About seven years ago I met my wife on OkCupid. The only reason why I messaged her back (after had messaging with her several months earlier) was because of the frontend visitor feature. She had visited my profile randomly again. Turns out she said she accidentally clicked on to my profile intended to see someone else.

I haven't used OkC since then, but I thought I'd share that in the context of this blog post ;-)

I dated on okc for a few years. I hate driving (LA) and so I frequently filtered my matches to 5 miles (if I recall that was the smallest radius).

5 miles in LA can be a long drive. So I wrote a chrome plugin to add additional drop down options of 0.1, 0.5 and 1 mile. I was surprised to see it work.

It was awesome.

There is also a hack to get the infamous “top X% of hottest people” feature unlocked... :)

Okcupid has been going downhill for years. Four years ago you could get matches on there even if you were average looking that werent way below your league and actually interact with a ton of people. in 2018 it is mostly bots and you wont get meaningful interaction really anymore. The tinder looks bias is also literally enforced at this point (only see messages from profiles you look at, only messaging matches). They have totally lost their way.

"stalk_time" makes me feel very uncomfortable. Names matter.

The thing that impresses me most is how quickly OkCupid removed public access to that API.

Where does the „body type“ data come from? Do they ask you for your weight when you sign up?

> However, they gave no answer for why unnecessary data was being provided.

I mean, it was obviously a bug, right? I imagine the only "explanation" would involve detailing the origin and nature of the bug which would be unwise until they've gone through all their other endpoints to ensure that there's not another instance of this same information leaking.

Obviously a hidden feature of OkCupid for matching security researchers.

>birthdate is a data point which is considered part of Personally Identifiable Information / Personal Data in many countries. I am far from being a lawyer, but OKCupid should be concerned with regulations like the GDPR approaching soon.

>This may not be as appalling as Grindr’s reporting of HIV status to third parties. It might not be as powerful and widespread as the data used in the Cambridge Analytica Debacle. But that’s not the point.

It indeed is not the point so I don’t know why you felt compelled to write two loosely related paragraphs about how cool you are because you follow the news.

How does this even happen?

How can the developers behind an endpoint like this not confirm/test that it requires permissions/authentication to consume? (I mean, look at all that data...)

Amateurs I can understand - but OKCupid has been around long enough they shouldn't be employing people of that nature.

Is there no code review process?

This is just nuts.

I never get it why people who discover secrets like these make extra sure nobody else can ever enjoy them again. Just use the undocumented feature and don't make a big thing out of it.

This way it's ruined for everybody, and they get nothing in return, except for some HN points on their blog post.