Some dating websites do not remove GPS data from photos

Jan 13, 2012

(PhysOrg.com) -- While the majority of dating websites do a good job of managing the privacy of their users, a class research project at the University of Colorado Boulder’s Leeds School of Business found that 21 of 90 dating websites the class examined did not properly remove location data from pictures uploaded by their users.

As a result of people taking more photographs with cameras and cell phones containing Global Positioning System chips, some dating website profile pictures contain GPS coordinates showing where a picture was taken, said Associate Professor Kai Larsen, who taught the class on Privacy in the Age of Facebook. When such is not removed by the dating website, commonly available tools can be used to detect the location of a person’s residence or other locations frequented by the user.

This gap in privacy protection leaves women users especially vulnerable to online predators, the CU-Boulder student researchers said. Users of dating websites share a plethora of private details but generally will not share their addresses or real names unless a stronger relationship develops through multiple online and offline interactions.

The largest dating sites, such as Match.com and PlentyofFish.com, were found to remove location metadata from user profile pictures. But 23 percent of the 90 websites were found to leave metadata attached to the profile photo. All of these specialized dating sites were based on such attributes as age, disability, hobby or religion.

Twelve of the 21 websites were run by a single Canadian company, SuccessfulMatch.com. According to the SuccessfulMatch website, the company runs 24 dating websites on the same platform, 12 of which were not examined as part of the research project.

“While we were pleased to see such a high level of responsible behavior by online dating companies, an online predator would require no more than one website to act irresponsibly,” Larsen said. “The fact that we found more than 20 websites that do not carefully maintain user privacy is cause for concern, in that individual users are left to maintain their own privacy by carefully confirming that any uploaded picture does not contain GPS coordinates.”

Metadata is “a set of data that describes and gives information about other data,” Larsen said. Such information that can be derived from online photos includes camera type, date of capture, whether the picture has been altered and coordinates of where the photo was taken.

Dating websites have the ability to “scrub” or eliminate such metadata from their member photos and most do because misuse of the information could compromise the safety of their users, Larsen said.

The research method of the study included the creation of user profiles of two individuals, the personal information of which was fabricated except for the photos, which contained location information and other metadata, Larsen said. The photo uploaded by one user then was downloaded by the other user and the existence of the location information confirmed.

The websites found not to remove location metadata were contacted on Dec. 29, 2011, and the Leeds School team has since worked with several of those dating website companies to ensure that location metadata is removed before the survey results were publicly announced.

“It was clear that some companies did not know about this issue,” Larsen said. “The feedback ranged from appreciative to reluctantly removing the metadata to no response.” Several of the companies immediately reported that they were taking action to resolve the issue, including SuccessfulMatch and the companies behind CatholicSingles, DeafSinglesMeet and MeetingMillionaires.

A company that tracks online consumer behavior, Experian Hitwise, recently listed more than 1,100 websites in its “lifestyle dating” category.

“Technology is so important today and many companies deal with very private data,” Larsen said. “Company decisions about how to deal with data privacy can affect their valuation.”

The information management class was offered jointly by the Leeds School’s Division of Management and Center for Education on Social Responsibility.

Explore further: Ebola.com domain sold for big payout

More information: A complete list of all the websites examined by the class is available at leeds.colorado.edu/im/

Related Stories

A third of us have used dating websites: study

Feb 14, 2011

The Oxford Internet Institute (OII) conducted an online questionnaire with 12,000 couples from 18 countries, all of whom had regular access to the internet. They were asked a series of questions about whether ...

Marketing expert tracks online shoppers

Nov 28, 2011

Online retailers have long wondered if trumpeting consumer-behavior statistics on their websites could hurt business. Qi Wang’s new findings should ease their fears, just in time for Cyber Monday.

Europe slams Facebook's privacy settings

May 13, 2010

Europe slammed as unacceptable the changes by social networking website Facebook to its privacy settings, that would allow the profiles of its users to be made available to third party websites.

Facebook fixes photo privacy bug

Dec 07, 2011

Facebook has fixed a bug that allowed the viewing of some private photographs of other members and which was reportedly used to access personal pictures of founder Mark Zuckerberg.

Recommended for you

Ebola.com domain sold for big payout

12 hours ago

The owners of the website Ebola.com have scored a big payday with the outbreak of the epidemic, selling the domain for more than $200,000 in cash and stock.

Facebook goes retro with 'Rooms' chat app

Oct 23, 2014

Facebook on Thursday released an application that lets people create virtual "rooms" to chat about whatever they wish using any name they would like.

User comments : 0