The love fest may be coming to an end for the hundreds of thousands of users searching for that special someone through one of the largest free online dating sites. OkCupid is placing users’ privacy in peril by neglecting to support safe usage of its whole site through HTTPS. Every OkCupid e-mail, talk session, search, clicked link, web web page seen, and username is sent over the Internet in unencrypted plaintext, where it could be intercepted and look over by anybody regarding the community.
Screen shot from OkCupid Help Forum. While passwords after inital signup aren’t sent within the clear, there are some other severe protection issues with OkCupid.com.
“HTTPS” is standard web encryption that ensures information delivered and received on the net is encrypted in place of as plaintext. OkCupid will not enable HTTPS across the website, meaning that while OkCupid doesn’t leak passwords entered during log in over plaintext, it will leak lots of other delicate information.