Testing Online Privacy Limits, OKCupid Lets Strangers Read Intimate Messages

SF Public Press
 — Mar 25 2013 - 2:19pm

Robert Edwards had been on the popular dating site OKCupid.com for about six months when the administrators asked him to be a community moderator. “They wrote and said I am a responsible user, whatever that means,” he recalled, admitting that at first he was befuddled. Though fairly active on the site, Edwards, a medical professional who lives in the Mission District, had remained a confirmed bachelor.

But curiosity drove him to click the “moderation” button, and within minutes he was reading people’s messages to each other and perusing profiles flagged for possible terms of service violations.

Online love-seekers might not be aware of it, but OKCupid has deputized random strangers to gain access to intimate conversations between others — correspondence that many users, as well as Internet privacy experts, assumed to be private.

In most cases, the alleged breach was pretty obvious. Some particularly suggestive photos could easily be traced back to prostitution businesses, via a reverse-image search. Some were quite obviously spammers. Some profiles bore extreme close-ups of body parts — usually cleavage or man-boobs — instead of a conventional headshot. Some users were flagged for sending salacious messages, of the “daddy wants to spank you” variety. 

But occasionally, Edwards got to eavesdrop on entire correspondences between two people, only one of whom knew the messages were being viewed by a third party.

Edwards said he and other moderators sometimes saw messages containing real names and personal phone numbers — information not publicly visible on their OKCupid profiles.

Each conversation was viewed by several strangers, who quipped back and forth in a side conversation about which users were jerks and whether their accounts should be deleted. He remembers one case in which a woman flagged messages from a man who’d told her she was fat.

“She protested and said there was no reason to be rude, and then he snapped back that he was ridding the site of fat chicks, one fat bitch at a time,” Edwards recalled. “After he was reported, the moderators were trying to come to a consensus about whether there had been a violation of site rules.” He can’t remember if they wound up sacking the guy.

For the most part, Edwards kept the messages under wraps, considering them little more than a bit of sanctioned voyeurism. But other OKCupid moderators filch private messages from the site and display them for a wide audience. One self-described “lowly OKCupid moderator” compiled screenshots of private messages culled from the moderation slushpile, and posted them on a Tumblr blog called ThatsNotOkCupid.com. He blacked out user names but included unredacted conversations, inviting others to contribute messages of their own. 

Another site, NotSoNiceGuys.tumblr.com offers a similar form of public shaming. One of its recent posts — dated Feb. 19 — shows a long conversation between two users about whether or not homosexuality is a sin. One of them claimed to be gay. Both accused each other of misapprehending the Bible. Repurposed in a screenshot, the conversation includes 13 messages in all.

Neither site responded to requests for comment.

Debate over social media privacy

In an era of spirited debate over privacy on social media, OKCupid’s moderation function has curiously fallen by the wayside. It hasn’t been tested in court, even though several parties have filed suit against OKCupid and its parent company, Match.com, for selling their personal information to advertisers. Even as California state Attorney General Kamala Harris crusades against privacy violations on mobile apps, no one has publicly objected to OKCupid’s routine vetting of private messages, in what should be an intimate space.

And now that the website has mushroomed to 1.14 million unique visits a month, it’s created an infinitely fecund garden of content for moderators who want to exploit their position. 

OKCupid’s co-founder Sam Yagan said the company hadn’t done anything wrong.

“I wouldn’t characterize it as ‘access,’” he said, explaining that moderators can only view content that a recipient has flagged — and in his perception, flagging is equivalent to forwarding. 

“Look, if you send me an email, I can forward it to somebody,” Yagan said. “It’s not that OKCupid is doing something. It’s the recipient of the message. The recipient of the message has said ‘OK, this is noncompliant,’ and has chosen to share it with OKCupid.”

Yagan pointed out that it would be impossible for social media sites to draft privacy policies that could control where all their content winds up. A Facebook message can be tweeted; an email can be leaked to The New York Times. Any OKCupid profile can crop up in a Google search, if you know the right search terms. Suffice to say that traditional ideas of privacy might be illusory, even on a site that promotes intimacy.

Although Yagan disapproved of the moderators who broke that fourth wall and posted other users’ private messages on their own blogs, he insisted that OKCupid couldn’t be held responsible for such behavior.

“Moderators are not supposed to do that, that’s not the intent, and of course we don’t want those people to be moderators anymore,” Yagan said. “But I don’t think that kind of behavior is part and parcel of the model we have.”

He hastened to add that if that moderator had been an employee of OKCupid, posting messages would be “no more or less acceptable,” and “no more or less a violation of privacy.”

Policy not entirely spelled out

But some lawyers questioned that logic, given that the moderation mechanism isn’t entirely spelled out in OKCupid’s terms of service. Although the policy prohibits “harrassment and mischief,” it also says that parent company Humor Rainbow Inc. has sole discretion to determine what counts as misconduct. It also indicates that certain authorized users may get access to secure, password-protected pages on the site, but it doesn’t say why or how those users are authorized, or what those password-protected pages contain. 

In fact, Yagan said, OKCupid moderators are selected via a scoring algorithm that monitors how long and how active they have been on the site, and whether anyone ever complained about them. They’re not actually chosen by human administrators at OKCupid. The moderator guidelines provide rules for what to delete (underage profiles, hate speech, commercial solicitations) but no rules on how content can be used. There’s no prohibition on reposting messages to a public website.

To Berkeley consumer protection attorney Jonathan Jaffe, who helped launch a class action suit against Facebook for turning users into unwitting advertisers via its “sponsored stories” function, those guidelines look like a legal minefield. He said they wouldn’t necessarily hold up in court, were OKCupid ever sued by someone who suffered harm after a moderator posted his or her messages. By outsourcing its moderation function to regular users rather than paid employees, OKCupid puts itself in a precarious position, he said. “I don’t think a reasonable user would expect a third party, particularly one who has little to no obligation to protect the confidence of a user, to read his or personal messages,” Jaffe wrote in an email.

Lawyers at the Texas offices of Baker Botts LLP, who defended Match.com against a class action claim that the company had inflated its subscriber numbers, declined to comment on the company’s behalf.

Yagan contends that OKCupid’s moderation system resembles that of many other social networks, and that having citizen moderators doesn’t make the company any more susceptible to lawsuits. A clause in the company’s terms of service seems to clear the company from liability for protecting any information transmitted through the site, admonishing that all content might be made publicly accessible.

While many privacy attorneys express surprise that OKCupid isn’t more cautious, Rainey Reitman of the San Francisco-based Electronic Frontier Foundation said the company might already be inoculated against lawsuits challenging its privacy policy, since it would be hard for a plaintiff to prove financial harm.

Yet Edwards still couldn’t help feeling a little uneasy about his position. “There seem to be very few actual dating sites — that is, sites that are not just hook-ups — so it’s a pity that privacy is not more important on OKCupid,” he said. 

A change in direction

Two weeks after the Public Press called with questions in February, though, OKCupid appeared to have moved in a more conservative direction. “OKCupid changed the way modding works,” the NotSoNiceGuys blogger wrote on Feb. 28, in a post called “What Not to Do on OKCupid: I’m Not Sure What Do to About this Blog.” 

“I now only get flagged pictures,” the blogger groused. “I haven’t had a message or a profile in a long time and it seems like none of the other mods have either.”

He suggested that OKCupid may have quietly altered its moderation function “because of sites like this,” and worried that OKCupid administrators might suddenly have gotten bullish about privacy. “Modding may never go back to the way it was and that kind of sucks,” the blogger wrote.

Edwards said the whole online dating thing makes him anxious, mostly because the people he meets often turn out to be not quite who they say they are. He plans to delete his OKCupid account.