| Frequently Asked QuestionsThis section is part of the OxfordRomance.org.uk online help system. (show contents). You can also view the entire document as a single very long page.
Safety and Security
Safety and security for the users of OxfordRomance.org.uk consists of two parts: personal safety (anonymity, arranging meetings) and computer security (passwords, spoofing etc).
Safety and Security - Personal
We are in consultation with, and have taken action as a result of recommendations from the University of Cambridge Computer Laboratory's Security Group to give the best possible
protection of members' anonymity and privacy. As a result, OxfordRomance is, by some margin, the strongest link in the security chain. Please see the
disclaimer for the "small print". We would like to offer the following advice:
- Nickname selection: be careful about the nickname you choose. If you choose a sexually provocative nickname be sure that you can deal with the type of messages you're likely to receive!
- Your identity and email address are anonymous. They will not be revealed to other members of the site. However, if you reveal too much about yourself, it may be possible for people to guess.
- Play it safe - be careful about the kind of information you give out and *never* give away any personal details such as your email address, last name, or phone number to strangers!
Be wary of giving out de-anonymising information via "social engineering". •
We recommend that you don't use the same photo here if you have published it elsewhere, as it is now possible to search the web by image file.
- On a similar note, if someone shares personal information with you, which is not in their profile (for example, their college, course, photograph, or interests), please don't discuss this with
other members of the site, as the person may wish to preserve their anonymity from others.
- Don't believe everything you read - although we expect all members to use the service sensibly (those who do not will have their accounts deleted), the onus is on
them to provide accurate information, and we have no way of checking unless you inform us.
The vast majority of people are truthful and decent. However, a few are not.
- Be careful when arranging meetings - be sure you feel comfortable meeting the type of person you are chatting to. Always choose a public place with which you are familiar,
or invite a friend to join you!
Good meeting places include coffee shops, restaurants, the theatre, or a college. Car parks, fields, and airports are a bad idea!
- "Defensive dating" is like defensive driving: think and plan ahead; be aware of what might possibly go wrong. That way, you can relax and enjoy yourself, without taking any unnecessary risks.
Tell someone you know where you are going and when you will be back. Consider setting up a code-word with someone whom you can call, in case the date turns bad.
This code word will alert your friend that you are in trouble or uncomfortable with the situation. Never leave a drink unattended; don't allow your date to buy you a drink without your seeing it.
- Communicate: when you meet in person, it is important to respect boundaries; be aware that, for some people, their limits/personal-space are much more cautious than others, and that not everyone
has the same model of courtship. Communication is the key: remember to pay attention to, and listen to the other person, and, critically, remember that the other person is not telepathic: if you
do feel uncomfortable, or you think that they might be, use your words. If you only send non-verbal "signals", they are rarely as obvious to the other person as you think they are. Obviously, "stop" means Stop!.
- In the unlikely event that something bad does happen, please tell us. That way, we can stop it happening to someone else. We will kick people off the site,
and block them from returning. We take a very strong line on abuse or harassment. Please report such cases promptly.
- If you are no longer interested in someone you have met/chatted to, please tell them so directly. The other person almost certainly won't perceive a
"subtle hint" if it's not what they want to hear. If they continue to contact you against your wishes, please do complain about it, and we will help.
- Notwithstanding the above, meeting people on OxfordRomance is generally a very safe and pleasant experience. Because we know who people are, it's generally safer to meet people
on here than to meet "random" people (for example, in a pub, nightclub, or even a college-bar).
We insist that people join with a valid Oxford University email address ('.ox.ac.uk' or ), and there is
always an identity trail, to prevent abuse by anonymous strangers. We do keep minimal logfiles and IP address records, even after accounts are closed.
- To summarise: be wary, but don't be paranoid: have fun, but get to know the person in a public place first. Enjoy OxfordRomance.org.uk, and have fun, safely.
Safety and Security - Computer
Here are a few points about computer security. This is written for OxfordRomance, but it's applicable generally.
- You should choose a good, strong password. This should not be a dictionary word as these can be easily guessed (it's easy for a computer
program to test 20,000 words!) Don't reveal your password.
- Don't let others have access to your computer, especially your email account. If they do bad things, you will get the blame, because it is assumed that you did it! Our
signup-confirmation validates your identity by knowing that you are the only person who can read email sent to your address.
- Log out of the site when you are finished. If you just allow it to time-out, you may no longer appear logged-in, but the next person to use that web-browser
(for example, on a shared computer in a library or internet cafe) may be able to continue to be "you".
- We restrict the HTML tags that people can use in profiles and messages for security reasons. Remote images and external links can be misused to obtain someone's identity -
this is why they are not permitted. We aren't just being awkward!
- You should be slightly wary of opening external webpages/images whose URL is included in someone's profile or message. If the webpage
lives on a server that they control, then they could possibly log your computer's internet (IP) address, from which your identity may be derived.
- We will lock your account if you enter the wrong password 9 times consecutively. This is just like a bank will do if you repeatedly type
the wrong PIN. Contact Cupid if this happens to you.
- Your browser must accept session cookies [test]. The session-cookie looks like "PHPSESSID=pea45p10bjcb6p3221". It stores your login credentials; it is
discarded once you log out (or after ∼24 minutes if you don't log out.)
- You may wonder why some of our error messages are vague. This is to prevent information leaks. For example, if you already have an account, and you try to sign up again, on screen
you will be told that it succeeded; but by email, you will be informed that you already have an account. This prevents an attacker from finding out whether a given person has an account on
the site or not. Likewise, if someone repeatedly tries to log in with an invalid email,password pair, the account will be locked, regardless of whether it actually exists!
- HTTP transmissions are unencrypted (usually, so are emails), and could potentially be monitored by other computers on the network: this is unlikely, but you should be aware that it can happen.
Unencrypted (open) Wi-Fi networks are far easier to 'sniff' than wired networks or secure (WPA) Wi-Fi: use Wireshark to see for yourself. You should use HTTPS instead.
[Update: as of mid-2012, we exclusively use the encrypted (https://, wss://) protocols, and opportunistically encrypt outbound email (if the server can accept it).]
- Some organisations deploy SSL “HTTPS Proxy Appliances" to snoop on personal web access within their systems. If you are using a web-browser on a system that you do not administrate (such as a corporate computer), then there is a possibility
that your secure browsing actually isn't actually secret. We can't protect against this, but you can detect it. For more information, see GRC's article on SSL Fingerprints and compare what
your browser thinks is our certificate's fingerprint, with our actual fingerprint.
A rule of thumb is that, if you paid for the computer yourself, and downloaded the web-browser yourself, then you're probably OK; on the other hand users of centrally-administrated corporate computers are implicitly trusting the
honourability of their system administrator not to apply a corporate monitoring policy (aka man-in-the-middle). Some proxy services (eg Opera Mini) do this for performance reasons; they are up-front about it, and it's your choice whether to trust them.
- Some general advice for improved privacy online is given here, here, and here.
A good start is to use a Free Operating System (if you can), an Open source browser (eg Firefox), Block ads and Flash by default (Adblock-Edge, FlashBlock), Enable "Do not track", and use a privacy-respecting search-engine (eg DuckDuckGo).
- See also the section on Anonymity and Privacy.
[ ↑ contents]
|