News

Manhunt Policy Change Raises Questions Anew About Internet Privacy

by Peter Cassels
EDGE Media Network Contributor
Monday Nov 22, 2010

Manhunt, the world's most popular social networking website for gay men most of them looking to hook up for a possible sexual encounter, recently made some changes to make it easier for people to see profiles without being members.

The changes have drawn renewed attention to concerns about Internet privacy. The site's parent company maintains that it has taken steps to secure members' personal information, such as their real names and e-mail addresses, which are not in their profiles. But one online security expert says it's possible to copy or download allegedly secure profile photos.

Manhunt, owned by Online Buddies, Inc., is the Facebook of online gay hook-ups.

The social networking behemoth boasts more than four million members, half in the United States and the rest in 97 foreign countries. It's the most popular gay sex site, not only in the U.S., but also in Brazil and Mexico. It also has many fans throughout Europe and around the world. The site receives more than 10 million unique visits a month.

Based in Cambridge, Mass., Manhunt was founded in 2001 by Larry Basile and Jonathan Crutchley. According to an Online Buddies spokesperson, neither remains active in its management.

A Republican, Crutchley made some news in 2008 when he ruffled liberal feathers within and outside the company by donating $2,300 to John McCain's presidential campaign. The campaign returned the contribution, so Crutchley supported Barack Obama instead.

Information Stored Securely
Online Buddies earns revenues from paid memberships and advertising. It's not a public company, so it doesn't report financial information. Because it has so many members, Manhunt is likely a huge cash cow.

CEO Adam Segel told EDGE that unlike Facebook, which includes personal information in user profiles, such as legal names, e-mail addresses and employment information that can be accessed through search engines, Manhunt stores it in a separate and secure database, along with credit card information.

He explained that the policy change, which allows home page visitors to search profiles without logging in, was introduced gradually to collect feedback from test markets before Online Buddies implemented it site-wide last August.

Well before then, Manhunt informed members about the change so they could review it and consider their privacy options.

"We feel that by allowing new visitors the ability to quickly scan through the site, they'll be able to see firsthand that we have the world's hottest guys," said Segel. "Visitors who are checking out public profiles without being logged in can't see anyone's private pictures, nor can they contact anyone with e-mails, IMs or winks."

He pointed out that Manhunt never displays legal names. "If you want someone's real name, you have to ask him for it--and it helps to remember it when he comes over later," Segel explained.

He added that members can opt out of letting non-members see their profile by clicking a checkbox on the settings screen.

EDGE consulted Lorrie Cranor, associate professor of computer science at Carnegie Mellon University in Pittsburgh and a leading Internet privacy expert, to determine whether it's possible to bypass Manhunt's security protections.

'Privacy Is Dead'
She was quoted in a Nov. 1 Newsweek story whose headline says it all: "Privacy is dead."

When EDGE asked if Cranor agreed with the writer's hypothesis, she said she didn't, at least not entirely. "I think you can have privacy, but you have to be very active at protecting it," explained Cranor. "You have to be realistic about what privacy is."

She described privacy and anonymity as a spectrum. At one end, "everything you do on the Internet has your real name on it," she said. At the other, one can take protections so it's impossible for others to detect their identity.

"In between, you can set things up so that it is very difficult for people to identify you, so that only police with a warrant can figure it out," Cranor explained.

EDGE asked her to test a couple of potential security breaches discovered when it visited the Manhunt home page without logging in: the ability to unlock photos in member profiles and copy a profile page containing photos.

"I see photos of men's faces," Cranor reported when she went to the site's home page and began looking at profiles. "So even though I don't have a name, I have a face that, theoretically, I might recognize. If I had a database of men's faces I could use a computer program to try to identify some of these people."

Cranor reported that there have been tremendous advances in facial recognition software. Most is expensive and only law enforcement and sophisticated techies use it. But some, though not as reliable, is less costly and available to the general public.

Matching Name to Face (& Other Body Parts)
Many Manhunt members likely also have Facebook pages with photos, she pointed out. If Manhunt photos can be matched with those on Facebook, "you could identify them by their real names."

"What commonly happens on Facebook is you post a photo and set your privacy settings so only your friends and friends of their friends can see it," Cranor continued. "But you don't know who your friends' friends are. You are making the photo available to a wide group of people. People don't think that through."

Like many other web sites, Manhunt prevents use of the right-click on a computer mouse to copy or save photos on member profiles. However, screen capture software bypasses that protection.

Cranor used her Mac to copy a photo. Apple computers contain an application program called Preview, which has a screen-shot feature. "I dragged my mouse over a profile photo and I now have my own copy," she reported.

"Manhunt's photo security measures are extremely vigilant when it comes to preventing unauthorized access," Segel said when EDGE asked him to comment on what EDGE and Cranor discovered. "We're unaware and have never heard any reports of this happening. Not a single member has shared a concern or reported a security breach."

He also said that it's possible to capture anything on a computer screen using the print screen feature or a digital camera to take a photo of a computer monitor and then post the image online.

Manhunt uses techniques to prevent unauthorized image downloading, Segel added. "We continue to monitor any emerging technologies that will provide the latest and greatest security to our members."

Next: How do the members feel?



Comments

  • , 2010-11-22 10:02:39

    Where was Edge’s coverage when this topic was (barely) relevant months ago? Way to stay on the cutting edge of the internet privacy debate. But seriously, I don’t see how someone could be shocked that a photo of your junk might end up in someone else’s hands? Hasn’t this been a problem since the beginning of the Internet?


  • , 2010-11-22 10:09:26

    Ok, one last thing. Its poetic that in commenting on this article, I learn that the default setting for new accounts on Edge’s own site is to display your full name. Cheers guys.


  • , 2010-11-22 10:11:10

    I’m glad at least Edge values privacy enough to... oh, wait...


  • , 2011-09-27 20:23:37

    There’s another faster and easier way to connect with men. GuySpy is a gay dating app. Comes with great features like video. Good-bye lonely nights! Check it out http://www.guyspy.com


Add New Comment

Comments on Facebook