Pinterest Stumbleupon Whatsapp
Ads by Google

You may be aware that Ashley Madison, a “discreet” online dating site Online Dating - Men Don't Get It And Women Don't Understand Online Dating - Men Don't Get It And Women Don't Understand Do online dating websites work? It's time for a frank discussion! What I learned from interviews was that online dating is equally painful for men and for women, but for very different reasons. Read More targeted primarily at cheating spouses, was recently hacked. The site has garnered controversy for many years, largely by running ads like these:

The hackers, who call themselves as “The Impact Group” are threatening to release data on millions of users (including compromising images and personal information) if the site isn’t taken down by its parent company, Avid Media Life, which owns a number of other hookup sites.

The motive for the hack appears to be a moral objection to the operations of the site itself, although it would be naive to count out the possibility that the real objective is blackmail What Motivates People To Hack Computers? Hint: Money What Motivates People To Hack Computers? Hint: Money Criminals can use technology to make money. You know this. But you would be surprised just how ingenious they can be, from hacking and reselling servers to reconfiguring them as lucrative Bitcoin miners. Read More , and the hackers are simply trying to confuse the issue.

All 37 million users may be affected, as well as any past users – including those who have deleted their account. AML has stated publicly that their internal investigation is ongoing, and they believe they have a good idea of who is behind the hack. According to AML CEO Noel Biderman,

“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication […] I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”

So far, the coverage of this issue has been a little, well, call it snide. There’s a general sense that this is not a serious issue, and even a degree of support for the hacker, including from large publications like the Daily Mail. The sense, in general, is that the victims of the hack got what was coming to them. Today, I’d like to talk about why this reaction is irresponsible, and misses a much larger issue that we should be concerned about.

Ads by Google

Complex Repercussions

Two days ago, a man claiming to be a gay Saudi posted to Reddit asking for help. As a user of Ashley Madison, he faces execution if his name and photographs (some of which depict acts of homosexual sex) become public. If his story is true, he’s far from alone: the anonymous, discreet nature of sites like Ashley Madison obviously appeals to gay people, especially in jurisdictions where gay sex is criminalized. There have already been executions for homosexuality this year. In fact, Saudi Arabia has been stepping up its executions this year, calling it a ‘streamlining of the justice system.’

The anonymous Reddit user posted,

“I am from a country where homosexuality carries the death penalty. I studied in America the last several years and used Ashley Madison during that time. I was single, but used it because I am gay; gay sex is punishable by death in my home country so I wanted to keep my hookups extremely discreet. I only used AM to hook up with single guys.[…] I AM ABOUT TO BE KILLED, TORTURED, OR EXILED. AND I DID NOTHING WRONG.”

This is horrifying, but gay users of Ashley Madison are not the only people who don’t fit the ‘get what they deserve’ narrative. What about jurisdictions where divorce is illegal? What about abusive relationships This App Can Help Those In Abusive Relationships Discreetly Reach Out For Help This App Can Help Those In Abusive Relationships Discreetly Reach Out For Help Aspire News is not actually a news reader, instead it's a cleverly disguised app for helping those trapped in abusive relationships. Read More , where a spouse may not feel physically safe to ask for a divorce? What about people who made an account, but ultimately opted not to go through with it? Do all of these people deserve to be outed? Because if this information is publicly released, they will be.

In the hackers’ manifesto, they are less than sympathetic to the plight of the site’s millions of users,

“Too bad for those men, they’re cheating dirtbags and deserve no such discretion […] With over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

Obviously, it’s unlikely that the hackers gave specific thought to these situations when they wrote that – but that’s exactly the problem. These hackers are vigilantes, not responsible guardians of data entrusted to exercise good judgement. They were never trusted with all of this sensitive information, and for good reason!

Hearing about this hack and saying ‘good for them’ is missing the point. The story here isn’t about cheaters being outed, it’s about just how little the companies we trust respect our privacy. Ashley Madison failed in their obligation to protect the privacy of their users – on a colossal scale. And they aren’t the only ones.

A Pattern of Neglect

In late May, a hacker gained access to the database of Adult Friend Finder, a hookup site – allegedly blackmailing the site for $100,000, and posting the data online. In response, a different hacker named Andrew Auerenheimer began outing public figures at random on Twitter, including details of their sexual habits. Those outed included an FAA employee, and a Washington Police Academy commander. The information on more than 3.5 million users is freely available online. And, I stress, this is not a ‘cheating’ website. These people, for the most part, did nothing wrong – and yet they find themselves publicly humiliated anyway.

It’s not just these two sites, either. Just two months ago, a blogger who goes by the name Mircea Popescu noticed that the fetish-oriented dating site FetLife did not correctly protect its database from external users, allowing anyone with basic coding knowledge How To Learn Programming Without All The Stress How To Learn Programming Without All The Stress Maybe you've decided to pursue programming, whether for a career or just as a hobby. Great! But maybe you're starting to feel overwhelmed. Not so great. Here's help to ease your journey. Read More to mine it and collect a master list of all profiles, images, and videos. Popescu used this to create what he refers to as the “FetLife Meatlist” – a list of thousands of female Fetlife users under 30, for purposes of public shaming.

Ironically, this is the second time I’ve run across Popescu in my writing. Popescu is a member of a group who call themselves “The Bitcoin How To Spend And Store Bitcoins Safely, Easily, and for Free How To Spend And Store Bitcoins Safely, Easily, and for Free Read More Lordship,” who opposed a necessary increase in the Bitcoin block size for some very silly and shortsighted reasons. I remember thinking that he in particular was an ugly combination of paranoid, narcissistic, and downright mean. I now feel somewhat vindicated in that assessment, and more than a little gratified that his blog seems to have shutdown in the ensuing mess.

Trust me: nothing of value was lost.

However, again, focusing on the hacker’s motives (nasty though they may be) is missing the point. Serial philanderers and sociopaths, as colorful as they are, are distractions from the real story here, which is how profoundly these sites have failed to provide even the most basic and necessary computer security.

Screenshot 2015-07-26 at 3.50.59 AM

FetLife brags in their advertising material that they have a “Fetish for security,” and emphasize their use of SSL. Secure Socket Layer What Is an SSL Certificate, and Do You Need One? What Is an SSL Certificate, and Do You Need One? Browsing the Internet can be scary when personal information is involved. Read More  is a web-wide standard, used by practically every website and the browsers of their users. In reality, anyone with a basic knowledge of web scripting can (legally!) scrape every piece of information from FetLife’s website, since they’ve gone to no trouble to protect it. Ashley Madison and Adult Friend Finder are guilty of similar security sins.

These sites (and likely many others that have not yet come to light) have been negligent beyond belief, given the sensitivity of the information they handle. Sharing opinions and making judgements on the victims’ sex lives is not going to solve this problem..

Have you been affected by the hacks of these online dating sites? Concerned about the security of our personal information online? The discussion starts in the comments!

  1. Andre Infante
    July 27, 2015 at 11:39 pm

    Of course security is never perfect, but there are a limited number of hackers in the world, and a lot of targets.

    Increasing your security is still a net win, even if it doesn't protect you from everyone, because it reduces the number of attacks who are able to compromise your system. That smaller pool of hackers is less likely to target you, thanks to the sheer number of targets available.

    Every improvement in security makes you safer. Just, not perfectly safe. Certainly something like protecting your database is a net win, and failing to do is is irresponsible.

  2. fcd76218
    July 27, 2015 at 11:14 pm

    You are being a bit unfair here. When the Pentagon and other supposedly highly secure sites are hacked, what chance do Ashley Madison and FetLife have? In spite of not wanting to admit it, we all know that the Internet is basically not secure. Anyone who claims that it is secure is either very naive or has his/her head buried in the sand up to their butt. Thousands of sites are hacked on an annual basis of which we hear only about the most egregious cases.

    Members of The Impact Group and other similar gangs, when apprehended, should be buried neck-deep in a fire ant hill. If ant hills are not available, bastinado would work just as well.

Leave a Reply

Your email address will not be published. Required fields are marked *