Researchers Release Profile Data on 70,000 OkCupid Users Without Permission

An anonymous users shares a Vox report: A group of researchers has released a data set on nearly 70,000 users of the online dating site OkCupid. The data dump breaks the cardinal rule of social science research ethics: It took identifiable personal data without permission. The information -- while publicly available to OkCupid users -- was collected by Danish researchers who never contacted OkCupid or its clientele about using it. The data, collected from November 2014 to March 2015, includes user names, ages, gender, religion, and personality traits, as well as answers to the personal questions the site asks to help match potential mates. The users hail from a few dozen countries around the world. The researchers, Emil Kirkegaard, Oliver Nordbjerg, and Julius Daugbjerg ran software to "scrape" the information off OkCupid's website and then uploaded the data onto the Open Science Framework, an online forum where researchers are encouraged to share raw data to increase transparency and collaboration across social science.

Bullshit

The data was already public! What are you whining about?

Re:Bullshit

[ShanghaiBill]

The data was already public!

Also, only a moron would use their real name to create a profile on OkCupid. I met my wife on Match.com, and she didn't tell me her real name until our 2nd date. Many of these sites specifically recommend that you don't use your real name, and that you don't reuse a photo that is already online, since someone could then use Google Image search to find your Facebook profile.

Re:Bullshit

[gweihir]

a) It was not public. Access required an account (with associated agreement to their TOS).
b) European privacy laws says the data belongs to the users, and each one has to explicitly agree to its uses

This was a criminal act. At the very least these people should lose their academic titles or hope of getting one.

Re:Bullshit

[angel'o'sphere]

Actually I met a greek woman living in Germany (via ok cupid). She used her real name and was surprised that I did not. She was absolutely not aware that basically no one is using his real name on a web site, except perhaps Facebook or Linked in.
She was not dumb, the idea to use a nick simply never occurred to her.

On the other hand she was a bit strange ... she is a teacher for greek and ancient greek. While talking about the subjects she emphasized that greek is so complicated for foreigners because it has three genders. So I pointed out there are plenty of languages which have. She looked surprised and asked for an example. I said: e.g. German? She contemplated nearly a minute and then very surprised said: "Yes, true! German also has three genders!"

She spoke perfect german! And she never realized german has three genders just like greek!

The funny thing is: certain stuff is switching gender from language to language. E.g. a cat is female in german but male in french/italian. Or the moon, is female in latin languages and male in germanic languages. So it must have been a topic during her german learning ... nevertheless she never realized it.

Re: Bullshit

You can't be stripped of an academic title. It isn't like having a license to practice law, or medicine.

Re:Bullshit

[Opportunist]

Just to give everyone an example how fucked up genders are in German, and why it's nontrivial to learn for a foreigner: The simple sentence "The girl puts the milk on the table" would be in German, using pronouns, "It puts her on him".

Re:Bullshit

[angel'o'sphere]

"It^H^HShe puts her on him"

I would not call it fucked up.

English simply "degenerated" in to a very simple language.

Many asian languages are even more simple, but still you make fun about asians who speak "bad english" because "your english language" is "fucked up".

Advice: don't make fun about people who speak bad english! Because, they speak a second language!

Re:Bullshit

It rubs the lotion on its skin. -PCP

Re:Bullshit

Great, now North Carolina will outlaw speaking German.

Re:Bullshit

[mschuyler]

DAS Madchen: IT.

Re: Bullshit

[LionMage]

Actually, your correction is incorrect. The German word for a young girl is neuter, not feminine. Thus, the previous commenter is correct â" "It put her on him." No need for the hypercorrection.

Yes, I actually took 4 years of German in high school. You really have to wonder about a culture that refers to little girls as "it."

Re:Bullshit

[angel'o'sphere]

Yes, but he removed "das maedchen" so it is a she and not an it. As the person who is doing the action is female.

Re: Bullshit

And this is why EU privacy laws are bullshit. They're terribly written and with awful consequences. That could apply to Google indexing pages and calculating statistics that include pages with personally identifiable information. Redistributing the data may be an intellectual property issue, but it's not a privacy issue when the data are made publicly available.

Re: Bullshit

[angel'o'sphere]

Yes, I actually took 4 years of German in high school. You really have to wonder about a culture that refers to little girls as "it."

You don't refer to little girls as "it". Only the word "Maedchen" has the gender of neutrum. The person which is a girl is female. So to refer to the person you usually are using the articles fitting to the person.

Hence I corrected his "flaw".

Side note: I'm german. You only say "it" or "das" in german if you actually use the word "Maedchen". If you refer to her otherwise it is a she.

Same problem with animals: the dog is male "der Hund", the cat is female "die Katze", nevertheless both animals obviously have a female and a male version and when you refer to a particular one you use "er" or "sie" as in "he" or "she" ... and not "it" as in english.

E.g. if I have a female dog, look above, a dog is "male", with name Sally, and I brag about how smart _she_ is, I use _she_ not "it" as in english and not "he" or "der" because it is a difference between the gender of a word and the gender of a thing that is addressed with that word/concept.

Of course you can most of the time simply refer to dogs as "he's" and to cats as "she's" if you don't care about the particular gender.

Going back the the "Maedchen" topic, if one asks you: "did you see the Maedchen riding the red bike?" you can answer in both ways: "yes, I saw _it_ riding that way" referring to the word "Maedchen" or you answer "yes, _she_ was riding that way" referring to the fact that the "person" is female. I guess people would use both variants equally often.

Re: Bullshit

[WarJolt]

You can be fired and unofficially blacklisted. Academia can be more political than D.C.

Re: Bullshit

[gweihir]

You are wrong. The university that gave you that title can remove it under certain circumstances, such as when you have damaged the reputation of the field it is in. I know, for example, of a PhD Lawyer that lost his PhD after being caught robbing a bank. It is not a legal procedure, it is an academic procedure. You may seek legal redress, but that usually fails. The same can happen when it turns out you falsified results.

Re: Bullshit

That's bullshit. If you fabricated results, that means you didn't deserve the PhD in the first place. Removing the PhD then is more like saying the degree wasn't properly awarded to begin with. That's reasonable. While robbing a bank is a criminal act, it doesn't invalidate the work done to obtain the degree. The degree should continue to be valid. It would be reasonable to disbar a lawyer who committed such an act and for the university to disassociate themselves from the individual. But the degree should be valid, regardless, in that case.

Re: Bullshit

[Panoptes]

"You really have to wonder about a culture that refers to little girls as "it."

Gender (grammatical) has nothing to do with gender (sex), as any fule kno.

Re:Bullshit

[BarbaraHudson]

If you think that's screwed up, consider that soutien-gorge (bra) is a masculine noun.

Re:Bullshit

[BarbaraHudson]

European privacy laws don't have jurisdiction inside the USA. Why do you think people are moving servers to Europe for better data protection? This has been covered lots of times. You must be new here. Who'd you buy your user account from?

Re: Bullshit

Slavic languages also have genders, not only on nouns but also on verbs, adverbs and adjectives, usually 3, sometimes more, but it is fun to hear how an American or a Brit mangles them brutality, while a Chinese or Japanese speaks those perfectly in less than 1 year

Re:Bullshit

No, it's an it. Last time I was out with German speakers that came up. The person is female the same way that a fraulein is a woman, but both are neuter in German because of their endings.

Hats are masculine for whatever reason, hence "Mein Hut, er hat drei ecke." Literally, my hat, he has 3 corners. Even though the idea that a hat has a sex is ridiculous, the word itself has a grammatical gender and one that you ought to get right if you want to speak properly.

Re: Bullshit

Strictly speaking, that depends on how you structure the sentence. If you're using a relative clause, then you're stuck using "it" otherwise you're not using correct grammar. You'd likely still be understood, but it's not correct.

However, if you use a different grammatical structure, you could use she and still be correct. You're example is technically correct, but stripping out the German is a tad misleading as you could communicate the same idea with both pronouns correctly in German depending upon the grammatical structures you choose to use.

Re:Bullshit

Eliminating gender-specific semantics when making statements about things that do not have genders is not "degeneration." It is progress.

Tables do not have genders. It doesn't make any sense at all. Tables don't breed, for God's sake. By any reasonable definition of "gender," tables simply don't qualify. So it harmfully over-complicates communication if you must refer to a table as if it has a gender, and change other words around it to reflect this fact. It is outright stupid.

People have genders. Many animals have genders. Some plants even have genders. All for clear biological reasons. When referencing their genders adds clarity, the language should do so. In all other cases, it should not.

Re: Bullshit

You have just shown that gender (grammatical) is so far removed from reality (sex) that it only harms communication. Complexity is harmful. Any introduction of complexity must be justified by an over-compensating value-add. A grammatical structure that has gender for no damn reason at all is not just worthless, but damaging.

Re: Bullshit

RTFS. The researchers were Danish. OkCupid has some European users. EU laws apply when European researchers are misusing data from Europeans.

Re:Bullshit

This ABSOLUTELY PALES in comparison to how OkCupid, Match and POF are selling and sharing your pictures, profiles, usernames, questions, biograph, private messages, etc ... on the backend.... not to mention GIVING it all away to the government for free as well. And they're all owned by ONE parent company.
Don't believe me?!?! Do your own research into these companies on the internet. And also read their policies in detail weasel word by weasel word.

You're FUCKING INSANE if you EVER post your real name, real picture or even message your number to anyone on these sites.

That's why I refuse to ever post or send my face, and I use a second prepaid phone exclusively for dating.
Any potential mate who doesn't understand that basic privacy and control of self trumps 'hot or not' these days is NOT a partner of mine.

Re:Bullshit

[l0n3s0m3phr34k]

It puts the lotion on it's skin...

Re: Bullshit

A small point, but in [American] English one actually uses he/she and not it, generally, if the gender is known of an animal. It's actually consider rude to refer to living things with gender as "it" in American English, which ends up resulting in a presumption of gender being made or the extra effort to determine gender. Hell, that even extends to inanimate representations of fictional and non-fictional characters.

Re: Bullshit

[Kjella]

Side note: I'm german.

We figured. It seems natural if you're used to it.

Same problem with animals: the dog is male "der Hund", the cat is female "die Katze", nevertheless both animals obviously have a female and a male version and when you refer to a particular one you use "er" or "sie" as in "he" or "she" ... and not "it" as in english.

If you know the gender it's the same in English, you say the "The dog [or he/she] must stay in his/her cage". But if you don't, the sex-neutral form is always it - for all intents and purposes you can think of it as unspecified rather than sexless. In German it's not, the dog must stay in his cage, the cat in her cage and the girl - if you go all Fritzl - in its cage according to the gender of the word. And you're obliged to use the word's gender when you're using the word, so even if I see it's a female if I want to refer to the dog I'll have to say "Der Hund muss in sein Käfig bleiben" = "The dog must stay in his cage" but if the topic was already the dog I'd say "Sie muss in ihre Käfig bleiben = "She must stay in her cage". It's a double use of gender that drives everyone trying to learn German nuts, it really makes no sense.

Re: Bullshit

[I'm+New+Around+Here]

Perhaps you misunderstood the part where gwehir said "I know, for example, of a PhD Lawyer that lost his PhD". The reason he lost it is not the claim he was refuting. It was whether colleges or universities can and do revoke degrees.

Re: Bullshit

Welcome to the real world, where using a fake name to communicate on dating sites is generally considered creepy as fuck.

Re: Bullshit

[dnaumov]

But the data in question is NOT publically available. It requires an OKCupid account and agreeing to their TOS.

Re: Bullshit

[dnaumov]

Except you most definately can get stripped of an academic title.

Re: Bullshit

[chipschap]

It's a double use of gender that drives everyone trying to learn German nuts, it really makes no sense.

A language teacher I once had stated simply, "It doesn't have to make sense. It just IS."

Re: Bullshit

[gweihir]

It is reality. And to somebody not ethically challenged, it will be obvious that an academic does also have the responsibility to represent their chosen field in a positive and honorable way. If they grossly fail to do so, they may be rightfully ejected from that field as unfit to represent it. You may not agree, but most institutions awarding academic grades do, although many only start doing this in practice to people that already have that degree on PhD level. Incidentally, professional organizations like the IEEE or ACM see it much the same way: They will cancel you membership is you do something grossly against their code of ethics. In a sense, an academic title is also a membership in a community.

As the original question was whether you can be stripped of an academic title due to misconduct, this is however immaterial. The reality is that in most cases you can be and whether you disagree with it has no impact on that reality.

Re: Bullshit

[jonbryce]

You can stop Google from indexing parts of your site by putting it in a password protected area, or by using robots.txt. OKCupid has done this, so their profiles don't appear in Google.

Re: Bullshit

[Livius]

A university degree is a credential; credentials can be revoked by the issuing institution. Most credentials can be taken away merely for not paying renewal fees.

Re:Bullshit

However in context of the example we are still referencing a "maedchen" doing things in that sentence and the gramatical gender of "maedchen" is neuter.

With the sentence referencing a previous sentence the German gramar will be as Opportunist points out.

The girl with the milk is at the table. It puts her on him.

"It" refers to the "girl" - Maedchen is neuter, "her" to the milk - Milch is female and "him" to the table - Tisch is male.

Das Maedchen mit der Milch ist an dem Tisch. Es stellt sie auf ihn.

Re:Bullshit

[GNious]

on it's skin...

"on it is skin", "on it has skin", or "on it was skin" ?

Re: Bullshit

[gweihir]

Excellent point.

Re: Bullshit

[Pseudonym]

No, it is not. A university degree is an achievement. Each university has its own policy, but it's basically unheard of for a university to rescind a degree for a reason other than the requirements of the programme not being met (e.g. academic misconduct, or misrepresentation on the application). If you have unmet financial obligations, universities generally doesn't rescind degrees, but instead prevent you from being able to prove it (e.g. withholding academic transcripts or certificates).

The above does not apply to honorary degrees. Honorary degrees are not achievements, they are honours, and honours can be rescinded at any time if the granting body believes that you are no longer worthy of being honoured. Robert Mugabe, Rolf Harris, and Bill Cosby (to pick but three) have been stripped of honorary degrees.

Re:Bullshit

It was not public. Access required an account

Not necessarily - there is a setting labelled "Only allow other members to see my profile". If this is unticked, then your profile is viewable by the public.

Re: Bullshit

[drinkypoo]

A language teacher I once had stated simply, "It doesn't have to make sense. It just IS."

And that attitude is how language gets boned in the first place. It's anti-intellectualism. Someone comes up with a crap word, someone smarter says "actually it should be x" and then people throw rocks at them and call them a fag

Re: Bullshit

[dunkelfalke]

Apparently, your teacher hasn't explained to you that all german nouns in the diminutive form - marked with the "chen" or "lein" suffix - are neuter. It is that simple.

Re:Bullshit

[Opportunist]

Biologically, it's a she. Grammatically, it's an it.

Re: Bullshit

[Opportunist]

Das Baby, neutrum.

Mission accomplished. But it's still not sitting well with parents when you tell them to "could you please quiet IT down?"

Re:Bullshit

[dunkelfalke]

Grammatical genders of most indo-european languages are difficult. But it is true that German is especially difficult in that matter because there are almost no general rules about grammatical genders and they have to be memorised for every single word. In many other languages the grammatical gender is already encoded in the word by the means of the gender specific ending.

Re:Bullshit

[Opportunist]

And to turn this from funny to hilarious, "its" is the same word in German as "his", "sein". Actually, "seine", since skin is feminine, and possessive pronouns change endings according to the gender of the noun possessed.

So, with pronouns again, that looks like "It rubs her on its/his skin".

Head spinning already?

Re:Bullshit

[Opportunist]

Oh, forgot to mention: "Lotion" is of course also feminine. What did you expect, something that makes sense?

Re: Bullshit

[whopub]

I'm portuguese. We also make the gender quite clear in every sentence. I don't need subtitles to watch movies/series/etc, but it's amusing to see how sometimes the people doing the subtitles struggle to handle and go 'round certain sentences when they can contain plot information that would be revealed by a proper translation.

For instance: 'the doctor is coming'. We use 'doutor' (male) and 'doutora' (female). So the minute we hear that sentence, we'll know the gender of the doctor. If that information is relevant to that scene, or the plot as a whole, we really don't have a way to make it sound neutral.

As for animals, we use the male form when not being specific, but we do have different names for most species, though not all. Whale, for instance, is a female word ('baleia'), that has no male version. In cases like that, where it's not clear, the article before the word clears any doubt. Sometimes it doesn't (whale, again), but for most we do have both genders, like cat (gato/gata) and dog (cão/cadela). When it's not possible, we just mention whether it's male or female, like you would in english.

Stuff like that makes learning foreign languages tough. If we want to impersonate an english speaker trying his hand at portuguese, we'll switch a few of the gender specific words and it'll immediately sound authentic, since those are the most common mistakes.

Re: Bullshit

[BarbaraHudson]

Read the OKCupid TOS. No expectation of OKCupid keeping the data private. The TOS trumps the summary.

Re: Bullshit

Germans doesn't refer to girls as "it" - they use the neuter gender, something completely different!

Why do they do that for girls but not boys? No idea. German is a (collection of) old language(s) and like in any old language odd stuff accumulate. It could be that for older German tribes to be considered a woman the girl must have started to menstruate, that isn't unknown from other cultures. Or to point out to pedophiles that a little girl isn't a sex object... Or just some oddity from some dialect that spread and mutated during the language development resulting in this.

Re: Bullshit

[Aristos+Mazer]

Livius is partly right -- most credentials *from organizations generally* can be taken away for not paying fees. Pseudonym is right -- university credentials are not generally in the category of things that can be taken for not paying fees. And gweihir is right -- there are conditions under which the university no longer credentials someone for the field... An entire research paper on the law surrounding these situations: http://www.stetson.edu/law/con... Yes, there is case law to allow a degree to be withheld, rescinded, or revoked for behavior after graduation, including failure to pay fees. How far it can go appears to be up to the university in question.

Re: Bullshit

[chipschap]

It's not anti-intellectualism. It's recognizing that languages are idiosyncratic and have many constructs and usages that don't seem logical. The teacher was essentially saying, "Look, this is how the language is spoken, it may not be logical but you've got to deal with it."

Re: Bullshit

[Opportunist]

Yes, we don't refer to girls as "it". It's still wrong from a pure grammar point of view. You also usually don't refer to babies as "it", despite grammar demanding it. Parents don't really like it if you treat their newborn like a thing.

But considering how people mangle the language in everyday use, I think that's one of the things that could be excused since there's a good reason.

Re:Bullshit

[Opportunist]

German is actually the only language I know that has virtually no good reason for its genders. There are certain rules for compound nouns (getting the gender of the second noun in the compound), for adjective turned into nouns by adding "-heit", "-keit", -schaft" or "-ung" (similar to "-ness" in English, as in "complete-ness") which are female, but for simple nouns there is absolutely no rule where you could somehow tell the gender by the word's composition or ending. Even words that rhyme can have different genders (das Haus - die Maus).

I really admire anyone who learns this as a second language and can actually speak it well.

Re:Bullshit

[dunkelfalke]

Really? I have learned Russian, Czech and French (but can't use the latter two that well anymore due to a lack of practice) and neither of them has a nonarbitrary grammatical gender.

Here is an example: the Czech word for a horse is kun' (not written correctly since I don't have a Czech keyboard), a very similar word is used for horse in most of other Slavic languages and it always has a masculine grammatical gender. Except for Russian, there a horse is called loshad', and that word has a feminine grammatical gender. What makes this example especially ridiculous is the fact that Russian has also the word kon', which has also a masculine grammatical gender, as in all other Slavic languages - but that word doesn't mean a horse in general, but specifically a stallion.

Another example: by Russian grammar rules the word for coffee should have a neutral grammatical gender. It is masculine, though, because coffee was introduced to Russia by Germans (der Kaffee). Silly, but true. Even sillier is the fact that the word is indeclensible, which is not very comfortable for both native speakers and people who speak Russian as a second language, because it breaks so many grammar rules.

Re:Bullshit

[l0n3s0m3phr34k]

It's from The Silence of the Lams. My quote was a bit off "It rubs the Lotion on its skin" lol

Re:Bullshit

[peawormsworth]

The data was already public! What are you whining about?

Exactly. This is the fault of the company for allowing a web crawler to collect 70,000 user profiles without shutting down the attacker. OK cupid... take responsibility and then fix your holes.

Re:Did you know?

[binarylarry]

Why did you post that drivel? The post was about OkCupid, not OkStupid.

Read Before Posting

[SuperKendall]

I'm not going to name any names, but *several* Slashdot users appear not to be able to read summaries with any degree of accuracy - the data is not public, but only AVAILABLE TO OkCupid USERS (yes, that is what the summary actually says).

*Very* important distinction.

Re:Read Before Posting

[gweihir]

When you create an account, you accept their Terms of Service. Hence, this may well have been a criminal act.

Re:Read Before Posting

[Cow+Jones]

I'm not going to name any names [...]

Well, I am. This is a story about exposing internet users after all. The comment you're referring to (or one of them) is here, posted by this long time Slashdot user, who should hang his head in shame.

Re:Read Before Posting

[gweihir]

Oh, and under European privacy laws, that data belongs to the users, not OkCupid. It cannot be legally used for any purpose the users did not agree to. So definitely a criminal act.

Re: Read Before Posting

Breaking a TOS != Illegal

Re:Read Before Posting

Ah yes. Super Kendall.

Why is it that all the good people have left Slashdot, but the backwash is still here?

You're an idiot. There's no difference between public and non-public when all you have to do to get the information is create a free account.

Re:Read Before Posting

Anyone can rent a hotel room. Do you think the contents of the room are public, and you can just take home anything you find in it?

Think of an okcupid account as a hotel room that you're renting for a while.

Re: Read Before Posting

[gweihir]

The data was copied in Europe. Some of the users will be European. Nobody accused OkCupid of anything and hence where the company is based is immaterial. Are you stupid?

Re: Read Before Posting

[gweihir]

Are you stupid? The data was copied in Europe and some users will be European. Where the company is based is completely immaterial.

Re:Read Before Posting

[AK+Marc]

The data requires a login to access. That's the distinction.

Re:Read Before Posting

[AK+Marc]

Why is it that all the good people have left Slashdot, but the backwash is still here?

But you are still here. Oh wait. I get it...

Re: Read Before Posting

[BarbaraHudson]

So what if the data was copied in Europe. It was LEGALLY obtained from a server in Oklahoma. Are YOU stupid?

Re: Read Before Posting

[BarbaraHudson]

Where the company is based is entirely relevant. The server is in the US, so US law applies. If it was hosted in the EU, EU law would apply. Ask any law enforcement agency or the RIAA/MPAA how data access laws vary by country.

Re: Read Before Posting

[myowntrueself]

So what if the data was copied in Europe. It was LEGALLY obtained from a server in Oklahoma. Are YOU stupid?

The data may be legally obtained, but under EU law its what the data is then used for that counts; the users gave consent for a specific use for that data. If the, legally obtained data is then used for other purposes without explicit permission of the users then its illegal and EU law kicks in. Its nothing to do with OK cupid, they are not the infringer, hence the location of the data doesn't matter on this just the location of the infringer and user.

Re: Read Before Posting

[Kjella]

Where the company is based is entirely relevant. The server is in the US, so US law applies. If it was hosted in the EU, EU law would apply. Ask any law enforcement agency or the RIAA/MPAA how data access laws vary by country.

Do ask. US courts have repeatedly claimed jurisdiction as long as you do business with US customers or the victims are located in the US, so does the EU with their citizens. Not the ToS, that's under US terms and if OK Cupid wants to sue these guys it'll be in a US court but European citizens have rights under EU law they can't sign away. That said, usually a conviction is useless unless the court has jurisdiction over the assets or people involved which is why it doesn't happen more often. But if you can sue Danish people in a Danish court the conviction might stick.

Re: Read Before Posting

[gweihir]

Well, the US can claim that US law applies, but the legal bodies of the EU will be pretty unimpressed by that if the actual crime was committed in Europe against European citizens. And it was. It may be different if the servers had actually been hacked. They were not.

Also, what makes you think that US law trumps others? Are you an imperialist?

Re: Read Before Posting

[gweihir]

Indeed, and rather obvious so.

Re:Read Before Posting

> When you create an account, you accept their Terms of Service. Hence, this may well have been a criminal act.

A ToS cannot create crimes, I believe they shot down that theory, mercifully.

Also, wasn't OKCupid the one that was always profiling its own users?

Well, at least the ones that aren't fake profiles....

Re: Read Before Posting

[gweihir]

It was actually not legally published (regardless from where it came) if it is the data of European citizens (and there will be some in there). I am not sure what European law would say if somebody outside of Europe had done this, but the crime was perpetrated by somebody in Europe, so that question does not apply. Seriously. So what if European law does not apply in the US? It most certainly applies to what people do while being in Europe. You seem to have some rather serious problem with the fundamentals of law.

Re: Read Before Posting

[jonbryce]

No it wasn't. I gave OKCupid permission to show my profile to interested people so that they could decide whether or not to contact me with a view to dating me. I didn't give these researchers permission to publish it on another website.

Re:Read Before Posting

[drinkypoo]

When you create an account, you accept their Terms of Service. Hence, this may well have been a criminal act.

The question then becomes whether the ToS are valid and thus binding. And breach of contract is not a criminal act, but a civil wrong. They could sue for breach of contract, but it is still not a crime.

Re: Read Before Posting

[BarbaraHudson]

The user, according the the OkCupid TOS, explicitly understands that the data is not going to be private, and that OKCupid has no obligations in that respect. The purpose of posting info to OKCupid is to disseminate that information, so the user, even if they haven't read the TOS, has no reasonable expectation of privacy. They are even encouraged, in the TOS,, to not use a real name if they want to try to preserve some semblance of privacy.

There is no privacy claim from anyone in the EU because they agreed to the TOS. Tough sh*t.

Re: Read Before Posting

[BarbaraHudson]

Read the TOS. They make it clear that users cannot expect privacy. Any violation would be strictly between OKCupid and the researchers, not the individual users, since there was no expectation of privacy in the first place.

Re: Read Before Posting

[BarbaraHudson]

Read the OKCupid TOS. There is no reasonable expectation of privacy. So even European users can't sue because their data isn't private, because they were informed otherwise, and advised to use a fake name if they wanted to try to stay private, same as you don't use your real name on slashdot.

Re: Read Before Posting

[BarbaraHudson]

What crime? the TOS is the governing contract with the user. The only remedy is binding arbitration, not the courts. The user specifically disclaims all other remedies. In the event that a court holds this to be unenforceable in a jurisdiction, the user has already agreed that they will file any litigation exclusively in New York County.

Also note this clause: "The exclusive means of resolving any dispute or claim arising out of or relating to these Terms of Use (including any alleged breach thereof), the Service, or the Website shall be BINDING ARBITRATION administered by the American Arbitration Association." Other parts of the TOS govern privacy (or the lack thereof). That would be part of "any dispute or claim arising out of or related to these Terms of Use.", since this arbitration is not exclusive to the relationship between the user and OKCupid, but ANY dispute.

Kind of hard to bring something before the courts when the user has waived that right.

Re: Read Before Posting

[BarbaraHudson]

The TOS is clear that there are no guarantees whatsoever of privacy. You agreed to this, you can't then go whining that you had a reasonable expectation of privacy. You seem to have a problem with contracts.

Re: Read Before Posting

What crime? the TOS is the governing contract with the user.

Nope. The actual law take precedence.

Also note this clause: "The exclusive means of resolving any dispute or claim arising out of .... "

The actual law take precedence. E.g. the law of a country always apply to the full extent in that country with no exception. Example.

EU has strong privacy laws granting rights which cannot be waived.

Re: Read Before Posting

We are talking about the law not a private contract. There are certain statutory rights you cannot sign away, even the US has this concept.

Stop digging the hole.

Re: Read Before Posting

[BarbaraHudson]

The Privacy Policy makes it clear that there is no expectation of privacy

Information you provide about yourself while using our service
We provide areas on our websites where you can post information about yourself and others and communicate with others or upload content such as photographs. Such postings are governed by our Terms & Conditions. In addition, such postings may appear on other websitesor when searches are executed on the subject of your posting. Also, whenever you voluntarily disclose personal information on publicly-viewable web pages, that information will be publicly available and can be collected and used by others

There's no way that you can argue that you expected the information to be private, since YOU agreed to the terms, and then YOU posted the data knowing full well that it wasn't private..

There is no law that says you cannot voluntarily make your private information public, and that's exactly what this is.

Re: Read Before Posting

[BarbaraHudson]

You have a statutory right to make your private data public. It's YOUR data, after all. Even the US has this concept. Just look at politicians publishing their tax returns.

Re:Read Before Posting

Anyone can create an okcupid account, there is not much difference between the two. This might as well be an argument over semantics, "Oh well, TECHNICALLY, there's this ToS and blah blah blah"

Look, I live in the real world. In the real world, it takes 30 seconds to make an okcupid account and look at anyone else's okcupid account. Anyone who thinks that their okcupid data is somehow private is a moron; it's less private than a costco membership.

Re: Read Before Posting

[gweihir]

You cannot sign away your rights via TOS in Europe.

Re: Read Before Posting

[gweihir]

You can make _your_ private data public all you like. But in order for somebody else to be allowed to do it not as part of their primary offering, they need a written signed waiver on paper that specifies in detail what kind of publishing they may do. Obviously there is no such contract between the people that published the data and the data owners.

Re: Read Before Posting

[BarbaraHudson]

Read the Privacy Statement. YOU have already agreed to your information being displayed on other websites, made available in search results, and also are aware that it can be collected by others.

You have a right to privacy, but when you post something on the internet after being told that it will be public, it's the same as running around naked in the street and then claiming the police violated your privacy by seeing you as they arrested you, or posting your tax return on a public billboard.

Don't like it, don't use the service.

Re: Read Before Posting

[BarbaraHudson]

It is part of their primary offering. They take your data and make it available on the internet. How do you think anyone else can see it?

The project's been suspended/hidden

[Johann+Public]

"Unavailable For Legal Reasons

This record has been suspended"
https://osf.io/p9ixw/files/

Kirkegaard's other work (still available) on Open Science Framework: https://osf.io/a2yfn/

Interestingly enough, it works out to be great advertising for a really neat science site/service...

Re: From the not-a-story dept.

[Luthair]

Presumably they have a tos which was likely violated. In the EU there is also copyrights on compilation of data which may also cause problems as OKC would own it as a collection.

Fancy Laugh Instigator

[zenlessyank]

"cardinal rule of social science research ethics". If that isn't enough a red flag, I don't know what is. Anyone who puts that much time in a concept surely is out to fuck someone.

Re:From the not-a-story dept.

[angel'o'sphere]

Making it public IS permission.
No it is not. Perhaps you should read about copyright laws and privacy laws.

Bottom line, the data was not public available anyway: they used a scraping bot, obviously with one or more fake accounts. Which is most certainly against terms of usage.

Re:From the not-a-story dept.

[gweihir]

Making it public IS permission.

1. It was not made public, it was only accessible after you created an account and hence agreed to their TOS.
2. European privacy law says even if made public, it can only be used for the purpose it was made public for (e.g. Phone-Book). Anything else requires explicit agreement by the data owner, and that is the respective person. No such agreement was obtained.

Seriously, understand the facts first. This was a criminal act.

Re: Did you know?

[meerling]

Nope, just an intense dislike of trolling, racism, and OFFTOPIC !!!

Browsing is not data-mining; Data set removed.

[SeattleLawGuy]

1. Because there is a distinction between data-mining user information and browsing user profiles as an individual.

2. Because the person did not hold a copyright in any of the material which he scraped and uploaded to another site. The terms of service at the second site require him to only upload material he has a right to upload. He violated their terms of service. I am sure that is why the material is now down. https://osf.io/p9ixw/

Interestingly, though, okcupid's /profile is not blocked in their robots.txt.

Treat anything online as public

If you wouldn't say it to a person you have recently met it should not be online. That being said this is still a crime. As a member I am moderately upset.

Well

Making it public is not posting it to a site.

However, how is it a problem for a company to post that if it's not personally identifiable?

How could 70,000 people be identified out of the population of the English speaking world? Maybe they have other languages, if so include that I do not know the site personally.

The point is the same, how could those data points personally identify anyone, I don't think that they can and anyone thinking they can needs to prove it from the bottom up.

Re: Did you know?

You still didn't answer the fucking question.

Seriously /., nobody is going to give a shit if you delete obvious troll posts.

Real names not revealed

[swell]

from TFA: "The data dump did not reveal anyone's real name."

Usernames, etc, were revealed. A clever person might be able to find the true owner of an account if it was really important to him/her. Time will tell if any puppies were injured by this action.

Re:Real names not revealed

[allo]

simple. okcupid doesn't ask for your realname at all. Usernames are pretty bad.

Scumbag

[JohnFen]

Emil Kirkegaard is a total scumbag.

Re:From the not-a-story dept.

You're the idiot, idiot. How many times do people have to tell you that the data isn't available for people to take? It got stolen from the system by scraping. You probably think it's ok to steal bathrobes from hotel rooms as well. "It was just hanging there on public display in the closet, officer, I'm a member of the public, I didn't steal it, it was free just for me!"

Re:From the not-a-story dept.

[gweihir]

A criminal act, because European privacy laws are criminal law. They can send you to prison for violating them. Rarely ever happens, but still...

I see one idiot here and that is you.

Re: From the not-a-story dept.

[BarbaraHudson]

The TOS doesn't have the ability to block fair use. In the US, you cannot claim copyright on facts, and the "compilation" part fails anyway because the facts were accessed individually, not as a compilation. Also, OKCupid isn't based in the EU.

This is why I have trust issues

[sandbagger]

Gosh I hope I cancelled my account before then.

Re:From the not-a-story dept.

[BarbaraHudson]

Privacy laws? Come off it, on data the person made public? The facts that the individual made public are their information, not OKCupid's. They make it public, tough sh*t. Giving public information to a company doesn't suddenly make it not public when it's willingly posted on a public server with the express purpose of the public seeing it.

And you can't copyright facts. F*cking morons ...

Copyright does not protect facts,

Feist Publications, Inc., v. Rural Telephone Service Co.

Sweat-of-the-brow work doesn't give rise to a grant of copyright, and since they didn't hack into the database, there is no way that they can be accused of taking the data in it's original format anyway.

Re:From the not-a-story dept.

[BarbaraHudson]

EU privacy laws don't cover US companies with data stored in the US - that's covered by US laws. And it was most certainly made public, with not even minimal security. Otherwise fake accounts couldn't have scraped the data. You can't argue for privacy when you leave your bedroom windows wide open with a big "look in here" sign.

And nobody using OKCupid enters into an agreement with each individual person.

This is no more a criminal act than if I were to scrape slashdot. Or facebook. Or twitter. Or an online phone directory, which I scraped for 20 million names, numbers, and addresses about a decade ago - all legally.

Re: From the not-a-story dept.

[AK+Marc]

You are hopelessly naive if you think that dating profiles are full of "facts". Or do you just like arguing with everyone because it's the only way someone will talk to you?

Also, as those logging in were presumably in the EU at the time of logging in, they would be held to the EU ToS, which *do* trump Fair Use.

Re:From the not-a-story dept.

[BarbaraHudson]

Scraping is not stealing any more than using a screen reader is stealing. Your theory means that anyone using their eyeballs to look at the website is stealing, anyone watching a movie in a theatre is stealing, anyone listening to music on the radio is stealing. Don't hum that tune - remembering it is a copyright violation! Only problem, of course, is that facts cannot be copyrighted because they cannot be owned. There is no creativity in a fact. It's just a fact. Even if you spent years and millions, any fact you discover is considered "sweat of the brow" work, and not copyrightable.

Re: From the not-a-story dept.

[AK+Marc]

You keep asserting that the data is "public", but it requires a login to access it. By your logic, you should give us your password, as any data hidden behind it is "public".

Re: From the not-a-story dept.

[BarbaraHudson]

Not is the server is in the US. This has been hashed out over and over on slashdot. It's why Microsoft wants to move some of its servers to Europe, remember?

Re:From the not-a-story dept.

[BarbaraHudson]

EU privacy laws don't cover servers in the US. That's why some companies are investigating moving their servers to the EU. If it's not hosted in Europe, the laws of the hosting country apply, and ONLY those laws.

Re: From the not-a-story dept.

[AK+Marc]

Nope. Your misunderstanding of legal rulings doesn't mean anything. MS hosting servers in the US is covered by US law. A human in Denmark is subject to the laws of Denmark, even if the crime isn't in denmark. You are misunderstanding this to be a corporate law case, when it's one of the most discussed and settled international law questions of someone standing in one jurisdiction shoots across the border and kills someone on the other side.

The Dane in Denmark broke Danish law in Denmark, and you argue that because the server "hacked" was in another jurisdiction, all laws are invalidated. And that's simply not how anything works, no matter how much you want it to be.

Re: From the not-a-story dept.

This isn't fair use. Even in the US they have to have approval of the test subjects to use the data.

I have a profile there and it's only supposed to be accessible to members, as in not the general public. The researchers taking materials from the site that may or may not have been publicly view-able without an account is definitely not professional behavior.

In certain parts of the country, your best shot at finding somebody good is to go online. I'm not sure I know anybody locally that found anybody actually in person.

Re:From the not-a-story dept.

[myowntrueself]

EU privacy laws don't cover servers in the US. That's why some companies are investigating moving their servers to the EU. If it's not hosted in Europe, the laws of the hosting country apply, and ONLY those laws.

Where do you get your info that the Danish court wouldn't touch this case because the servers are in the USA?

The EU is strict enough that I'm pretty sure that if one of the complainants were in, say, Denmark and the 'researchers' were also in Denmark then the fact that the data was on servers in the USA wouldn't matter to a Danish court; the person infringed upon and the alleged infringer were in Denmark therefore Danish law applies.

Re:From the not-a-story dept.

[myowntrueself]

As has already been said, under EU law the data belongs to the user not to the company with the servers. The jurisdiction of the user would apply.

Re:From the not-a-story dept.

[gweihir]

That is completely immaterial, as this would not be a case against OkCupid and the data does not belong to them anyways according to European law. What matters is where the crime happened and that was in Europe. Seriously, the facts of the matter are not difficult and neither is the geography. An European doing illegal things in Europe with data of other Europeans is clearly subject to European law.

Administrative punishment WTF?

[jopsen]

You can be fired and unofficially blacklisted. Academia can be more political than D.C.

No, we don't want administrative punishments.
What kind of banana republic do you live in...?
If there is a breach of law, it should be handled in court, or perhaps a civil settlement will do in this case...
I dislike it when people think companies or educational institutions should take the law in the their own hands, and punish students/employees for what they do in their private lives.

Sounds like the students who did this, might not have thought about all the consequences.

As for whether or not it's legal... That is hard to say, technically copyright has a lot of exceptions when it comes research and education.
That said, a court could also rule that students could do research without publishing the raw data; and that therefore privacy outweighs research and education exceptions in this particular case (because the data is particularly sensitive).

Regardless, it is not for the University to punish students for spare time activities. A University cannot acts as prosecutor, judge and jury. We have courts for that!

Re:Administrative punishment WTF?

Most universities require that researchers follow ethical guidelines. Some cases you are required to have your experiment cleared with an ethics review board before proceeding (if it involves human subjects). I don't work in academia so I don't really know what the rules are for something like this, maybe it was cleared, but if it wasn't and the university considers this to be a breach of ethics there could be some consequences including academic sanctions.

Re:Administrative punishment WTF?

[Fragnet]

You're joking aren't you? Educational institutions are overtly political, especially in the social sciences. Researchers identify 44:1 as being left liberal.

Re:Administrative punishment WTF?

[Aristos+Mazer]

Citation? I'm not disagreeing, but that kind of stat needs attribution.

Re:Administrative punishment WTF?

[Fragnet]

People like you will be arguing which is the correct gender pronoun to use when the Mullahs nuke us.

Re:Administrative punishment WTF?

[Fragnet]

I'm trying to follow up the citation. I heard it here. Gad Saad interviewed by Dave Rubin.

Re:From the not-a-story dept.

[jonbryce]

Actually it would matter that the servers were in the US. They exported personal data outside of the EU/EEA without the data subjects' permission, which is an additional offence.

Re:Did you know?

[jcr]

Dude, get your meds adjusted. You don't have to be this way.

-jcr

Re:From the not-a-story dept.

[locofungus]

EU privacy laws don't cover US companies with data stored in the US

But EU laws do cover collecting the data. That's what all the hoohaa about safe harbour laws is about.

Under EU law OK cupid could collect the data that they did provided they used it for the purposes it was collected for and required the same terms on anyone else using the data - which I think they did via their TOS.

Re:From the not-a-story dept.

[angel'o'sphere]

And you can't copyright facts. F*cking morons ...

Perhaps you should make an account and OKCupid and check how the site works?

There are no "facts" about me stored. And again: they are not published, they are only stored there, that is all. Only to be retrieved by logged in users. Not by robots. And yes, figuring my age, gender and sexual preferences by violating TOS of the website: is a attack on my privacy and in Europe likely a crime. Regardless if those informations are "facts". There are not many male whites born 13.12.1960 with blue eyes and size of 168cm speaking german and english on the planet. So even if most of the stuff is anonymized you probably can narrow the amount of people fitting that description to 50 or so.

So, back to copyright. What ever I write on www.oomentor.de or www.jiyukan.de is *mine*
You have no right to copy anything from it, or use it for anything I don't agree to.

That is a nobrainer and people should grasp that. I surrendered nothing in crafting my own web sites, I gave no one permission to do anything with it than simply reading it.

Why do you think "publishing" something on a web site is legally any difference to "publishing" stuff in magazine or a book? Hint: it is not!

Definitiely Unethical

[abramovs]

I can't speak to legality of the researcher's actions, but as a Social Scientist (cue jokes about not being a real scientist), I can tell you that their actions were unethical. Specifically, I'm shocked that their Internal Review Board (IRB) thought it was ok to upload this data to a forum where all can have access.

Social Scientists, when conducting research, are under a moral obligation to make sure that their participants are not under more than 'minimal risk' as a result of the research. The most common heuristic for that minimal risk is whether the researchers are making the participants susceptible to more risk than they would normally be susceptible to. In this case, while the participants had provided data to a semi-public forum (i.e. OkCupid), make the data more easy to extract and able to be mined is definitely putting the participants at higher risk for data related crimes (e.g., identity theft, bank fraud).

If those researchers aren't in proverbial hot water yet with their institutions, they will be when the law suits come. The lesson to be learned here if you are a researcher....your IRB exists for a reason; check with them before creating a new protocol.

Re:Definitiely Unethical

[goose-incarnated]

Social Scientists, when conducting research, are under a moral obligation to make sure that their participants are not under more than 'minimal risk' as a result of the research.

How is this different from other scientists? I remember writing motivation for the ethics review board for anything involving living creatures, plants excluded.

Kirkegaard's blog - data removed/DMCA request

[starless]

http://emilkirkegaard.dk/en/

OSF has now suspended the entire repository, not just deleted the user datafile. Not sure why this is the case. So for now, the paper PDF will be available here: OKCupid_public_dataset_paper Edited to add: The repository is closed due to a DMCA request sent by OKCupid which is currently being investigated.

A good use of the DMCA in this case IMO. (Though surprised it worked overseas.)

Re: From the not-a-story dept.

[BarbaraHudson]

Not true. Otherwise, why would Microsoft want to move servers with customer data to the EU? Ad the server wasn't hacked, any more than if someone had used a screen reader in place of a screen scraper to access the data. Also,NONE OF THE DATA WAS PROPRIETARY. Not one single piece. Just a collection of facts which were voluntarily made available to the general public. There was no expectation of privacy whatsoever.

Call me back when the EU bans yearbooks or other collections of personal data that have been intentionally made public by the individual.

Re: From the not-a-story dept.

[BarbaraHudson]

They did not have any test subjects. The data was not proprietary. the server was not hacked. The users wanted the data to be accessible to the general public. And how many people can claim it's their personal information when they haven't even used their real names? None. So in effect, the data is anonymized, and even the few who used their real names, there's no way to know that was the case, unless someone did research to find out, and anyone can do that as well.

In certain parts of the country, your best shot at finding somebody good is to go online. I'm not sure I know anybody locally that found anybody actually in person.

Please, let everyone know where those parts of the country are, so we can avoid them. Generations of people have found someone without the internet. It's called socializing, as opposed to (anti-)social media.

Re:From the not-a-story dept.

[BarbaraHudson]

The person willfully exported their data to a server in the US. Kind of useless to lock the barn door after the horse is gone.

Re: Did you know?

It is not any more racist to claim that Israel did 9/11 than to claim that Arabs did. Ever notice how everyone is supposed to be all hyper-sensitive about what we say when someone is Jewish? That's exactly what the Jews want: to be above critique.

Re:From the not-a-story dept.

[BarbaraHudson]

The first hurdle is that the individual willfully exported their data to another jurisdiction, for the purpose of it (hopefully) being viewed by as many people as possible. There was no expectation of privacy. It would be the same as if they posted it on a billboard and then claimed that anyone reading it was violating their privacy.

The TOS make it very clear that OKCupid has no responsibility to keep any supplied information private. Also, while it refers to a bona fide profile, their definition is a profile that is created to find others online. There is no requirement to use a real name, so creating accounts with fake names is ok under the TOS. If you read the privacy section, they warn against using your real name.

So, how is machodude345's personal information violated, when there is no such legal person to bring that claim? Oh, right, you can't violate the privacy of a fictitious person. Duh!

Re:From the not-a-story dept.

[BarbaraHudson]

That's under EU law for a server located in the EU. EU law doesn't apply in Oklahoma. Also, the TOS encourages people to not use their real name (you DID read the TOS before commenting, didn't you?) There is no guarantee whatsoever of any information being private, and anyone who agreed to that TOS, well, touch beenies, they agreed to it.

Also, how would user myowntrueself' have standing to claim any violation, since that's not even a legal person, just a phony screen name? So all the info under that name is not personally identifiable information, unlike me, who unlike most of the cowards on the internet, uses their name, knowing full well that there is NO expectation of privacy when you put something on a server that's accessible world-wide for the express purpose (in OKCupid's case) of distributing that very information to others, and the TOS makes it clear that there is NO expectation of privacy.

Re:From the not-a-story dept.

[BarbaraHudson]

You obviously haven't read the OKCupid TOS. There is no expectation of privacy, users are informed not to use their real names, and the purpose of the site is to disseminate the data in the user's profile.

Kind of hard to argue that your data has any reasonable expectation of privacy when the contract between the user and OKCupid says otherwise. Or does the EU no longer recognize contracts?

Re:From the not-a-story dept.

[BarbaraHudson]

which I think they did via their TOS.

No, they didn't. They made it very clear that there was no expectation that their data would be private right in their TOS.

Privacy
You should appreciate that all information submitted on the Website might potentially be publicly accessible.

Pretty straight forward, but it gets even better in the separate Privacy Policy:

Also, whenever you voluntarily disclose personal information on publicly-viewable web pages, that information will be publicly available and can be collected and used by others.

You are told all this in advance if you read the TOS, so you can't whine when someone accesses your publicly-viewable personal information that you disclosed. And if you didn't read the TOS? 2 bad, so sad, sux to b u.

Re:From the not-a-story dept.

[BarbaraHudson]

Read the TOS and the separate privacy agreement. From the separate privacy agreement that is integrated into the TOS and that you agreed to:

Also, whenever you voluntarily disclose personal information on publicly-viewable web pages, that information will be publicly available and can be collected and used by others.

Also, you were warned in advance in the main TOS that there is no guarantee whatsoever of keeping anything private, and you as a user accepted that. It might be your information, but you already agreed to make it publicly available. How are you going to bring a privacy claim when you agreed to make it publicly available?

Re:From the not-a-story dept.

Let's work this backwards... A US citizen accessing a server in Denmark, uses said server to conduct an illegal arms trade/drug trafficking/human trafficking operation obviously in violation of EU laws. But as long as none of my merchandise enters the US, the US can't do anything to stop me? Sweet!

Re:From the not-a-story dept.

[BarbaraHudson]

Why not just read the OKCupid TOS and Privacy Policy, which most people appear not to have done.

From the TOS

Privacy
You should appreciate that all information submitted on the Website might potentially be publicly accessible.

From the privacy policy:

We provide areas on our websites where you can post information about yourself and others and communicate with others or upload content such as photographs. Such postings are governed by our Terms & Conditions. In addition, such postings may appear on other websites or when searches are executed on the subject of your posting. Also, whenever you voluntarily disclose personal information on publicly-viewable web pages, that information will be publicly available and can be collected and used by others.

As a user, you understood all this. There is zero expectation of privacy. This is the governing contract between the parties. Have fun proving you didn't know that your information wasn't going to be kept private..

Re: From the not-a-story dept.

[AK+Marc]

Just a collection of facts which were voluntarily made available to the general public.

So creative works are "facts" and requiring a login is "public".

You are simply insane. Your reality doesn't match anyone else's reality. It's a form of insanity. You should seek help before you hurt yourself or others. You are insane and dangerous.

Re:Data theft's okay when it's not MY data

[threc]

The sad truth is people don't care about the actual morality of data theft. They only care about whether or not the data is personally beneficial to them, and if it is, well, ... then it's okay.

Interesting, there is definitely an argument to be made that people can be hypocritical when it comes to protecting their own interests. Not sure why a person with mod points labeled this as flamebait.

So where is the data?

I need it for ... er ... research purposes.

Re: From the not-a-story dept.

[BarbaraHudson]

So just read the TOS and the Privacy Policy. And no, the privacy policy makes it clear that the stuff you post may appear on other websites, so much for requiring a login to OKCupid,

TOS

Privacy

You should appreciate that all information submitted on the Website might potentially be publicly accessible.

Privacy Policy

Information you provide about yourself while using our service

We provide areas on our websites where you can post information about yourself and others and communicate with others or upload content such as photographs. Such postings are governed by our Terms & Conditions. In addition,such postings may appear on other websites or when searches are executed on the subject of your posting. Also, whenever you voluntarily disclose personal information on publicly-viewable web pages, that information will be publicly available and can be collected and used by others.

See - they are publicly available, and may appear on other websites.

Where's your expectation of privacy? Where's your login requirement?

Re:From the not-a-story dept.

EU has laws that give statutory rights which cannot be waived through a contract. Since this data was collected and published in the EU, these laws apply.

Laws like these also exist in the US. As an example, in California a landlord must give the tenant a written 24 hour notice they intend to enter the unit for inspection, repair, or showing to prospective tenants. No other type of entry is allowed and the hours are limited during weekday, from 08:00 to 16:00. It makes no difference if you signed a lease stipulating the landlord could enter the unit at any time; you cannot waive this statutory right.

Take this as a lesson that you should refrain from making legal comments when you clearly know nothing of the subject.

Re:From the not-a-story dept.

[angel'o'sphere]

Public available means: logged on users.
Not general public. Can't be so hard to understand.

Furthermore: collecting private data and/or making it public as in 'public available for everyone' is illegal under european laws. Regardless how you interpret the TOS.

In other words: the danish idiots (Denmark belongs to the EU!) are with one leg in jail now and have a hailstorm of criminal prosecutions incoming.

You should start to comprehend that 'the rest of the world' has not bullshit laws like you in the US. And frankly grasp it: a TOS does not deprive us from our 'bills of right' or other 'civil liberties', surprising that it is different in the US. Shameful and depressing that you find that 'normal' instead of changing the law or interpretation of the law.

Re: From the not-a-story dept.

[AK+Marc]

OKCupid may share it. But you can't look up the personal details of a member without joining. And TFA indicated that the people who shared the data got it by logging in, to get around OKCupid data protections. You are confusing a theory on how it could have happened, with the reality. Reality wins.

Re:From the not-a-story dept.

[BarbaraHudson]

There is NO legal prohibition anywhere of someone making their own personal data public, and that's what the users did. It's the same situation as someone making their tax records public - the tax man can't but the tax payer sure as hell can.

The users agreed as per the TOS and the Privacy Policy, and that's the end of it. Same as, to use your example, you CAN allow the landlord in before the 24 hour notice if you choose to. Any provision in the lease is void, but that in no way means that if you WANT them to come in earlier that you can't. "Oh sorry my toilet is backing up but I can't let you in until tomorrow to fix it because some asswipe on slashdot says so/" Use some common sense.

Re:From the not-a-story dept.

[BarbaraHudson]

Read the Privacy Policy before continuing to blather ...

Information you provide about yourself while using our service

We provide areas on our websites where you can post information about yourself and others and communicate with others or upload content such as photographs. Such postings are governed by our Terms & Conditions. In addition, such postings may appear on other websites or when searches are executed on the subject of your posting. Also, whenever you voluntarily disclose personal information on publicly-viewable web pages, that information will be publicly available and can be collected and used by others.

No need to be logged in to use a search engine. No need to be logged in to find it on other sites. You have already agreed to this, as well as that the information will be publicly available and can be collected and used by others.

So, the USER has voluntarily made it PUBLIC, same as if you post your tax records on a billboard. The tax man can't do it, but you sure as hell can. It's clearly spelled out, and it's not in disagreement with privacy law anywhere in the world, because you can make your personal info public any time, any way. It is, after all, your information.

What is depressing is that so many people are commenting without reading the actual contract between the user and the company, which specifically allows for personal information to be made public, and this is done with the user's knowledge and permission as explained above.

Re: From the not-a-story dept.

[BarbaraHudson]

As per the terms I quoted, you are fully aware that the data may appear on other websites or in search results. No login to OKCupid to use either other sites or Google, Bing, etc. So much for needing to be logged in. Also, OKCupid, in their TOS, specifically disavows that they will do what they can to protect your data.

Also, users are clearly aware, as per the terms I quoted previously, this is all related to voluntary disclosures that they clearly say will be publicly available and can be collected and used by others. When YOU disclose YOUR personal information publicly and knowingly, it's no longer private, same as if YOU posted YOUR tax returns on a billboard.

That's the reality. Didn't read the TOS and Privacy Policy? Tough shit that's on you.

Re: From the not-a-story dept.

[AK+Marc]

You are talking about what OKCupid can do with it. TFA is about what a 3rd party can do without OKCupid's permission. You didn't read TFA or even TFS? That makes you the idiot.

Re: From the not-a-story dept.

[BarbaraHudson]

No. It makes it quite clear that the data will appear on other websites and in search engines and that it may be viewed and collected by others. You believe everything that a one-sided article or summary says when the Terms of Service and Privacy Policy contradict it, then you're the idiot.

Face it - you were too lazy to actually do any research, so you didn't bother to read the TOS and Privacy Policy, and now you can't admit you are wrong. Teach you not to be so lazy next time.

Link?

Yeah, all these stories without a single link to the data? Idiots. Where's the link?

Think Facebookberg

Any idea why the US gov isn't suing them?

Re:From the not-a-story dept.

[locofungus]

In the EU consumers cannot waive their statutory rights. And OKCupid had to self certify that they would not break European privacy rules in order to collect this data from European citizens in the first place.

So it appears that not only are the researchers criminally liable but so is OK Cupid. Oh dear...

Re:From the not-a-story dept.

[myowntrueself]

The person willfully exported their data to a server in the US. Kind of useless to lock the barn door after the horse is gone.

Ah but the researchers then downloaded the data to their servers in Denmark.

Re:From the not-a-story dept.

[angel'o'sphere]

So, the USER has voluntarily made it PUBLIC, same as if you post your tax records on a billboard.
What is so hard to understand? I bold it for you: it is still copyrighted by me! No one has the right to copy it and paste it elsewhere. And it is not "PUBLIC" it is only on that billboard where only the people see it who happen to walk by that billboard.

You can only very sparely search okcupid with a search engine. E.g. from me you only find a photo, not my profile.

What is depressing is that so many people are commenting without reading the actual contract between the user and the company
That part of the TOS you linked are not a contract but a WARNING.

The TOS is completely irrelevant regarding the criminal behaviour of the Danish "researchers". The TOS is between me and okcupid. It has nothing to do regarding what the danish did: collecting private data of people with whom they had no contract, illegally posting the results of their collection. They committed minimum 3 crimes: accessing okcupid without authorization of okcupid, collecting and publishing private data of real people, and a copyright violation of they copied the "texts" the memebrs of okcupid have written. E.g. the answers to some questions often include an explaining text besides the checked boxes.

The copyright violation in this case is probably not a crime but only a civil case, the first two things are illegal by European law. The danish researchers are: European! What has that to do with the TOS of okcupid? Nothing!

No idea why you jump around with your bullshit idea: it is published, it is public viewable, so there is no harm done. Ofc. there is harm done!!! Or do you pay me to seek out every web site that holds private information about me and pay for a cease and desist letter?

Re:From the not-a-story dept.

[BarbaraHudson]

The problem is that OKCupid gave out the information with the user's prior knowledge and agreement. See in particular the terms of the privacy policy, which make it clear that the data will appear on other web sites, in internet searches, and my be collected by others.

They didn't waive their statutory rights. The purpose of OKCupid is to make this info available to other users; one of the consequences is that it will also be available to others, and it's right there in the terms. People are stupid if they think that anything on the internet is private when you make it available to users of unknown/false identity, and users who are not logged in.

Re:From the not-a-story dept.

[BarbaraHudson]

The users were informed in advance that their data would be posted on other web sites, available in search results, and that people would be able to collect them. You voluntarily make it public knowing that, you can't then complain that someone else is collecting it.

Re:From the not-a-story dept.

[BarbaraHudson]

Your information is also posted on OTHER web sites. No need to log into OKCupid. That makes it public data. And YOU agreed to it in advance. Also, unless there is something creative and non-mundane, there's no claim to copyright.

Re:From the not-a-story dept.

[myowntrueself]

The users were informed in advance that their data would be posted on other web sites, available in search results, and that people would be able to collect them. You voluntarily make it public knowing that, you can't then complain that someone else is collecting it.

Laws in the EU require that each individual specific use of the data must be approved by the owner of the data, thats the user not the hosting provider or service provider. You can't contract out of the law with TOS.

Re:From the not-a-story dept.

[BarbaraHudson]

Personal private date means just that. You make it available to the public at large, it is no longer personal PRIVATE data, due to YOUR actions.

Re:From the not-a-story dept.

[myowntrueself]

Personal private date means just that. You make it available to the public at large, it is no longer personal PRIVATE data, due to YOUR actions.

Sheesh, not MY actions, I never used the website I swear. Are you hoping someone you know used it so you can get some dirt on them?

Re:From the not-a-story dept.

[BarbaraHudson]

Think of it - while I'm in favor of the individual's right to privacy, I don't keep my personal life a dirty little secret, so I don't need dirt on someone else to protect myself.

Re:From the not-a-story dept.

[angel'o'sphere]

Most of the data is creative. As people write about their life and style of living. I thought that was obvious.

The fact that I agreed that OKCupid may copy it somewhere (which is anonymized), does not give the "danish researchers" the right to copy it elsewhere (un anonymized).

I did not argue against OKC, I argued against the "danish researchers". perhaps you missed that point.

And again: regardless where my data is published and how, it is a against privacy laws to copy private data and publish it somewhere.

Can't be so hard to grasp.

Re:From the not-a-story dept.

[BarbaraHudson]

READ the privacy policy you agreed to. It gives them all these rights. Everywhere. It is not against privacy laws to publish your private data if YOU made it public, stupid.