And what do you know, the unsubscribe link for Fitness-Singles.com doesn't work! It appears to update their database (it takes me to a page which seems to remember the unsubscribed options being ticked between visits) but it doesn't actually prevent spam being sent to me! Wankers.
This isn't the first time it's happened to me either, divorcedpeoplemeet.com did more or less the same, spamming me with a profile it had set up, obviously with password in plaintext and no verification email. The interesting thing is that divorcedpeoplemeet.com is run by match.com / IAC, supposedly a reputable bunch. I emailed them about it, they deleted 'my account' but refused to engage with my points about the spam / security problems.
So I did some reading. There are loads of examples of dodgy practices in this industry. There's a BBC documentary about it. To save you 30 minutes (although I'm not going to repeat names of specific companies here), the main thrust of the documentary is about sites creating fake profiles to entice users. The documentary also manages to buy a database of fake profiles from a company in the US, containing examples of British people who didn't know their data was for sale.
Sites want genuine profiles to attract customers but they need
customers to create those genuine profiles. So a common model is to make
it very easy to sign up and create a profile for free, increasing the
number of profiles, but to interact with matches, a customer has then
got to pay. This model creates unfortunate incentives. If caught with its pants down, the company can plausibly blame 'scammers'.
Many dating sites (probably most) are just affiliate sites to the same umbrella
network. Someone sets
up an affiliate site which they will try to establish a brand and USP
with, e.g. tractionengineenthusiastsdating.com (I made that up), and the umbrella site gives the affiliate cash for every customer signing up. Here's the sneaky
bit, tractionengineenthusiastsdating.com doesn't just display profiles
of people signed up on that site, but everyone on the umbrella
network who matches some criteria. It might surprise someone to see
their profile visible on a completely different site.
If the site is an affiliate network, tricks like fake profiles get even easier. Any affiliate can dump fake profiles onto the central network, and the affiliate can be kept at arms length, with the umbrella network able to deny all knowledge.
There are various reports of various sites refusing to delete
profiles of people (because that would be one less profile on the site),
or editing profiles to remove text like "NB: I'VE LEFT THE SITE". From the ICO's letter to dating companies, it is concerned about T&Cs which give the company irrevocable rights to users' data.
Another example of fishy stuff is that plentyoffish.com got hacked, and it turned out they stored passwords in plaintext! Not so surprising they stored them in plaintext when apparently they automatically email(ed) members with their account details if they've been inactive for a certain amount of time!
Anyway, it seems dodgy practices are widespread. People are being ripped off, and I wouldn't say it's a case of caveat emptor, it's closer to fraud. Instead of specific legislation, or some QUANGO (with a plush London office, and chief exec on 6 figures, and a team of staff, all taxpayer funded), could we have a data protection act with real teeth?
Tuesday, 24 December 2013
Wednesday, 18 December 2013
Fitness-Singles.com Spam
I came home today to an email welcoming me to Fitness-Singles.com (or fitnesssingles.com as is used on the email, which redirects to the first address):
The thing is, I didn't sign up or visit the site, and I've never visited it. Note the plaintext password in the email. That's a huge security no-no. There was also no confirmation email, to verify that the person creating the account owns the email address, another security no-no.
The reason that is bad is that a scammer might set up accounts for email addresses they have on a spam list, and some of those victims will log in using the username and password the scammer created, conveniently sent back to the victim. With online dating, security, screening, and trust is are big things that a web site should want to emphasise, and this site seems to be ignoring simple security best practices.
Another strange thing is the message at the bottom about unsubscribing. I get those messages on marketing emails, but not in emails referring to bona fide membership of sites. So I suspect this is a marketing exercise from Fitness-Singles.com rather than something a third party scammer set up. The aim would be to make it as easy as possible for people to get on the site, but at the expense of standard security practices.
I then did some Googling. Look at this from their FAQs:
The reason that is bad is that a scammer might set up accounts for email addresses they have on a spam list, and some of those victims will log in using the username and password the scammer created, conveniently sent back to the victim. With online dating, security, screening, and trust is are big things that a web site should want to emphasise, and this site seems to be ignoring simple security best practices.
Another strange thing is the message at the bottom about unsubscribing. I get those messages on marketing emails, but not in emails referring to bona fide membership of sites. So I suspect this is a marketing exercise from Fitness-Singles.com rather than something a third party scammer set up. The aim would be to make it as easy as possible for people to get on the site, but at the expense of standard security practices.
I then did some Googling. Look at this from their FAQs:
Are your members for real?
Absolutely. All profiles are user generated and we are extremely diligent about removing any profiles that are misleading or created for purposes other than finding an activity partner or a date. Our editorial staff monitors profiles 24/7 and will intercept any profile we deem questionable before it enters the community.Occasionally, if a profile is approved that turns out to be phony or an attempt to spam, we move quickly to remove it from our community. If you come across any of these profiles, please contact us to report them immediately to our profile evaluation team and we will review the member in question promptly.
Oops! How can this be taken seriously when 'members' can receive emails such as the above from them?
So maybe there's a difference between accounts (one of which I apparently have been given) and profiles, which possibly I don't have because I wouldn't have filled one of those out. So if a spam membership email doesn't result in an active profile, then they could still claim their profiles are real. But email number two was also waiting for me when I got home:
Oops! It looks like my 'profile' can be seen by other members, if that email is to be believed. And notice the lack of spam unsubscribe message.
Almost the end of my outraged whinge. But what's this? I have a new message from some bronzed Adonis!
Note the unsubscribe message is back. There's even a "this email may contain advertisements", which might suggest that not all profiles are genuine, or that the person behind that genuine profile didn't really send a message, it's just an inducement to get me to create a profile.
Then Email #4 in 24 hours then said that a member has requested my photo. I bet.
On their home page, it says they're a BBB-accredited business. So will send BBB a link to this post. If anyone from Fitness-Singles.com would like me to delete this post, I'm more than happy to do that if you stop doing this kind of stuff.
Thursday, 27 June 2013
More HS2
So the budget has been increased to near on £43bn today. I seem to remember the cost-to-benefit-ratio was charitably 1.4 last time, so the extra ten billion brings that down to 1.05. The associated costs of raising the money (i.e. economic activity that doesn't happen because people are taxed that bit more) I would guess put the 1.4 figure into the not-worth-bothering-with category. Now with a BCR of 1.05 it's in the let's-criminalise-wreckless-politicians category.
Subscribe to:
Comments (Atom)