The love fest may be coming to an end for the hundreds of thousands of users searching for that special someone through one of the largest free online dating sites. OkCupid is placing users’ privacy in peril by neglecting to support access that is secure its whole site through HTTPS. Every email that is okCupid talk session, search, clicked link, web page seen, and username is transmitted on the internet in unencrypted plaintext, where it could be intercepted and look over by anybody from the system.
Screen shot from OkCupid Help Forum. While passwords after inital signup aren’t sent within the clear, there are various other security that is severe with OkCupid.com.
“HTTPS” is standard web encryption that ensures information sent and gotten on line is encrypted in the place of as plaintext. OkCupid will not enable HTTPS across the site, meaning while OkCupid does not leak passwords entered during log in over plaintext, it can leak plenty of other sensitive and painful information. OkCupid’s failure to potentially offer HTTPS support reveals:
- E-mail content from within OkCupid
- Content of online chats on OkCupid
- Queries conducted on the internet site
- Every page that is unique, and therefore all pages viewed
- Content of “hidden” questions–questions a person reacts to so that you can enhance match outcomes then again marks as “private” so others cannot see his / her reaction
Neglecting to provide HTTPS is specially unfortunate because OkCupid offers a number of privacy-enhancing methods for limiting who is able to access your profile. As an example, users whom mark their orientation that is sexual as or bisexual may decide never to enable their profile become seen by right people. (more…)