Hacker News new | past | comments | ask | show | jobs | submit login
New website lets anyone spy on Tinder users (theguardian.com)
93 points by Jerry2 on April 6, 2016 | hide | past | favorite | 27 comments



"I wanted to make a statement about privacy" - Charges $5 to search a "public" database.

No. You wanted to make money. Get off your high horse.


Businesses can be simultaneously profit seeking and for the public good. In fact, that is the ideal.

It's concerning that many feel this is not the case.


Because there's a conflict of interest there - making money can, and often leads to business ending up harming the public to maintain/increase its profits.

Personally, I'm fine with businesses doing work for the good of the public. They should be transparent about it though.


In this case though the statement about "privacy" is seriously marred by the marketing of the product as "Hey, find out if your partner is cheating" rather than going "Hey, see how much we could find out from some vague details?"


Wait, Tinder has a public API? Damn it, whenever I have to teach students what a public API is, I use Tinder as an example of a service that does not provide an API and the resulting hoops a programmer has to jump through in order to programmatically use the service:

https://www.youtube.com/watch?v=Qgnxb-O-CBQ


I tried googling, but AFAIK, Tinder doesn't have an official API. Everything I've seen is undocumented calls to their private API.


> But it doesn’t do so by hacking into Tinder, or even by “scraping” the app manually.

So it does scrapes everything manually. I am familiar with their non-public API, and there isn't any other way to find someone specific. You just have to swipe non-stop until you find them.


From the article:

> But [the app] doesn’t do so by hacking into Tinder, or even by “scraping” the app manually. Instead, it searches the database using Tinder’s official API, which is intended for use by third-party developers who want to write software that plugs in with the site. All the information that it can reveal is considered public by the company, and revealed through the API with few safeguards.


Yes; that is the line that danso noticed. However, nemothekid tried to verify it and was unsuccessful in finding any documentation for this presumbably publically available API. A github gist is the top google result for 'Tinder API documentation'

https://gist.github.com/rtt/10403467

which suggests that Tinder does not provide a public official API, people have simply reverse engineered the network requests of the application.

In short, the article is wrong.


Thanks for doing the Googling for me...should have assumed that the reported article and/or the people behind the app would be unreliable sources...any company of Tinder's size that puts the effort into making a public API would make relatively decent documentation that would show up in a cursory Google search result.

Also part of the lesson on "What is an API?": the concept that some companies do not have an incentive to make an API...and Tinder, for many good reasons, is one of those.


And worse, it is just regurgitating the Vanity Fair article, which has the same claim about a public API and is just as wrong. Great "journalism" there!


I'm curious if anybody else has links to documentation for other non-public APIs.

It's interesting to see how companies structure their APIs, and public APIs usually seem to be much different from private.


wireshark


With Wireshark, anything has an API! Except subject to change and breaking your code.


Doing so also breaks the actual app, though. In my experience, the private network API for a service with a client application is often more stable than the public one.


Especially if they don't want to break outdated versions of their app for users who haven't upgraded in a while.


> With Wireshark, anything has an API!

Except if the app is using HTTPS with strict certificate pinning to connect to the API, which anyone should do.

Android apps still can be modified to ignore invalid certs, but with iOS it's harder.


Cert pinning is not foolproof and can absolutely be broken past.


I know that's a joke but it fails when you match someone.

It's much easier to run it on an Android and just use adb shell to simulate taps on an area. iOS devices take a bit more effort but still doable.


the cheating / jealousy market is a huge one. People with money that are insecure or suspicious may spend billions each year in private investigators, spy apps, etc. This page may be already making a killng, specially with all the free publicity from the medias that featured it


Do you think somebody who is worried about privacy threats like that is on Tinder?


Most people don't realize they have an insanely jealous partner until either they are caught or they catch their partner


Wasn't there a way to get this querying facebook not so long ago? https://inteltechniques.com/intel/osint/facebook.html , i remember there was an option here..


the article says tinder has an api for 3rd party apps and services. I completely fail to see the purpose of this.

what makes tinder tinder is it restricted usability. there's no search and no rewind.


Surely though "we" have nothing to hide!


Publishing your name and photo on Tinder isn't exactly hiding in the first place. You are putting it out there for any stranger at all to see.


Of course, the expectation would not be "for any stranger at all to do systematic and statistical analysis". Similarly how most people don't mind stepping out of the house and being seen by strangers, yet reserving various notions of privacy.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: