Ashley Madison, the extramarital affair hookup site that was disgraced after a massive hack exposed its users' personal information last year, fooled prospective users into joining with deceptive practices that included a fake "trusted security award," Canada's federal privacy watchdog has concluded in a new report.
The Office of the Privacy Commissioner of Canada (OPC) began its investigation into Toronto-based Avid Life Media, which owns Ashley Madison, in August of 2015. On Monday, the OPC released its damning report, which slams the company for poor security practices and misleading claims that likely influenced people to join the site, including the promise of a "100% discreet service."
According to the OPC, the deception was so severe that "the consent obtained by [Avid Life Media] for the collection of personal information upon user sign up was not valid," and contravened Canada's privacy laws. The OPC has now laid out a series of recommendations that the company must follow in order to clean up its act, which Avid Life Media agreed to in the form of a compliance agreement, or else it may face legal repercussions.
"If the company falls short of its commitments under the compliance agreement, we will take the matter to court"
"Canada's Commissioner does not have order-making powers and cannot impose fines or penalties," OPC spokesperson Tobi Cohen wrote me in an email. "If the company falls short of its commitments under the compliance agreement, we will take the matter to court. As you know, the Federal Court does have order-making power and the authority to award damages."
One of the elements of this deception, the report notes, was an image at the bottom of the Ashley Madison site that boasted a "trusted security award." This so-called award "was simply their own fabrication rather than a validated designation by any third party," a revelation that came from Avid Life Media itself in the course of the OPC's investigation, the report states. That image has now been removed from the site.
The report also noted that information available to customers relating to how their data is retained was misleading and unclear.
This should come as no surprise. In the wake of the hack, Vocativ looked into the award and couldn't find any source for it, except for Ashley Madison itself, and speculated that it might just be a marketing tool. Such behaviour was par for the course for Ashley Madison in the time leading up to the hack—for example, the site was chock full of automated bots that sent men messages encouraging them to spend site credits to chat further.
Last year, the Toronto police said in a press conference that they would not be investigating Avid Life Media, and would instead focus their efforts on tracking down the hackers.
Recently, Ashley Madison has renewed its marketing efforts with a series of ads that convey a somber and more measured tone than the site's previous slogan, "Life is short. Have an affair."
The idea, it seems, is to announce the arrival of a very different Ashley Madison than the one you may have heard about.