Slashdot Mirror
Looking For Love; Finding Privacy Violations
itwbennett writes "When you sign up for online dating, there's a certain amount of information you expect to give up, like whether or not your weight is proportional to your height. But you probably don't expect that your profile will remain online long after you stop subscribing to the service. In some cases your photo can be found even after being deleted from the index, according to the electronic frontier foundation (EFF), which identified six major security weaknesses in online dating sites."
In a lot of systems, deleted simply means marked as deleted. What the system does with that information is another matter. Even in a file system, when a file is deleted, it is many times recoverable if it hasn't been overwritten with other data.
Well, without RTFA but going just by the above statement: "even after being deleted from the index..."
Deletion from an index != "being deleted."
If I go into the index of the Encyclopedia Galactica and remove all references to The Mule, the article(s) the index pointed to still exist...
geek. lawyer.
I'm too short for my weight.
Science advances one funeral at a time- Max Planck
"Deleted from the index" does not mean the file was deleted. If I rip the table of contents and index out of a book you could still find each page by flipping through them.
When you put data up on a system you are unable to
physically control, all sorts of things can happen to
that data, including things you might not like, and
in most cases you won't be able to do anything about it.
Facebook, Myspace, all of it is one big steaming pile of
shit and most of you idiots are walking right up and taking
a big bite like it was a tasty meal. Honestly it is impossible
to feel pity for you, because you do it to yourself.
This is actually reassuring in a sick sorta way - I always thought that people working for dating sites combed random sites and osmosed peoples pictures, without consent, as a basis for building fake profiles.
Now, as it turns out, they just keep the pictures from all the people who uploaded to their site and left a day later after they figured it was bullshit.
In my next life months from now, I am making 80K a year, driving an M3, and I'm looking for a woman who knows how to initiate and hold conversations.
My name will be Bryce Johnson, and my occupation will be engineer who loves wine, cheese, and long walks on the beach.
ANYTHING you give up to a website is there for the duration of time. I just figure it will never go away.
Even if you run your own site, don't fool yourself that you can take down the information and it's gone. There are folks that archive web content and sell the historical data for profit. If you are expecting that Facebook or Twitter content can be deleted and it will be gone forever, you are a fool.
I'm always amazed at the number of folks who simply don't understand this, and think that they can delete their Facebook posts and they are gone. So I'm not suprised that data on dating sites might stick around after you are gone.
Don't think I'm right? Check this out: http://www.archive.org/web/web.php
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I have several honeypot email accounts, and one kept getting emails that suggested it was somehow a member of a French on-line dating/introduction service.
The web site had no way to delete one's account, nor did the proprietors respond to emails.
My solution? I logged in and updated "my" personal information. I got nasty, every bit of the sickest crap I could think of.
They pulled my account within the hour. :-)
...laura
I tried a dating site long ago (eHarmony) and I found that they are utterly worthless for finding real relationships with real people. All it does is attract spammers, scammers, and predators. If you want to date, get to know people in your local community. To dating sites, you are just money to be made.
My online dating profiles of course. You see by posting profiles that are completely full of lies I have totally side stepped the security issue! There is no way that anyone can trace my profiles back to a real person.
So nyah nyah nyah to all you suckers how put your real photos and descriptions out there in public - you'll never know who has your information now, while I'm free of any worries at all.
(But please don't remind me that I am posting on /. on a Saturday night)
I am Slashdot. Are you Slashdot as well?
"like whether or not your weight is proportional to your height" Of course it's proportional (unless your height is 0, in which case the proportion is undefined).
He who reflects on another man`s want of breeding, shows he wants it as much himself --Julius Caesar, per Plutarch
It's OK that my picture and profile is still "up" at several dating websites. I don't mind, because I am human and not ashamed of the fact that we must reproduce in order to exist. Thank goodness everything I put up was in good taste. My only regret is posting on several STD dating sites before finding out I didn't have any disease. :D :P
Reading the article it is worse than just the deletion problem. If your profile is on the site ever, it is on google forever. Making it available to google seems like a pretty big breach of trust. You look at a site like OkCupid, that allows users to set their profiles to private. With google and google caching, that setting is bypassed entirely. That is simply a failure on OkCupid's part, they either don't have the technical skill to properly secure their site, or they choose not to despite telling users their info is restricted to other users only. Either way, false advertising.
The best way for a dating site to attract new members is to have a lot of "inventory" in the form of user profiles. Having a larger inventory also means they can ask for more money from advertisers. Again it's a case of "if you aren't paying you aren't the customer, you're the product".
...like whether or not your weight is proportional to your height.
So it's OK if I put on weight as long as I get proportionally taller at the same time?
How can something that was 'deleted' still be available? Obviously, it must not have been deleted.
Do you keep regular backups? When you delete things from your main database, do you also delete them from your backups? If you do, what is the purpose of having backups?
In this particular case, the photos are stored on Content Delivery Networks. Apparently the love websites upload your pictures to those sites, but are sloppy about deleting them when they are done (or maybe the CDNs don't delete them, I couldn't find out from the article).
"First they came for the slanderers and i said nothing."
The thing about that website is that it was free; others have left a very bad impression, the worst one being match.com . I don't know if it has changed since then, but about 1999 I put my details on their site and got an interested email a few hours later. Of course, I couldn't reply, as you had to pay for membership before you could contact anyone. So I paid £5 for a month's subscription and messaged back. I got no reply. I think it was just an automated match.com robot designed to suck in the desperate into paying up. A little while later, I created a sock puppet account with the most repulsive details I could imagine. I got a couple of messages from people who said they were interested and wanted to know more. In my mind, proof that match.com would do anything to make you part with your money. I didn't and it put me off dating sites until a few years later when I happened to read a newspaper article which rekindled my interest.
My web domain.
Things don't "just happen" to my data. What can and can't be done with it, is regulated by the European Data Protection Directive, UK Data Protection Act 1998, and several other laws which reflect European attitudes to the key role of privacy in human rights law.
However there are gaping loopholes:
Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented.
So buried in the terms will be a clause consenting to export my data to a data ghetto such as the United States, and that is where the problems begin.
Isn't weight proportional to cube of height?
That would be the Ponderal Index, which assumes mass is proportional to the cube of height, and has some use in pediatrics. However, non-infant humans don't scale like spheres. Unfortunately, they also don't scale such that mass is proportional to the square of height, which the BMI assumes. A statistical fit to height and weight data for the US yields an exponent of about 2.6 for those aged 2 to 19 years. Note that this exponent slightly underestimates weight for persons shorter than 40" or taller than 65", and slightly overestimates it for those of height from 45" to 60". Apparently, medical underwriters don't rely just on BMI, but assume the Ponderal index has at least as much significance in assessing health risks from weight.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Sadly a lot of these sites are either filled with scammers or datamine and spam the living hell out of anyone that signs up, i should know as i deal with a lot of folks that have gotten their first computer so I have to warn them and be on the lookout for them as they learn the ropes. Its made all the harder to warn folks because it seems like everybody knows someone who found their current SO through online, hell that's where I got my GF of 4 years, I signed up to get one of my buds to STFU about the stupid site and my little Cherokee princess saw I was a PC guy and asked if I could help her fix the sound on her desktop. I would have never met her IRL since we didn't travel in the same circles but my family just loves her to pieces and we've been happily together ever since.
So if you know anyone that is new to computers or are starting online dating please have them look at a site like Romance Scams so they can see what to watch out for, i know one of the mods and they are good folks just trying to warn the folks about how slick these new scams are. Like the malware I have to deal with daily it seems they get better and smarter at this each year and become harder for those that aren't alert to spot.
ACs don't waste your time replying, your posts are never seen by me.
Make sure you choose a good picture, because it's going to be online long after you're gone :)
Hey! I found my wife on-line. She did a who command and saw that I was on the server so she talked me.
Of course this was back in '95 and we were dialed up to a Unix box with a shell account, what passed for Internet access back then. I was using telex.exe and Norton Commander on my DOS box.
Damn, coming up on 17 years soon.
-- I have a private email server in my basement.
I met my wife through Match.Com. We've been together now for just shy of 7 years. I pinged her the day after she had decided decided to pull her profile and let her account lapse. Fortunately, she hadn't yet gotten around to it when my forwarded email arrived in her inbox. She told me later that I intrigued her so much she re-subscribed just to reply.
We spent a week and a lot of emails back and forth before we agreed to meet for a quick dinner date. Three and a half hours into what was supposed to be less than an hour, we knew we were on to something good. :-)
Now, we had several factors working in our favor. First, we were both in our 40s so we had enough life experience to spot the obvious predators. Second, we were both coming off long term first marriages that had failed partially due to a lack of honest communication on our partners' part so we were prepared to be up front about our expectations. Third, both of us were prepared to just let the relationship develop naturally and not force it. Fourth, we had both followed up a few contacts on the site already (she more than me, actually) so we had a pretty good idea about how online communication can sometimes obscure true intent.
My advice would be to treat online dating as just one more option to meeting people. If things click between you and someone else, great! If not, in many ways it's a lot easier to walk away from an online relationship gone bad than, say, someone you met at work, at church, or your favorite local watering hole.
Data retention laws only apply to things you are required to keep. You can keep any information that your customers allow you to collect. And you can be subpoenaed for any information that you do collect. But only information that you are required to keep has a legally mandated retention period.
I'm surprised more businesses don't realize the legal obligations that they take on when they collect unnecessary information on their customers. Note ISPs that refuse to keep anything beyond essential logging because keeping it entails a liability to the company. And it's not just law enforcement, the act of collecting can put you under civil requirements and liabilities, for example, PCI.
I can think of very little, if any, customer data that a dating web site would be required to keep. But once you start collecting associations and communications, ala Facebook, then you can expect law enforcement to take interest. Even collecting innocuous things like who visited a profile (something OkCupid and even LinkedIn track) could be used for tracking 'terrorism'.
A big factor on social web sites is ownership. If you pay GoDaddy hosting they are not responsible for data retention on your site. In fact, they may not do any kind of backups at all on your site. Web hosting companies consider it to be your data, thus your responsibility. Social web sites, OTOH, consider your profile to be their data. They only thing that will force them to delete something they consider a business advantage are privacy laws that are virtually non-existent because governments see the value of having access to information they don't have to collect or store.
Another day, another update to a Google android app.
Try deleting your Slashdot account.
Why, do you have something to hide? A pro-Microsoft comment made when you were young and needed the money?
To have a right to do a thing is not at all the same as to be right in doing it