When we think of protecting our information online, it’s usually in the context of traditionally sensitive data-- credit card numbers, addresses, SSNs, and so on. But as anyone who has taken a picture of themselves wearing nothing but a smile can tell you, the information exchanged during online dating can be just as personal. I haven’t done that, though. Ever. I have never done it.
The more important and difficult question is not why, but how—that is, how can companies not just survive, but thrive in a landscape of digital threats?
I used the UpGuard Website Risk Grader to evaluate the relative security of many of the world’s top dating sites and found some interesting results. The Grader looks at externally accessible security factors such as whether SSL is enabled, whether its cookies are secure, and a number of other data points to determine as best we can the security of the site from an external viewpoint. UpGuard rolls all that information up into a single numeric score, much like a credit score. If a site’s score is low, it suggests that several standard security measures are probably not in place or may not be configured correctly. A high score means the site’s administrators have given thought to web security and may be taking steps to keep your data as private as reasonably possible.
BeautifulPeople.com - 504 out of 950
The only site on this list named after a Marilyn Manson song, BeautifulPeople boasts having a beautiful member base that “actually look in real life as they do online.” Their members may be beautiful, but their security is looking pretty ugly-- 504 is well below what is considered good. The site lacks SPF, secure cookies, DMARC, and other features that could prevent forged or fraudulent communication with the other beautiful singles.
Match.com - 741 out of 950
As arguably the most popular-- or at least, the most heavily marketed-- site for online dating in the US, Match.com’s secure member area (secure.match.com) has set up SSL of decent strength, but has neglected to use HSTS, secure cookies, or DNSSEC. From what we can see here, Match’s overall web security is good, but could be better with a few improvements. And being a paid subscription service, there’s really no reason to not go whole hog.
PlentyofFish - 361 out of 950
Because it’s a free site, you may be considering giving a pass to PlentyofFish. After all, you get what you pay for, right? But by that logic, OkCupid should also rank poorly, but that’s not the case. POF lacks SSL, secure cookies, and fails to obscure server information. But hey, their domain won’t expire for over 5 years, so they’ve got something under control.
The Right Stuff - 694 out of 950
An attempt at an exclusive dating service for graduates of prestigious schools, this 16-year-old site’s design is straight out of Geocities. The secure area of the site (secure.rightstuffdating.com) actually scores average, despite everything else about the site being ridiculously out of date. For example: “To fully utilize the site’s features it is necessary to use Netscape 2.02 or Internet Explorer 3.02 (or equivalent) or higher.” Internet Explorer 3.02 was released on March 20, 1997. An upgrade to IE 3.03 SP1 was released the following year for Y2K compliance.
Ashley Madison - 789 out of 950
It’s not much of a surprise that the dating/cheating site whose security has been scrutinized the most also scores the highest-- their administrators have likely been paying a lot of attention to data security since their widely publicized user data leak. To be fair, the Ashley Madison leak was thought to be an inside job, thus the security flaws responsible would not be detectable through this external web scan. But it stands to reason that in the aftermath of the crisis, the company gave extra consideration to web security.
Have a look at the full list, and give the Website Security Grader a spin for yourself.
How CSTAR Works What's In the Website Risk Grader? Understanding Risk in the 21st Century
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >
And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >