When we think of protecting our information online, it’s usually in the context of traditionally sensitive data-- credit card numbers, addresses, SSNs, and so on. But as anyone who has taken a picture of themselves wearing nothing but a smile can tell you, the information exchanged during online dating can be just as personal. I haven’t done that, though. Ever. I have never done it.
I used the UpGuard Website Risk Grader to evaluate the relative security of many of the world’s top dating sites and found some interesting results. The Grader looks at externally accessible security factors such as whether SSL is enabled, whether its cookies are secure, and a number of other data points to determine as best we can the security of the site from an external viewpoint.
UpGuard rolls all that information up into a single numeric score, much like a credit score. If a site’s score is low, it suggests that several standard security measures are probably not in place or may not be configured correctly. A high score means the site’s administrators have given thought to web security and may be taking steps to keep your data as private as reasonably possible.
The only site on this list named after a Marilyn Manson song, BeautifulPeople boasts having a beautiful member base that “actually look in real life as they do online.” Their members may be beautiful, but their security is looking pretty ugly-- 504 is well below what is considered good. The site lacks SPF, secure cookies, DMARC, and other features that could prevent forged or fraudulent communication with the other beautiful singles.
As arguably the most popular-- or at least, the most heavily marketed-- site for online dating in the US, Match.com’s secure member area (secure.match.com) has set up SSL of decent strength, but has neglected to use HSTS, secure cookies, or DNSSEC. From what we can see here, Match’s overall web security is good, but could be better with a few improvements. And being a paid subscription service, there’s really no reason to not go whole hog.
Because it’s a free site, you may be considering giving a pass to PlentyofFish. After all, you get what you pay for, right? But by that logic, OkCupid should also rank poorly, but that’s not the case. POF lacks SSL, secure cookies, and fails to obscure server information. But hey, their domain won’t expire for over 5 years, so they’ve got something under control.
An attempt at an exclusive dating service for graduates of prestigious schools, this 16-year-old site’s design is straight out of Geocities. The secure area of the site (secure.rightstuffdating.com) actually scores average, despite everything else about the site being ridiculously out of date. For example: “To fully utilize the site’s features it is necessary to use Netscape 2.02 or Internet Explorer 3.02 (or equivalent) or higher.” Internet Explorer 3.02 was released on March 20, 1997. An upgrade to IE 3.03 SP1 was released the following year for Y2K compliance.
It’s not much of a surprise that the dating/cheating site whose security has been scrutinized the most also scores the highest-- their administrators have likely been paying a lot of attention to data security since their widely publicized user data leak. To be fair, the Ashley Madison leak was thought to be an inside job, thus the security flaws responsible would not be detectable through this external web scan. But it stands to reason that in the aftermath of the crisis, the company gave extra consideration to web security.
Have a look at the full list, and give the Website Security Grader a spin for yourself.
|Site||Website Grader Score|
All the information needed to perform a CSR assessment is bundled into the UpGuard platform. Learn more about CSR.
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.