Be careful with OKCupid. I'd been using it on and off for a while and recently I got a notification saying that my email address on my account had been changed, then 2 minutes later, that my password had. You don't need to confirm anything to change the email on your account! Not even click an email link!
I was panicking
I was still receiving phone notifications despite not being to log into the app. I could see that messages were being sent and received but couldn't access my account. I believe that others are being scammed using my account
I quickly changed all other passwords and contacted OKC immediately. It's been a week now with no response. OKC have lost a paying customer for life
You mean you can change the email without a password? Why would it be a problem if they require your password but nothing else in order to change your email?
OKCupid specifically requires your real name which is beyond stupid for a dating site.
Anyone whose done online dating knows about stalkers and the need to hide your identity but these guys want real names.
As for Grindr we’ll isnt that owned by China? What better place to entrust your most compromising personal information, and what better long term investment if you want compromising information that one day in the distant future might be to your advantage.
Even before requiring your real name, OkCupid was pretty blah for some people, a friend of mine had a woman message him, before he could reply, with a few things in his profile she was able to identify him and then went full psycho. Ultimately she made multiple posts on Cheaterville.com and made claims he gave her STDs etc, which cost him an acting job when the casting people googled him and BAM it was one of the first things to pop up. The messages she sent were just nuts, I documented them here: https://www.ryanmercer.com/ryansthoughts/2012/1/20/a-troll-a...
Now, I wonder if perhaps staff/owners of Cheaterville weren't using dating sites to attempt to find people to blackmail. IIRC the site would remove any posts about you for a hefty fee.
I was an early adopter of OkCupid, in fact long before they were acquired I was actually a volunteer moderator. It was interest in the early days because you could tag stuff "I like [[Metallica]], I read a lot of [[science fiction]], and I like to eat [[pizza]] before going to [[SCA]] fighter practice" and you could find people with similar interests that way, which was cool. I actually met some really cool women and am still friends with a couple of them. But then it started going downhill pretty quickly once they were purchased by the Match.com folks. Lots of dumb changes, removal of long-standing features, drastic increase in spam messages from people hundreds (or thousands) of miles away, requiring real names etc.
Didn't surprise me.
Every single time I'd pay for a Match.com account (over multiple years, as recently as last year), within a day of my subscription someone would message me. I'd always, like a sucker, pay again and reply and nothing... or they'd reply once or twice with very basic replies and stop. Now, I'm not saying they're scamming users to get them to pay for another month but... sure feels like it.
I anecdotally noticed a massive increase in spam/fake accounts when the same company bought Tinder too.
This sounds to me more like "better police involvement around the crime of stalking" than "okcupid are bad"
I can see why having "screen names" is good and why having "Jenny S from NYC" beats "picture of Jennifer Smith, 32 acadia Avenue Queens" on the site profile but if it's crime we worry about, it's police we need.
I would be interested in knowing if I am deaf to a much larger problem than I am aware of.
Isn't it better to prevent undesirable behaviour in the first place rather than place additional burden on the police (for a trivial mostly non-dangerous behaviour)?
Also, is stalking actually a crime now? When does "wanting to talk to someone" become a crime? Are recruiters stalking me on LinkedIn? What if they keep sending me emails and I keep not replying?
I think the bar for putting people in jail should be much higher than that.
Eh, we are not really talking about facebook "stalking" with someone looking at your facebook profile, but about people continually harassing you and trying to contact you through all sorts of means.
I think the bar for putting people in jail for the above is just right, might even be too low.
Stalking has a crime in all of the US states for 15 years, and has been a crime in most for longer than that.
If you are repeatedly contacting or surveilling someone, despite being told to stop, and are making them feel unsafe or intimidated, then you are probably violating the laws against stalking.
With their multiple-choice questions, OkCupid has a lot of in-depth personality data that is a total privacy nightmare if leaked to anyone. And therefore very valuable. Things like diet, sleeping habits, sexual preferences, religious and political alignment, addictions, everything really.
"Leaked?" "Privacy nightmare?" Last time I used OkCupid was like a decade ago. Back then you could view everyone's answers to their multiple choice questions right on their profile. It's purpose is (was?) literally to be read by others. Just like the purpose of this HN post is for others to read.
Edit: I think you could view them only if you both gave answers to the same question.
>Edit: I think you could view them only if you both gave answers to the same question.
Correct, but it would show you the questions you hadn't answered and let you answer them right then and there to see their response, meaning a couple of clicks. Scripting that for mining would have been trivial via the website.
But that messes up the data it's using to try to give you compatible matches. And it misinforms the people you're trying to meet (assuming public answers).
I think a dating app (especially the ones which have vulnerable groups like Grindr in this case) should never be ad supported. OkCupid also has a lot of detailed data about users and that getting leaked to third parties is absolutely horrible.
IIRC, there are “anonymized” OKC datasets out there already. Given the nature of the data and a few bits worth of information, it would probably be really easy to deanonymize the dataset.
> I think a dating app should never be ad supported
Then it's subscription based, which has been shown to be a hard market to work in. Plus any company that gets paid via subscription has an incentive to keep users on the site and paying money -- which, if a dating app works, won't do. Like, if the app is effective then people will find a partner and stop using it, ending their subscription and cutting costs.
> (especially the ones which have vulnerable groups like Grindr in this case)
I fail to see how their privacy is different from anyone elses. Or how their kinks are any less or more destructive than others. Grindr is already banned in Iran, Turkey, and Saudi anyway
Not really. All the match.com's owned apps (Tinder, OkCupid, Hinge etc) have very successful subscription models. I follow the top grossing apps for iOS and Tinder, Match, OkCupid are always on the list. It's more so that here, the Match.com people want to squeeze every dollar out of their users and are willing to compromise their privacy by supporting ads.
I understand and agree with the point about subscriptions leading to an incentive to keep users on the app. But this is also true for ads supported ones. Dating apps have conflicting goals with user goals. That's why Tinder grosses so much money - because it's a mostly hookup app where quantity matters. So people keep coming back to the app and Tinder keeps making more money.
I do think if the data for the vulnerable groups falls in the wrong hands, it can destroy people's lives. Imagine an international student from Iran visiting US and having a profile on Grindr. If this info somehow gets leaked back home, his life is in danger next time they visit back home. This also has higher chances of being used as blackmail material by someone else.
This is one of the cases which the 2 Nigerian brothers have against Jussie Smollett's lawyers - the lawyers had made a claim that the brothers were attracted to Jussie. The brothers make the claim it's not true and that also puts their life in risk when they visit back home.
Sadly this is not new. Back in the days (at least in 2013) I played with wireshark to find out what dating apps were sharing with advertising platform to generate banners. There was the following data:
- OS platform with version
- Prefered language
- Career network
- Current connection (3g/Wifi).
- Exact position (altitude/latitude/longitude)
- Sexual orientation
- Twitter ID and Facebook ID (as long as the app can have access to it).
Given the context, when I first read this I was like wow! Advertisers want to know your sexual position? Then, I saw lat, lon and then realized that either way shouldn't surprise me.
I'm not aware of any. But if someone does has a reasonable privacy policy, how do you know that they actually adhere to it?
I've used dating sites in the past, but more recently I learned that it's much more fun, and works much better, to engage in real-life activities that get me around people I don't know, then ask interesting people out directly.
I was hacked 3 times on okc. Thankfully, all the info there I put was fake, I somehow sensed their security is wack judging from the user interface and the constant app crashes and bugs. There are also multiple reports of users who got hacked. I remember on one occasion my phone number was on a conversation and was picked up by hackers to text me in person pausing under some "Jessica".
Seriously it is probably not restricted to dating sites, but information about sexual orientation and preference is especially worth it to marketeers. Not just products but also media companies that might like to know how to cater to specific audiences and their needs.
I don't understand how certain laws exist yet without the obvious steps to ensure it is followed - no oversight for companies like this? I'm pretty sure the companies taxes will be checked every year.
How about a ban on establishing a database of individually identifiable user profiles? Restrict data storage to anonymised statistical usage only. A technically possible way to achieve this is using a system like Keybase which could transfer profile data ownership to the individual.
Politicians don’t spend any of their own money more than any other taxpayer. However, the more money politicians can influence to be spent, the more influence they have.
For example, the ban on marijuana has yielded tremendous returns for politicians and their associates in the police equipment and prison businesses.
If Gmail was an unsustainable business because obeying the law is too expensive, it'd deserve to die.
Edit: My point is that existing businesses must not be exempt from new legislation, nor compensated under investor protection. Conversely, whether something should be allowed or not must not be based on the number of succesful businesses in that sector.
And my point was that yours is far more restrictive than GDPR - if you interpret "profile" literally, you've also banned all online banking, possibly banking in its entirety!
The GDPR allows you to collect profile information for the purposes of performing a service etc.
The current discourse in America seems to be that corporations are justified in anything they do as long as it stays within the letter, if not the spirit, of the law. Therefore, even if they are not possible to audit, I can see value in laws that establish how the system is intended to work.
Constructive question and answering this properly might take a few years and a couple of thousand pages. Tax legislation isn't done by forum posts.
However, in generic terms. Financial transactions are audited by enforcing the use of a ledger, with rules for how all transactions must be entered into the ledger.
Auditing data transactions could be implemented in a similar fashion, by demanding that all data usage is entered into a ledger, and that evidence is produced that the rules are followed. It could be similar to what EU is doing this with GDPR. GDPR can be audited and it is purely related to what is being done with data. Modelling a "data usage" legislation on this type of existing data legislation could be possible.
Precisely what would be taxed is perhaps not the core of my message. However, taxes have side effects: companies wants to minimize taxes. If society would like to minimize the use of personal data, a tax on personal data use would have such an effect. Unprofitable use of personal data would decrease.
The key is to make data a liability not an asset. So it is too expensive to store any data that is not directly essential. Maybe a ratio of number of users in your database to the turnover of the company? A flat fee of $100/year perhaps for every permanent record you keep, a company could still sell products perfectly well without requiring users to actually register.
There would be oversight where there is not currently b/c of the motivation of taxes. No one suggested paying taxes on illegal activity would make it legal - but it would create a papertrail.
Neither Grindr nor OkCupid are non-profits. As the apps are free as in beer, if you don't pay with money, you pay with your data. If they didn't sell data, how would they make money? How would they get those valuations? If paid dating services do this, which they probably do, I agree it's scandalous. But in this case, it's more or less implied. Of course it's sad that so few people are aware of this fact.
They both make money from premium memberships that give extra functionality and features. Remember kids, collecting and selling data is never okie dokie.
It doesn't follow that because an app is free as in beer that the app company is selling your data to make up the cost of running the app. For one thing, the likes of Plenty of Fish got to near billion $ valuation via AdSense and banner ads. I imagine people generally think this is how apps earn their money, if they were forced to think about it, especially since lots of freemium apps simply remove some banner ad when you pay.
Secondly, many companies are getting to mega valuations with free apps, via debt.
The idea that if you pay for a service they won't probe for, exploit, and sell your data is a fairy story where companies leave money on the table because they decide they have enough money. The data of paying customers is worth even more than the data of deadbeats.
Only homophobia there is the kind you imagined into it.
Article discusses european privacy laws as they relate to romantic/sexual preferences/arrangements that stopped being taboo long ago. At the same time, most european countries have no strong protection of political free speech, so you can be fined or jailed for unpopular opinions--which in many cases, tech companies are required to report.
And even in the US, where we do have constitutional protections, if my helicopter vid in the grinder profile leaks, it's like, "oh gee, i sure hope mom doesn't see" whereas, if the bossman finds out that i'm boycotting sabra hummus on FB, i lose my damn job.
edit: I like privacy, but thanks to technology, now it's a losing battle. A better arrangement would be if we just didn't exploit/destroy people for any leakages/revelations about their inner lives.
Political beliefs are definitely also part of the questions that OkCupid asks. From what I recall, some of the questions include views on climate change, views on Trump, would you date someone who expressed negative views about another race, views on gun control, etc.
I was panicking
I was still receiving phone notifications despite not being to log into the app. I could see that messages were being sent and received but couldn't access my account. I believe that others are being scammed using my account
I quickly changed all other passwords and contacted OKC immediately. It's been a week now with no response. OKC have lost a paying customer for life