Mobile menu
ooOo logo
Home   Safety   Tour   Press Kit   Members   Contact   Affiliates   Blog   Download   

Technical security specs

It seems that every week another company is hacked and all their customer / user information is sold via criminals on the dark web. When designing ooOo® we made a decision that the information / data used should have little value. For example, if the database was hacked and sold, who cares! That doesn't mean we ignored security, in fact it was a major focus but in the worst case scenario we wanted the impact to be minimal as possible to our users.

Personal information

We don't ask you for any data that isn't essential to your use of the app. The table below is an example of the data that is stored. Let's go through some of the details.

Emailsomemadeupaddress123abc@gmail.com
Password$2y$11$5zpNE493qW8LicUgJ​EfqKuK5GlT9exuY6IRYaVKm1n7xZh99JSXE6
Alertson / off
Joined4/6/2016
Token$2y$10$1QAqu7JHxAUw5zQG0OXL​GOO74WTSyRK7B95Xk3Dy34lb3B5De/opq
Name, ageDavid, 43
Sex, sexualityMale, Straight
InterestsFemale, Same age, 75 miles away
Location53.178, -2.88, Chester, GB
Last login5 days ago
IP address86.139.47.133

Email is needed to create / confirm the account as well as sending you alerts, if you wish. We are looking at ways to make this unreadable with our data. If you wish to remain private you can create a new email address with Gmail, Yahoo or iCloud for the purpose of online dating only.

Your password is hashed. The huge mass of numbers and letters is a 1 way encryption process. The $2y and the start tells our code that this is a Blowfish encrypted password and the $11 is how much effort the computer needs to create it. $11 with today's technology is about 0.1 seconds. This means that a hacker needs to wait 0.1 seconds for every attempt to crack the password. Our default passwords are created in a way that there are 4,913,000,000,000 combinations. If a hacker got lucky and found the password after trying 50% of the combinations it would take (4,900,000,000,000 / 2) x 0.1 seconds = 7,784 years. Every person's password is encrypted in a unique way so every password could take over 7,000 years to reverse engineer. We do the same with the token, which is a secret code that is used to keep you logged into the app. The effort is lower for this as it's changed automatically over time and also updated every time you login. This method of securing your password and token is one of the safest methods in existence today. There have been high level data breaches from companies that are house hold brands (and listed on the world stock exchanges) who don't get even close to being this secure.

The Name stored is only your first name and you can always use a different name if you wish. We have this to make the conversations and matches more personal.

Notice that we store age and not date of birth. We don't need to know detailed information like that and often banks use your date of birth as a security question so you should never have to give it away to a dating site.

Your location is stored with latitude and longitude coordinates, which in turn determines your country and city. Normally these should have a lot more numbers after the decimal place, for example, 53.1924838,-2.9229868. We only store an approximated location so if our data was ever breached your home or place of work would not be exposed.

We store some data about your phone for a couple of reasons. The first is we provide via the app some different settings if your phone is an older model, this is done so we can keep the app running as fast as possible for you. The second reason is we want to keep track of what models of phones are being used to help make informed decisions about what feature we should develop.

Your IP address is stored to offer all users a degree of protection. If someone acts illegally we can work with the police and ISP to determine who used that address at that specific time.

Data we don't ask

But what's more important for your security is questions or data we don't ask for. We don't ask for your home address, credit card number, date of birth, income, marital status and lots of other very personal information that some other sites / apps require.

Messages

Your conversations with other people are not encrypted, we may consider this in the future. However we don't store any message longer than is necessary. All parts of a conversation that are older than 30 days are automatically deleted. When you delete a match or if you delete your account then all messages between both parties are deleted automatically.

Phone to sever

When you send information from your phone to our servers it's encrypted with SSL. The way our system works will not allow you to use two devices at the same time. For example, if you have an iPhone and iPad you can only use one and the other will be logged out automatically. This is great of you leave your phone at work and don't want colleagues using your account. Just login on another device and they are locked out. In addition we make it easy for you to decide if you want to remain logged in or logout when you have finished using the app.

Summary

No system is 100% secure and we can offer no guarantee that our system cannot be attacked. But we have designed our data to have as little value as possible. If you're a genuine dater (not using the app to cheat on a partner) then you should have little to fear. The example data shown on this page is the data from the creator of the app. He is happy to show this data to the public and most people probably exposure more information than this on their public social network accounts such as Facebook, Twitter and Linkedin. Email address and conversation data at present is the most personal data you will share. We will look at technology to secure that more in the future.