And what do you know, the unsubscribe link for Fitness-Singles.com doesn't work! It appears to update their database (it takes me to a page which seems to remember the unsubscribed options being ticked between visits) but it doesn't actually prevent spam being sent to me! Wankers.
This isn't the first time it's happened to me either, divorcedpeoplemeet.com did more or less the same, spamming me with a profile it had set up, obviously with password in plaintext and no verification email. The interesting thing is that divorcedpeoplemeet.com is run by match.com / IAC, supposedly a reputable bunch. I emailed them about it, they deleted 'my account' but refused to engage with my points about the spam / security problems.
So I did some reading. There are loads of examples of dodgy practices in this industry. There's a BBC documentary about it. To save you 30 minutes (although I'm not going to repeat names of specific companies here), the main thrust of the documentary is about sites creating fake profiles to entice users. The documentary also manages to buy a database of fake profiles from a company in the US, containing examples of British people who didn't know their data was for sale.
Sites want genuine profiles to attract customers but they need
customers to create those genuine profiles. So a common model is to make
it very easy to sign up and create a profile for free, increasing the
number of profiles, but to interact with matches, a customer has then
got to pay. This model creates unfortunate incentives. If caught with its pants down, the company can plausibly blame 'scammers'.
Many dating sites (probably most) are just affiliate sites to the same umbrella
network. Someone sets
up an affiliate site which they will try to establish a brand and USP
with, e.g. tractionengineenthusiastsdating.com (I made that up), and the umbrella site gives the affiliate cash for every customer signing up. Here's the sneaky
bit, tractionengineenthusiastsdating.com doesn't just display profiles
of people signed up on that site, but everyone on the umbrella
network who matches some criteria. It might surprise someone to see
their profile visible on a completely different site.
If the site is an affiliate network, tricks like fake profiles get even easier. Any affiliate can dump fake profiles onto the central network, and the affiliate can be kept at arms length, with the umbrella network able to deny all knowledge.
There are various reports of various sites refusing to delete
profiles of people (because that would be one less profile on the site),
or editing profiles to remove text like "NB: I'VE LEFT THE SITE". From the ICO's letter to dating companies, it is concerned about T&Cs which give the company irrevocable rights to users' data.
Another example of fishy stuff is that plentyoffish.com got hacked, and it turned out they stored passwords in plaintext! Not so surprising they stored them in plaintext when apparently they automatically email(ed) members with their account details if they've been inactive for a certain amount of time!
Anyway, it seems dodgy practices are widespread. People are being ripped off, and I wouldn't say it's a case of caveat emptor, it's closer to fraud. Instead of specific legislation, or some QUANGO (with a plush London office, and chief exec on 6 figures, and a team of staff, all taxpayer funded), could we have a data protection act with real teeth?
No comments:
Post a Comment