Your message to OK Cupid was sent! Now can you share?
Spread the word so other's know what's going on. If enough of us contact them, they'll do the right thing and protect our safety!
OKCupid doesn't use basic HTTPS encryption to protect user privacy, so everything you do on the site can be seen by anyone who wants to spy on you. Every question you've answered. Every message you've sent. Every profile you've visited. Dating sites house some of our most personal and potentially embarrassing data. Cutting corners on security isn’t just sloppy, it’s unsafe.
“Dear OKCupid: It’s your responsibility to protect users by using standard security practices like HTTPS encryption. Clean up your act and stop putting our privacy and safety at risk.”
Fight for the Future will contact you about future campaigns. Privacy Policy
Unfortunately, right now, the answer is no. OKCupid doesn’t use HTTPS encryption to protect their users’ safety on the vast majority of pages on their site. HTTPS encryption is considered standard web encryption used by all secure sites (it’s that little lock icon that your browser displays when you’re on a secure page.)
Without HTTPS protection, anyone who tries even a little bit hard can see every question you’ve ever answered (yep, even the ones answered “privately”), every message you’ve ever sent, and every profile you’ve ever visited. Using a simple hacking tool that anyone could easily get online, someone could even take over your account and impersonate you, all because OKCupid isn’t using this super basic form of security that is standard across the web.
OKCupid asks users to share incredibly sensitive and potentially embarrassing information to power it’s “matching” algorithm. Users answer extremely personal questions about their sexual preferences and health; drug use and other illegal activity; their political and religious views; and whether they like anal sex.
Since all of this information is transmitted over the internet in plain text, completely unencrypted, it’s an easy target for anyone who wants to obtain or expose it: a jealous ex, an employer, local cops, anyone. It’s even more terrifying to think that someone could target an entire group of OKCupid users, say LGBTQ people who are not out to their families, or people from a certain religious background, and expose their data online.
OKCupid needs to start using sitewide HTTPS encryption right away. There’s absolutely no reason that a company of their size isn’t using standard security practices that are widely considered to be necessary for basic online safety. They certainly aren’t hurting for money. The company that owns OKCupid has more than $3.1 billion in revenue.
Unfortunately, we’ve learned from recent high profile breaches like Ashley Madison and Target that companies will often wait until a disaster happens to patch up their gaping security holes. But if enough of us speak out, we can get OKCupid to do the right thing, and hopefully many other companies that house sensitive user data will follow suit. As more and more of our lives move online, we need to hold web companies accountable to keep ourselves safe in the digital age.
Please sign the petition and share this with everyone you know!