I was prepared to never write about Ashley Madison again. The site, which promises to connect people searching for “discreet relationships of all kinds,” suffered a devastating data breach in 2015, leaving personal information about members splattered across the web like so many discarded condoms. In the process, we learned that many of those “users” weren’t even real people. Soon after, the company claimed that it was still recruiting new members, but that assertion felt desperate at the time.
If you had told me that the site went dark in the intervening years, I would have believed you. And yet, here we are in 2017 and here Ashley Madison is: Still online, still recruiting new users, and—least surprising of all—apparently still making a mess of things. According to one recent article, the company claims that its user base is growing again, with 26,000 new would-be cheaters setting up accounts every day. Better still, its chief technology officer claims that the site no longer employs fake “fembot” accounts to entice lonely men.
That’s all well and good, assuming the existence of a site designed to facilitate adultery doesn’t send you into a blind rage. Gizmodo reports, however, that security researchers recently discovered that the site still does a poor job of protecting its user data: By default, Ashley Madison shares access to a user’s private pictures with other users who give matches access to their own secret caches of images. While it’s possible to disable that setting, the researchers reportedly “found that 64% of [tested] accounts had private photos that would automatically [grant access].”
Ashley Madison itself probably maintains this default setting because it charges male users to communicate with their potential matches, and the possibility of seeing private images when they pay up may well incentivize those transactions. While that’s gross, it’s also troubling that its users aren’t being more careful. Just because a site tells you, “We committed [sic] to the security and privacy of your personal information” doesn’t mean it is.
Shortly after the original Ashley Madison breach, Amanda Hess speculated about what the event might portend for the future of the internet. Two years on, one answer to that question has grown dispiritingly clear: People still don’t care much about personal cybersecurity or digital privacy—even, or especially, when they should be most cautious.
In any case, Ashley Madison’s continued existence doesn’t mean the company is thriving. According to a weirdly granular recent report, the site makes a mere $28 per minute, which is just 2 percent of what iTinder is pulling in. Avid Life Media, Ashley Madison’s parent company, reportedly agreed to an $11.2 million settlement over the 2015 hack. By my calculations, it would take the site roughly 278 days to recoup that amount at its current rate.
The company itself, for what it’s worth, is apparently a perfectly pleasant place to work, according to a recent Australian article. Still, one employee interviewed for that story suggests that his friends “are deeply interested in member stories.” It’s possible, of course, that he’s just referring to the kind of user infidelity survey data that the site regularly passes off on journalists, but the idea that the company’s employees are turning customer experiences into cocktail party chatter should do little to reassure members who are concerned about privacy.
Then again, as we’ve already seen, they may not be all that concerned in the first place. Take the case of “Dylan,” “a 33-year-old policy advisor from London,” who told Cosmopolitan that the affairs he’s had through the site have been good for his marriage. While the magazine may not employ Dylan’s real name in the article, he offers plenty of other seemingly unaltered identifying details. Given that he’s been on the site since 2014, well before the breach, it’s entirely possible that information about him can be found in the hacked records (assuming he and his story are real). I’m not going to say that women who are married to 33-year-old policy advisers from London should look into it, but he might want to consider that they could.
In 2015, I argued that we should feel sorry the users of Ashley Madison, suggesting that the vast majority were just luxuriating in the fantasy of infidelity. It’s possible that I was too generous at the time: The site’s continued existence suggests that someone is getting something more out of it. Nevertheless, I’m still inclined toward something like pity, if only because the very act of using Ashley Madison may make it more likely that they they’re going to get caught.
