Forgot your password?
typodupeerror
Electronic Frontier Foundation Privacy Security Social Networks The Internet Your Rights Online

Looking For Love; Finding Privacy Violations 112

Posted by timothy
from the my-profile's-all-lies-anyhow dept.
itwbennett writes "When you sign up for online dating, there's a certain amount of information you expect to give up, like whether or not your weight is proportional to your height. But you probably don't expect that your profile will remain online long after you stop subscribing to the service. In some cases your photo can be found even after being deleted from the index, according to the electronic frontier foundation (EFF), which identified six major security weaknesses in online dating sites."
This discussion has been archived. No new comments can be posted.

Looking For Love; Finding Privacy Violations

Comments Filter:
  • by crankyspice (63953) on Saturday February 11, 2012 @11:13PM (#39009105)

    Well, without RTFA but going just by the above statement: "even after being deleted from the index..."

    Deletion from an index != "being deleted."

    If I go into the index of the Encyclopedia Galactica and remove all references to The Mule, the article(s) the index pointed to still exist...

  • by Anonymous Coward on Saturday February 11, 2012 @11:20PM (#39009123)

    When you put data up on a system you are unable to
    physically control, all sorts of things can happen to
    that data, including things you might not like, and
    in most cases you won't be able to do anything about it.

    Facebook, Myspace, all of it is one big steaming pile of
    shit and most of you idiots are walking right up and taking
    a big bite like it was a tasty meal. Honestly it is impossible
    to feel pity for you, because you do it to yourself.

  • by bobbied (2522392) on Saturday February 11, 2012 @11:34PM (#39009177)

    ANYTHING you give up to a website is there for the duration of time. I just figure it will never go away.

    Even if you run your own site, don't fool yourself that you can take down the information and it's gone. There are folks that archive web content and sell the historical data for profit. If you are expecting that Facebook or Twitter content can be deleted and it will be gone forever, you are a fool.

    I'm always amazed at the number of folks who simply don't understand this, and think that they can delete their Facebook posts and they are gone. So I'm not suprised that data on dating sites might stick around after you are gone.

    Don't think I'm right? Check this out: http://www.archive.org/web/web.php [archive.org]

  • by Anonymous Coward on Sunday February 12, 2012 @12:15AM (#39009317)

    Or, better yet. Date online, as the Internet is a GREAT tool for bringing people together. Just don't go trying to take shortcuts like dating sites. Actually MEET people via sites discussing your interests (you know, outside of genitalia). Dating sites are a hotbed for spammers, desperate folk, and other bad news. Hobby/other Interest based networking sites are much more promising for creating a healthy and valuable relationship in the future. Meetup.com comes to mind, though I'm sure there are great less mainstream/corporate options to go with as well, that may be less inclined to treat you like data to be mined and sold. Even better would be the BBS's of the past (due to their local nature), but I'm afraid in most cases you'll be needing a time machine to go with this option... The big benefit of this method, outside of being less sketchy than online dating sites, is also that even if you don't succeed in finding a partner, you're at least still likely to make some worthwhile friends in the process (might be more valuable to some than others...but I tend to figure most people who use online dating are probably fairly lonely to begin with).

    And obviously, use some goddamn common sense. Strangers are strangers, and hopefully y'all got that lesson back in Kindergarten.

  • by ChatHuant (801522) on Sunday February 12, 2012 @12:41AM (#39009391)

    In a case like that the "deleted" flag still means the data mustn't be accessible from the outside anymore. That is, unless your developers belong behind a McDonald's counter in the first place.

    Or, unless the company is hit with a subpoena that forces it to give up your data. Or, unless it is bought by another company that wants to monetize the purchase. Or, unless it decides to unilaterally change the privacy policy, and you have a week to opt out, but oh, don't you check daily for policy changes for this company you haven't used for years now? Then it's your fault if all your "deleted" data suddenly surfaces!

  • by Zontar The Mindless (9002) <plasticfish@info.gmail@com> on Sunday February 12, 2012 @01:01AM (#39009457)

    My solution? I logged in and updated "my" personal information. I got nasty,
    every bit of the sickest crap I could think of.

    They pulled my account within the hour. :-)

    You just go right on believing that.

  • by EdIII (1114411) on Sunday February 12, 2012 @01:34AM (#39009557)

    Why do you always assume somebody that refuses to be on Facebook has no friends? It's a curious bit of fallacious logic that I encounter quite often.

    I feel the same way the AC does. Most people *are* foolish to give up so much privacy for whatever you think Facebook is delivering.

    Personally, I find Facebook to not only be dangerous to me for factual reasons based on logic regarding privacy, anonymity, game theory, etc. but incredibly shallow and just plain old bullshit.

    I don't need to tweet shit, or put stuff up on Facebook, or see any of your shit either.

    Call it a personal preference, but I prefer my relationships to have a little more "real life" in them. Meeting at tea and coffee shops, having a meal, you know, actually doing real things. Talking with my friends.

    Facebook and Twitter (especially Twitter) just lack the depth that I find rewarding in personal relationships.

    I am not a phone guy. Hate to be on it for more than a few minutes. Refuse to txt message. My communications are literally limited to email, phone conversations and physically talking. I like it that way.

    and..... I have plenty of friends and I am considered to be quite nice and approachable.

  • by CAIMLAS (41445) on Sunday February 12, 2012 @03:58AM (#39009881) Homepage

    Absolutely.

    If you've ever posted something (anything) which could be found with a search engine (ie, it was indexed, which it most certainly was), it's probably available as part of a very large dataset which is indexed and searchable, and the company is able to generate

    Those reports are sold to other companies, which then combine them with other information (or do so themselves) - like financial information.

    Think about it: how many things from 10 years ago can you find just on the public internet (via Google)? Hell, you can track the 'accuracy' of my job history to see when and with what my resume, etc. on my site was updated through archive.org - going back over a decade, and all they do is archive. I'm sure this isn't exceptional. With the screen name of a prolific internet user in hand and a little time in front of a search engine, chances are you can track down a known person's entire online history manually, too - even without going to Facebook or the like.

    As for the OT: my wife recently saw an ad for "singles in your area" for some random site. She was kind of shocked to see a picture of me as part of the collage advertising the 'singles'. It was a picture someone (ahem me) had put up on hotornot.com years ago (close to a decade ago, before I'd met her). Anything and everything you ever post on the internet in a datatype'd field? Someone has packaged it, sorted it, studied it, created reports on it, and sold it - guaranteed.

  • by neonKow (1239288) on Sunday February 12, 2012 @09:45AM (#39010565) Journal

    You don't physically control the systems that hold your wedding photographs, the photos you're getting developed at Walgreen's, the medical information at every hospital or doctor you've visited, or the credit card information from every Target, Macy's, and Safeway you've made purchases at. It doesn't mean you don't deserve to have some expectation of privacy and discretion for that data. You should always be able to say, "okay, stop using this data except as far as compliance with the law goes."

  • by HereIAmJH (1319621) <HereIAmJHNO@SPAMhdtrvs.org> on Sunday February 12, 2012 @02:05PM (#39012049)

    Data retention laws only apply to things you are required to keep. You can keep any information that your customers allow you to collect. And you can be subpoenaed for any information that you do collect. But only information that you are required to keep has a legally mandated retention period.

    I'm surprised more businesses don't realize the legal obligations that they take on when they collect unnecessary information on their customers. Note ISPs that refuse to keep anything beyond essential logging because keeping it entails a liability to the company. And it's not just law enforcement, the act of collecting can put you under civil requirements and liabilities, for example, PCI.

    I can think of very little, if any, customer data that a dating web site would be required to keep. But once you start collecting associations and communications, ala Facebook, then you can expect law enforcement to take interest. Even collecting innocuous things like who visited a profile (something OkCupid and even LinkedIn track) could be used for tracking 'terrorism'.

    A big factor on social web sites is ownership. If you pay GoDaddy hosting they are not responsible for data retention on your site. In fact, they may not do any kind of backups at all on your site. Web hosting companies consider it to be your data, thus your responsibility. Social web sites, OTOH, consider your profile to be their data. They only thing that will force them to delete something they consider a business advantage are privacy laws that are virtually non-existent because governments see the value of having access to information they don't have to collect or store.

You are in a maze of UUCP connections, all alike.

Working...