The love fest may be coming to an end for the hundreds of thousands of users searching for that special someone through one of the largest free online dating sites. OkCupid is placing users’ privacy in peril by failing woefully to support safe use of its whole website through HTTPS. Every OkCupid e-mail, chat session, search, clicked link, web web page seen, and username is transmitted on the internet in unencrypted plaintext, where it could be intercepted and read by anybody in the system.

Screen shot from OkCupid Help Forum. While passwords after inital signup aren’t sent within the clear, there are various other security that is severe with OkCupid.com.

“HTTPS” is standard web encryption that ensures information delivered and gotten on the net is encrypted rather than as plaintext. OkCupid does not enable HTTPS across the website, meaning while OkCupid does not leak passwords entered log that is during over plaintext, it can leak plenty of other sensitive information. OkCupid’s failure to offer HTTPS support possibly reveals:

• E-mail content from within OkCupid
• Content of online chats on OkCupid
• Queries conducted on the website
• Every unique web page seen, and so all pages looked over
• Content of “hidden” questions–questions a person reacts to so that you can enhance match outcomes then again marks as “private” so others cannot see his / her reaction

Neglecting to provide HTTPS is especially unfortunate because OkCupid offers many different privacy-enhancing ways of restricting who is able to access your profile. As an example, users whom mark their intimate orientation as homosexual or bisexual may choose to not enable their profile to be noticed by right people. Continue reading →