor eHarmony uses HTTPS, standard Web encryption, by default. By failing to use HTTPS, these sites expose their users to eavesdroppers when accessed from shared networks. All it takes is free software such as Wireshark for someone to access data that is transmitted in plaintext. This is potentially worrisome on any website, but it's particularly distressing on dating sites where information of a sensitive nature is routinely posted.
The next factor tested by EFF was whether or not the sites are free of mixed content. Mixed content is a problem that occurs when the site is primarily secured with HTTPS, but delivers part of its content over an insecure connection. Even if a page is encrypted over HTTPS, it may still be possible for an eavesdropper to access portions of the page if it displays mixed content. In some cases, EFF warns, a sophisticated attacker could even rewrite the entire page. Both eHarmony and Match contain mixed content.
EFF also tested whether the sites use secure cookies or HSTS. Failing to use secure cookies, which both eHarmony and Match are guilty of, can expose users to session hijacking. HSTS (HTTPS Strict Transport Security) can be used to request the use of HTTPS when communicating with a specific website. The user's browser will remember this request and automatically turn on HTTPS when connecting to the site in the future. Once again, both Match and eHarmony failed to employ HSTS.
Finally, EFF investigated the sites' policies on deleting data after the closure of a user's account. eHarmony's policy was deemed "vague," while on Match.com the fate of a user's information wasn't discussed at all.
So, where privacy is concerned, does it pay to pay? According to EFF, the answer is no. There is no significant difference between free dating sites and paid dating sites when it comes to privacy and security practices.