The love fest may be coming to an end for the hundreds of thousands of users searching for that special someone through one of the largest free online dating sites. OkCupid is placing users’ privacy in peril by failing continually to support protected use of its whole site through HTTPS. Every email that is okCupid talk session, search, clicked link, web page seen, and username is transmitted on the internet in unencrypted plaintext, where it may be intercepted and read by anybody regarding the system.
Screen shot from OkCupid Help Forum. While passwords after inital signup aren’t sent within the clear, there are various other severe security issues with OkCupid.com.
“HTTPS” is standard web encryption that ensures information delivered and gotten on line is encrypted in place of as plaintext. OkCupid will not enable HTTPS across the website, meaning that while OkCupid does not leak passwords entered during log in over plaintext, it can leak plenty of other sensitive and painful information. OkCupid’s failure to potentially offer HTTPS support reveals:
- E-mail content from within OkCupid
- Content of online chats on OkCupid
- Queries conducted on the website
- Every page that is unique, and therefore all pages looked over
- Content of “hidden” questions–questions a person reacts to so that you can enhance match results then again marks as “private” so others cannot see his / her reaction
Neglecting to offer HTTPS is specially unfortunate because OkCupid offers many different privacy-enhancing methods for limiting who is able to access your profile.