Looking For Love; Finding Privacy Violations 112
itwbennett writes "When you sign up for online dating, there's a certain amount of information you expect to give up, like whether or not your weight is proportional to your height. But you probably don't expect that your profile will remain online long after you stop subscribing to the service. In some cases your photo can be found even after being deleted from the index, according to the electronic frontier foundation (EFF), which identified six major security weaknesses in online dating sites."
Obviously, deletion was never the case! (Score:2, Interesting)
How can something that was 'deleted' still be available? Obviously, it must not have been deleted. Whoever is lying should be brought to book.
I know I [might] have opened a can of worms. My law-inclined slashdotters are going to argue that I obviously "do not understand."
Deleted is a relative term (Score:5, Informative)
In a lot of systems, deleted simply means marked as deleted. What the system does with that information is another matter. Even in a file system, when a file is deleted, it is many times recoverable if it hasn't been overwritten with other data.
Re:Deleted is a relative term (Score:5, Funny)
Re: (Score:3)
Very few. Their campaign maangers spend a lot of money finding out every little detail about their life so far and doing everything they can to prevent stuff like this from getting out in the first place.
The improprieties you hear about in the news occasionally are par for the cost for most politicians - hell, for most people, even. Those are just the ones that slipped through the cracks.
Re: (Score:2)
The improprieties you hear about in the news occasionally are par for the cost for most politicians - hell, for most people, even. Those are just the ones that slipped through the cracks.
I disagree. The improprieties you hear about in the news make these politicians look like normal people; everyone has a skeleton or two in their closet after all. However, you just said that their campaign managers prevent most of their improprieties from becoming public, and the stuff we hear about is just the stuff that
Re: (Score:2)
No, because while politicians do have campaign managers to hider the improprieties, which is more protection than normal people do, they also have political opponents and millions of shlubs in the opposing party searching for improprieties, and normal people don't have those either. It balances out--more protection but more exposure too.
Re: (Score:3)
That implies that these politicians have far, far more improprieties than normal people.
Based on what they do once elected, I have no problem believing that to be true.
Re: (Score:2)
As long as they remember to lock the door it will probably remain exponentially small.
There's only one thing to do... (Score:3)
Re: (Score:3)
.. will literally be caught with their pants down ..
There is no "gotcha with your pants down" here: he/she used an online dating service, so what, what's wrong with that?
When you are going out to meet new people on a Friday night, are you not doing the same? You don't really care about the venue, you are interested into meeting someone: in that case, it is the bar/club/gas station lavatory that acts as a "host" for your endeavors, instad of an online meeting place.
As for the personal data, online dating, weird and beyond me as I may find it, works for many
Re: (Score:3)
He means literally. He means finding pics of their genitals.
Re: (Score:1)
You don't really care about the venue, you are interested into meeting someone: in that case, it is the bar/club/gas station lavatory that acts as a "host" for your endeavors, instad of an online meeting place.
You are one seriously classy guy.
Re: (Score:2)
In a case like that the "deleted" flag still means the data mustn't be accessible from the outside anymore. That is, unless your developers belong behind a McDonald's counter in the first place.
Re:Deleted is a relative term (Score:5, Insightful)
In a case like that the "deleted" flag still means the data mustn't be accessible from the outside anymore. That is, unless your developers belong behind a McDonald's counter in the first place.
Or, unless the company is hit with a subpoena that forces it to give up your data. Or, unless it is bought by another company that wants to monetize the purchase. Or, unless it decides to unilaterally change the privacy policy, and you have a week to opt out, but oh, don't you check daily for policy changes for this company you haven't used for years now? Then it's your fault if all your "deleted" data suddenly surfaces!
Re: (Score:1)
In the case we're talking about here, I'd guess it's the CDN that still has the photos and such. The service no long links to the image from your profile, but the image is still out on the outside service.
Facebook has the same problem. Deleted photos can be available via direct link for years after it has been "deleted". That system is currently being replaced.
http://arstechnica.com/business/news/2012/02/nearly-3-years-later-deleted-facebook-photos-are-still-online.ars [arstechnica.com]
Re: (Score:2)
and that 'replacement' has been underway for 4 years now....
Re: (Score:2)
That is, unless your developers belong behind a McDonald's counter in the first place.
Which is often the case for web developers or, at least, the people who hire web developers. To an even greater degree than most of the rest of the industry, they are judged by UI first, scalability and performance second, and security a very distant third.
Re: (Score:2)
That is, unless your architects belong behind a McDonald's counter in the first place.
There I fixed that for you...
You might as well blame the guy cooking the burger for the lack of nutrition. Usually it's improper use of a CDN that causes these issues, such decisions are typically not made by developers, unless it's a one man shop.
Re:Obviously, deletion was never the case! (Score:5, Insightful)
Well, without RTFA but going just by the above statement: "even after being deleted from the index..."
Deletion from an index != "being deleted."
If I go into the index of the Encyclopedia Galactica and remove all references to The Mule, the article(s) the index pointed to still exist...
Re: (Score:1)
Only if The Mule allows you to remember that they exist.
Re:Obviously, deletion was never the case! (Score:5, Informative)
"Deleted from the index" does not mean the file was deleted. If I rip the table of contents and index out of a book you could still find each page by flipping through them.
Re: (Score:2)
Now, as it turns out, they just keep the pictures from all the people who uploaded to their site and left a day later after they figured it was bullshit.
In my next life months from now, I am making 80K a year, driving an M3, and I'm looking for a woman who knows how to initiate and hold convers [kym-cdn.com]
Re: (Score:2)
In many systems there is a legal requirement to retain data for, and then delete data, within a specified period of time.
For government systems this is generally 7 to 10 years.
What data retention law applies to these sites?
Is there any kind of law or mandate requirement these sites to delete user submitted data?
Re: (Score:2)
Of course it wasn't deleted. To these businesses, the old personal data is _valuable_. They resell it, as a matter of course, to their corporate partners for targeted advertising. That's why one should use a throwaway email account for such a purpose: not merely to protect your online persona, but to be able to cut off the spew of spam that is inevitable from signing up for such a service.
Re:Obviously, deletion was never the case! (Score:4, Insightful)
Data retention laws only apply to things you are required to keep. You can keep any information that your customers allow you to collect. And you can be subpoenaed for any information that you do collect. But only information that you are required to keep has a legally mandated retention period.
I'm surprised more businesses don't realize the legal obligations that they take on when they collect unnecessary information on their customers. Note ISPs that refuse to keep anything beyond essential logging because keeping it entails a liability to the company. And it's not just law enforcement, the act of collecting can put you under civil requirements and liabilities, for example, PCI.
I can think of very little, if any, customer data that a dating web site would be required to keep. But once you start collecting associations and communications, ala Facebook, then you can expect law enforcement to take interest. Even collecting innocuous things like who visited a profile (something OkCupid and even LinkedIn track) could be used for tracking 'terrorism'.
A big factor on social web sites is ownership. If you pay GoDaddy hosting they are not responsible for data retention on your site. In fact, they may not do any kind of backups at all on your site. Web hosting companies consider it to be your data, thus your responsibility. Social web sites, OTOH, consider your profile to be their data. They only thing that will force them to delete something they consider a business advantage are privacy laws that are virtually non-existent because governments see the value of having access to information they don't have to collect or store.
Re: (Score:3)
How can something that was 'deleted' still be available? Obviously, it must not have been deleted.
Do you keep regular backups? When you delete things from your main database, do you also delete them from your backups? If you do, what is the purpose of having backups?
In this particular case, the photos are stored on Content Delivery Networks. Apparently the love websites upload your pictures to those sites, but are sloppy about deleting them when they are done (or maybe the CDNs don't delete them, I couldn't find out from the article).
Comment removed (Score:5, Interesting)
Re: (Score:3)
Hey! I found my wife on-line. She did a who command and saw that I was on the server so she talked me.
Of course this was back in '95 and we were dialed up to a Unix box with a shell account, what passed for Internet access back then. I was using telex.exe and Norton Commander on my DOS box.
Damn, coming up on 17 years soon.
Re: (Score:2)
Re: (Score:2)
Funny, you got the Cherokee and I'm the one living on the rez (Tulalip.) with a Lutheran American Princess. Yeah, she changed me. I was a long hair Deadhead sleeping on a futon in a rented room. Now we own a home and sleep in a king bed with too many pillows, I have short hair. We worked ISPs and telcos together until she decided it would be better for her to stay at home and cook, and I go out and earn what little money we need. Works fine, she's more of a stay-at-home person while I get stir-crazy on
Re: (Score:2)
Yeah, I know (Score:5, Funny)
Re: (Score:3, Funny)
I'm not overweight, I'm undertall!
-Garfield
Re: (Score:1)
I'm too short for my weight.
Yeah, me too, I'd be perfectly proportioned if only I was 11 feet tall
Re: (Score:2)
Just use different units. Its the Slashdot way.
Re: (Score:2)
Re: (Score:2)
I like being short and round. It allows me to roll from one room to the other.
Re: (Score:1)
Reminds me of an old joke from "Cheers."
Sam: "What are you up to, Norm?"
Norm: "My ideal weight, if I was 8 feet tall."
Reality check time : (Score:4, Insightful)
When you put data up on a system you are unable to
physically control, all sorts of things can happen to
that data, including things you might not like, and
in most cases you won't be able to do anything about it.
Facebook, Myspace, all of it is one big steaming pile of
shit and most of you idiots are walking right up and taking
a big bite like it was a tasty meal. Honestly it is impossible
to feel pity for you, because you do it to yourself.
Re:Reality check time : (Score:5, Funny)
It's not very often friendless people get to act smug.
Re: (Score:2)
Or maybe people who know how to host their own content and how to give access to those they'd like to have access? Hmm! Though I'll admit, it seems hard to do online dating that way haha.
Re: (Score:2)
Well, if he'd turn off AdBlock, he'd be able to see the eDarling and FilipinoCupid ads.
Re:Reality check time : (Score:5, Insightful)
Why do you always assume somebody that refuses to be on Facebook has no friends? It's a curious bit of fallacious logic that I encounter quite often.
I feel the same way the AC does. Most people *are* foolish to give up so much privacy for whatever you think Facebook is delivering.
Personally, I find Facebook to not only be dangerous to me for factual reasons based on logic regarding privacy, anonymity, game theory, etc. but incredibly shallow and just plain old bullshit.
I don't need to tweet shit, or put stuff up on Facebook, or see any of your shit either.
Call it a personal preference, but I prefer my relationships to have a little more "real life" in them. Meeting at tea and coffee shops, having a meal, you know, actually doing real things. Talking with my friends.
Facebook and Twitter (especially Twitter) just lack the depth that I find rewarding in personal relationships.
I am not a phone guy. Hate to be on it for more than a few minutes. Refuse to txt message. My communications are literally limited to email, phone conversations and physically talking. I like it that way.
and..... I have plenty of friends and I am considered to be quite nice and approachable.
Re: (Score:2)
Because the people who complain about it talk of shallow relationships, which usually happens when they sign on and try to increase the friend count. They then post comments and nobody replies. After a bit, they get grumpy and complain that people on Facebook arent friends, but 'friends'. Suddenly, instead of just getting bored with it and moving on, noisy opinions of these sites are born and are, not-surprisingly, leveled solely at sites that are really only useful if you have a friends list.
I'll conced
Re: (Score:2)
Call it a personal preference, but I prefer my relationships to have a little more "real life" in them. Meeting at tea and coffee shops, having a meal, you know, actually doing real things. Talking with my friends.
I am not a phone guy. Hate to be on it for more than a few minutes. Refuse to txt message.
Obviously, all your friends live locally to you. There's a lot of older people who use Facebook to reconnect with or stay in touch with old friends who now live far away. If you're either still in high sch
There are friends outside of facebook? (Score:2)
If you're not on facebook and have friends, how do you friend them?
Re: (Score:2)
Why do you always assume somebody that refuses to be on Facebook has no friends? It's a curious bit of fallacious logic that I encounter quite often.
Well, I hear that Facebook creates ghost profiles out of posts made by members. Therefore you are only not on Facebook if you have no friends signed up on Facebook (otherwise you just don't know that you basically have an account).
Also, what can I assume about a person who's reaction is not "Facebook violates privacy, we should force them to be more respectful of their users's information" but rather, "Ha, ha, you signed up for Facebook, you deserve all the crap that may happen to you now". I mean the l
Re: (Score:2)
Call it a personal preference, but I prefer my relationships to have a little more "real life" in them. Meeting at tea and coffee shops, having a meal, you know, actually doing real things. Talking with my friends.
Same here. And I'm not fan of facebook and their ilk. But some of my proper friends (and family that I care about too) are, and if I stayed away from one of their preferred contact mediums completely I'd lose one method of staying in contact at those times when meeting them in person isn't possible for one reason or another. While I'd prefer email they wouldn't and I the preference isn't important enough to me that I feel like labouring the point. For a start the second choice for most of them is the phone,
Re: (Score:2)
Re: (Score:2)
Those are actually the ones you add on Facebook. When you don't, you're not using it correctly, then you become the bitter sort who writes long tirades about how shallow people are on Facebook.
Bullshit anon. (Score:3)
Things don't "just happen" to my data. What can and can't be done with it, is regulated by the European Data Protection Directive, UK Data Protection Act 1998, and several other laws which reflect European attitudes to the key role of privacy in human rights law.
However there are gaping loopholes:
Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented.
So buried in the terms will be a clause consenting to export my data to a data ghetto such as the United States, and that is where the problems begin.
Re:Reality check time : (Score:5, Insightful)
You don't physically control the systems that hold your wedding photographs, the photos you're getting developed at Walgreen's, the medical information at every hospital or doctor you've visited, or the credit card information from every Target, Macy's, and Safeway you've made purchases at. It doesn't mean you don't deserve to have some expectation of privacy and discretion for that data. You should always be able to say, "okay, stop using this data except as far as compliance with the law goes."
So this comes as a suprise? (Score:5, Insightful)
ANYTHING you give up to a website is there for the duration of time. I just figure it will never go away.
Even if you run your own site, don't fool yourself that you can take down the information and it's gone. There are folks that archive web content and sell the historical data for profit. If you are expecting that Facebook or Twitter content can be deleted and it will be gone forever, you are a fool.
I'm always amazed at the number of folks who simply don't understand this, and think that they can delete their Facebook posts and they are gone. So I'm not suprised that data on dating sites might stick around after you are gone.
Don't think I'm right? Check this out: http://www.archive.org/web/web.php [archive.org]
Re:So this comes as a suprise? (Score:4, Insightful)
Absolutely.
If you've ever posted something (anything) which could be found with a search engine (ie, it was indexed, which it most certainly was), it's probably available as part of a very large dataset which is indexed and searchable, and the company is able to generate
Those reports are sold to other companies, which then combine them with other information (or do so themselves) - like financial information.
Think about it: how many things from 10 years ago can you find just on the public internet (via Google)? Hell, you can track the 'accuracy' of my job history to see when and with what my resume, etc. on my site was updated through archive.org - going back over a decade, and all they do is archive. I'm sure this isn't exceptional. With the screen name of a prolific internet user in hand and a little time in front of a search engine, chances are you can track down a known person's entire online history manually, too - even without going to Facebook or the like.
As for the OT: my wife recently saw an ad for "singles in your area" for some random site. She was kind of shocked to see a picture of me as part of the collage advertising the 'singles'. It was a picture someone (ahem me) had put up on hotornot.com years ago (close to a decade ago, before I'd met her). Anything and everything you ever post on the internet in a datatype'd field? Someone has packaged it, sorted it, studied it, created reports on it, and sold it - guaranteed.
Re: (Score:2)
Did you contact the service about it or did you just leave it alone?
Re: (Score:2)
Wasn't able to track down where the ad was from. Wife mentioned it in passing.
Re: (Score:1)
Wasn't able to track down where the ad was from. Wife mentioned it in passing.
Shame, you could have sued them for copyright violation and made a fortune! Oh, wait, wrong forum...
Re:So this comes as a suprise? (Score:4, Informative)
Don't think I'm right? Check this out: http://www.archive.org/web/web.php [archive.org]
Amusing that you uses Archive.org as an example, because the Wayback Machine fully respects robots.txt, even retroactively. If you eventually decide that your site should not be indexed by Archive.org, you can tell your robots.txt file to indicate that. Moreover, whenever the Archive.org bot comes by your site again and discovers it, it will not only not index your current site but also delete everything else it had on your site.
Now, of course, that is not to suggest that if you delete it from Archive.org and your own website, that the images and text is gone for good, another site may have re-hosted it. But I know none other than Archive.org that does it for a living and moreover, the very data in question will certainly be harder to find.
Re: (Score:1)
Archive.org may respect robots.txt, but this is not universal. My point here is that once information is public on the web, it can (and many times does) stick around long after the original source is long gone.
This problem is much worse for social networking sites like Twitter and Facebook. Just ask former house member Mr. A. D. Weiner. Once you post, it's history and you may not be able to take it back. You never know who may have a copy even if the site actually deletes the data. If there is any reaso
Difficult deletions (Score:5, Informative)
I have several honeypot email accounts, and one kept getting emails that suggested it was somehow a member of a French on-line dating/introduction service.
The web site had no way to delete one's account, nor did the proprietors respond to emails.
My solution? I logged in and updated "my" personal information. I got nasty, every bit of the sickest crap I could think of.
They pulled my account within the hour. :-)
...laura
Re:Difficult deletions (Score:5, Insightful)
My solution? I logged in and updated "my" personal information. I got nasty,
every bit of the sickest crap I could think of.
They pulled my account within the hour. :-)
You just go right on believing that.
Re:Difficult deletions (Score:4, Interesting)
I had some person set up personal ads on eharmony and another website using my email address a while ago.
On both sites I logged in ("forgot password" link works great since it's my email, and somehow the second site emailed me the unchanged plaintext password so I could leave them both to what the person had set them...) and changed the "something else you should know about me" to be something like "I signed up for this site using a strangers email address, and they're going to delete this account soon if I don't change it" to be nice and give the person a chance if they actually wanted to find dates. The number of email notifications I got for people still trying to set up a date with "me" even with that little tidbit in the profile was kinda scary, so a week later I went through their "delete profile" procedure, and lo and behold I'm getting mail filtered to my spam folder to this day from eharmony asking me to sign back up. However, the second site seemed to be moderated by real people, and within a day of me adding that info the account was removed without me having to do anything more - and I haven't gotten any email from them since.
Do not date online (Score:5, Interesting)
I tried a dating site long ago (eHarmony) and I found that they are utterly worthless for finding real relationships with real people. All it does is attract spammers, scammers, and predators. If you want to date, get to know people in your local community. To dating sites, you are just money to be made.
Re:Do not date online (Score:5, Insightful)
Or, better yet. Date online, as the Internet is a GREAT tool for bringing people together. Just don't go trying to take shortcuts like dating sites. Actually MEET people via sites discussing your interests (you know, outside of genitalia). Dating sites are a hotbed for spammers, desperate folk, and other bad news. Hobby/other Interest based networking sites are much more promising for creating a healthy and valuable relationship in the future. Meetup.com comes to mind, though I'm sure there are great less mainstream/corporate options to go with as well, that may be less inclined to treat you like data to be mined and sold. Even better would be the BBS's of the past (due to their local nature), but I'm afraid in most cases you'll be needing a time machine to go with this option... The big benefit of this method, outside of being less sketchy than online dating sites, is also that even if you don't succeed in finding a partner, you're at least still likely to make some worthwhile friends in the process (might be more valuable to some than others...but I tend to figure most people who use online dating are probably fairly lonely to begin with).
And obviously, use some goddamn common sense. Strangers are strangers, and hopefully y'all got that lesson back in Kindergarten.
Re: (Score:1)
....but they have the candy that I want!!! >_
Re: (Score:2)
Date online, as the Internet is a GREAT tool for bringing people together. Just don't go trying to take shortcuts like dating sites. Actually MEET people via sites discussing your interests (you know, outside of genitalia).
Yeah, everyone knows that slashdot is great for finding your spouse!
Re: (Score:3)
Re: (Score:2)
Re: (Score:1)
I am 7 months into a relationship which I fully expect to lead to marriage and forming babby.
Are you serious? I went out with my now wife for ten years before I proposed marriage, and even then I wasn't sure about rushing things.
Re: (Score:2)
Re: (Score:2)
Different strokes for different folks. I met my GF (and more than likely future wife) on Plenty of Fish. Never had any spammers but did have to weed out the crazy.
We also went out on a date last night with another couple we met on another "dating" website and had a great time.
Problem with online websites is it's like walking up to every girl in the bar and then getting mad when they all don't fit. You don't give up.
I'll match your FAIL anecdote with one SUCCESS. (Score:3)
I met my wife through Match.Com. We've been together now for just shy of 7 years. I pinged her the day after she had decided decided to pull her profile and let her account lapse. Fortunately, she hadn't yet gotten around to it when my forwarded email arrived in her inbox. She told me later that I intrigued her so much she re-subscribed just to reply.
We spent a week and a lot of emails back and forth before we agreed to meet for a quick dinner date. Three and a half hours into what was supposed to be l
Why you should never pay for online dating (Score:2)
Re: (Score:2)
Results may vary. Also, anyone who pays the dating site is a moron.
Lies I tell you .. all lies (Score:5, Funny)
My online dating profiles of course. You see by posting profiles that are completely full of lies I have totally side stepped the security issue! There is no way that anyone can trace my profiles back to a real person.
So nyah nyah nyah to all you suckers how put your real photos and descriptions out there in public - you'll never know who has your information now, while I'm free of any worries at all.
(But please don't remind me that I am posting on /. on a Saturday night)
weight:height (Score:2)
Re: (Score:2)
So you just say that you are exceptional. OK, its a divide by zero exception.
I don't mind. (Score:2)
"Weight proportional to height" (Score:2)
Re: (Score:3)
Isn't weight proportional to cube of height?
That would be the Ponderal Index [wikipedia.org], which assumes mass is proportional to the cube of height, and has some use in pediatrics. However, non-infant humans don't scale like spheres. Unfortunately, they also don't scale such that mass is proportional to the square of height, which the BMI [wikipedia.org] assumes. A statistical fit to height and weight data for the US yields an exponent of about 2.6 [utah.edu] for those aged 2 to 19 years. Note that this exponent slightly underestimates weight for persons shorter than 40" or taller than 65
You can be Googled (Score:5, Informative)
What's a Dating Site's Incentive? (Score:3, Interesting)
Really cool in 1998 (Score:2)
Online dating was really cool for about six months in 1998. Since then, it's been a scam.
The history of Friendfinder (which now owns Penthouse and tried to buy Playboy) is interesting, in the litigation sense.
Proportional? (Score:2)
...like whether or not your weight is proportional to your height.
So it's OK if I put on weight as long as I get proportionally taller at the same time?
Re: (Score:1)
In Soviet Russia ... (Score:2)
News at eleven... (Score:1)
Online dating (Score:4, Interesting)
The thing about that website is that it was free; others have left a very bad impression, the worst one being match.com . I don't know if it has changed since then, but about 1999 I put my details on their site and got an interested email a few hours later. Of course, I couldn't reply, as you had to pay for membership before you could contact anyone. So I paid £5 for a month's subscription and messaged back. I got no reply. I think it was just an automated match.com robot designed to suck in the desperate into paying up. A little while later, I created a sock puppet account with the most repulsive details I could imagine. I got a couple of messages from people who said they were interested and wanted to know more. In my mind, proof that match.com would do anything to make you part with your money. I didn't and it put me off dating sites until a few years later when I happened to read a newspaper article which rekindled my interest.
Re: (Score:2)
Congratulations.... I'm pleased to see that things worked out for you.
When I think about it, I notice a number of weird problems with the idea of dating sites. Free dating sites, inevitably, will be the preferred haunt of the insincere who lack commitment to the idea of forging a new lasting relationship... you'd expect the participants - if genuine at all - to be looking for cheap thrills... encouraged that by avoiding handing over credit card details, they're in some sense shielded by anonymity. Convers
Re: (Score:2)
match.com has created so many fake profiles for the purpose of deceiving members that there's a class action lawsuit [classactio...henews.com] over it pending as of last year. So, no, that hasn't changed since your fake robot created e-mail in 1999.
Capturing your Brain (Score:1)
So, no worse than regular social networks? (Score:2)
And probably better, because who actually tells the truth on a dating site?
What did you expect? (Score:2)
Re: (Score:2)
Try deleting your Slashdot account.
Why, do you have something to hide? A pro-Microsoft comment made when you were young and needed the money?