Uses secure cookies or HSTS For sites that require users to log in, the site may set a cookie in your browser containing authentication information that helps the site recognize that requests from your browser are allowed to access information in your account.That’s why when you return to a site like Ok Cupid, you might find yourself logged in without having to provide your password again.
Delete data after closing account After a user closes an online dating account, they may want the assurance that their data isn’t hanging around for week, months or even years.
We have individually contacted each of the companies listed below to ask them to clarify their policies on deleting data after an account is closed; we’ll update this chart if we learn more from the companies.
Note that this text is taken from their policies as of the publication of this post, and these policies can change at any time!
In our chart, we gave a heart to the companies that employ HTTPS by default and an X to the companies that don’t.
We were shocked to find that only one site in our study, Zoosk, uses HTTPS by default.Any site that provides insecure cookies at login could be vulnerable to session hijacking.HSTS (HTTPS Strict Transport Security) is a new standard by which a web site can request that users automatically always use HTTPS when communicating with that site.In some cases, a sophisticated attacker can actually rewrite the entire page.We gave a heart to the websites that keep their HTTPS websites free of mixed content and an X to the websites that don’t.Free of mixed content Mixed content is a problem that occurs when a site is generally secured with HTTPS, but serves certain portions of its content over an insecure connection.