Help: Safety and Security

Safety and Security

Safety and security for the users of GraduateRomance.org.uk consists of two parts: personal safety (anonymity, arranging meetings) and computer security (passwords, spoofing etc).


Safety and Security - Personal

We are in consultation with, and have taken action as a result of recommendations from the University of Cambridge Computer Laboratory's Security Group to give the best possible protection of members' anonymity and privacy. As a result, GraduateRomance is, by some margin, the strongest link in the security chain. Please see the disclaimer for the "small print". We would like to offer the following advice:

  • Nickname selection: be careful about the nickname you choose. If you choose a sexually provocative nickname be sure that you can deal with the type of messages you're likely to receive!

  • Your identity and email address are anonymous. They will not be revealed to other members of the site. However, if you reveal too much about yourself, it may be possible for people to guess.

  • Play it safe - be careful about the kind of information you give out and *never* give away any personal details such as your email address, last name, or phone number to strangers!
    Be wary of giving out de-anonymising information via "social engineering".  •   We recommend that you don't use the same photo here if you have published it elsewhere, as it is now possible to search the web by image file.

  • On a similar note, if someone shares personal information with you, which is not in their profile (for example, their college, course, photograph, or interests), please don't discuss this with other members of the site, as the person may wish to preserve their anonymity from others.

  • Don't believe everything you read - although we expect all members to use the service sensibly (those who do not will have their accounts deleted), the onus is on them to provide accurate information, and we have no way of checking unless you inform us.
    The vast majority of people are truthful and decent. However, a few are not.

  • Be careful when arranging meetings - be sure you feel comfortable meeting the type of person you are chatting to. Always choose a public place with which you are familiar, or invite a friend to join you!
    Good meeting places include coffee shops, restaurants, the theatre, or a college. Car parks, fields, and airports are a bad idea!

  • "Defensive dating" is like defensive driving: think and plan ahead; be aware of what might possibly go wrong. That way, you can relax and enjoy yourself, without taking any unnecessary risks. Tell someone you know where you are going and when you will be back. Consider setting up a code-word with someone whom you can call, in case the date turns bad. This code word will alert your friend that you are in trouble or uncomfortable with the situation. Never leave a drink unattended; don't allow your date to buy you a drink without your seeing it.

  • Communicate: when you meet in person, it is important to respect boundaries; be aware that, for some people, their limits/personal-space are much more cautious than others, and that not everyone has the same model of courtship. Communication is the key: remember to pay attention to, and listen to the other person, and, critically, remember that the other person is not telepathic: if you do feel uncomfortable, or you think that they might be, use your words. If you only send non-verbal "signals", they are rarely as obvious to the other person as you think they are. Obviously, "stop" means Stop!.

  • In the unlikely event that something bad does happen, please tell us. That way, we can stop it happening to someone else. We will kick people off the site, and block them from returning. We take a very strong line on abuse or harassment. Please report such cases promptly.

  • If you are no longer interested in someone you have met/chatted to, please tell them so directly. The other person almost certainly won't perceive a "subtle hint" if it's not what they want to hear. If they continue to contact you against your wishes, please do complain about it, and we will help.

  • Notwithstanding the above, meeting people on GraduateRomance is generally a very safe and pleasant experience. Because we know who people are, it's generally safer to meet people on here than to meet "random" people (for example, in a pub, nightclub, or even a college-bar).
    We insist that people join with a validated email address, and there is always an identity trail, to prevent abuse by anonymous strangers. We do keep minimal logfiles and IP address records, even after accounts are closed.

  • To summarise: be wary, but don't be paranoid: have fun, but get to know the person in a public place first. Enjoy GraduateRomance.org.uk, and have fun, safely.

Safety and Security - Computer

Here are a few points about computer security. This is written for GraduateRomance, but it's applicable generally.

  • You should choose a good, strong password. This should not be a dictionary word as these can be easily guessed (it's easy for a computer program to test 20,000 words!) Don't reveal your password.

  • Don't let others have access to your computer, especially your email account. If they do bad things, you will get the blame, because it is assumed that you did it! Our signup-confirmation validates your identity by knowing that you are the only person who can read email sent to your address.

  • Log out of the site when you are finished. If you just allow it to time-out, you may no longer appear logged-in, but the next person to use that web-browser (for example, on a shared computer in a library or internet cafe) may be able to continue to be "you".

  • We restrict the HTML tags that people can use in profiles and messages for security reasons. Remote images and external links can be misused to obtain someone's identity - this is why they are not permitted. We aren't just being awkward!

  • You should be slightly wary of opening external webpages/images whose URL is included in someone's profile or message. If the webpage lives on a server that they control, then they could possibly log your computer's internet (IP) address, from which your identity may be derived.

  • We will lock your account if you enter the wrong password 9 times consecutively. This is just like a bank will do if you repeatedly type the wrong PIN. Contact Cupid if this happens to you.

  • Your browser must accept session cookies [test]. The session-cookie looks like "PHPSESSID=pea45p10bjcb6p3221". It stores your login credentials; it is discarded once you log out (or after ∼24 minutes if you don't log out.)

  • You may wonder why some of our error messages are vague. This is to prevent information leaks. For example, if you already have an account, and you try to sign up again, on screen you will be told that it succeeded; but by email, you will be informed that you already have an account. This prevents an attacker from finding out whether a given person has an account on the site or not. Likewise, if someone repeatedly tries to log in with an invalid email,password pair, the account will be locked, regardless of whether it actually exists!

  • HTTP transmissions are unencrypted (usually, so are emails), and could potentially be monitored by other computers on the network: this is unlikely, but you should be aware that it can happen. Unencrypted (open) Wi-Fi networks are far easier to 'sniff' than wired networks or secure (WPA) Wi-Fi: use Wireshark to see for yourself. You should use HTTPS instead.
    [Update: as of mid-2012, we exclusively use the encrypted (https://, wss://) protocols, and opportunistically encrypt outbound email (if the server can accept it).]

  • Some organisations deploy SSL “HTTPS Proxy Appliances" to snoop on personal web access within their systems. If you are using a web-browser on a system that you do not administrate (such as a corporate computer), then there is a possibility that your secure browsing actually isn't actually secret. We can't protect against this, but you can detect it. For more information, see GRC's article on SSL Fingerprints and compare what your browser thinks is our certificate's fingerprint, with our actual fingerprint.
    A rule of thumb is that, if you paid for the computer yourself, and downloaded the web-browser yourself, then you're probably OK; on the other hand users of centrally-administrated corporate computers are implicitly trusting the honourability of their system administrator not to apply a corporate monitoring policy (aka man-in-the-middle). Some proxy services (eg Opera Mini) do this for performance reasons; they are up-front about it, and it's your choice whether to trust them.

  • Some general advice for improved privacy online is given here, here, and here. A good start is to use a Free Operating System (if you can), an Open source browser (eg Firefox), Block ads and Flash by default (Adblock-Edge, FlashBlock), Enable "Do not track", and use a privacy-respecting search-engine (eg DuckDuckGo).

  • See also the section on Anonymity and Privacy.
This section is part of the GraduateRomance.org.uk online help system. (show contents). It can also be viewed as a single very long page. Back to the GraduateRomance.org.uk home page.