Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@010001111 if he want tinder lawyers to hunt him he totaly should.
-
@heyheni Can't remember how many but we scraped at least all users from the Netherlands, Belgium and Germany at the time :')
-
@localjoost yep, that’s the problem. It shouldn’t be available through API. This is why Facebook and Instagram basically killed their public API after the CA scandal.
-
@620hun well but that's kinda retarded cause there's always an API... It might not be public but as long as you can use the app/webapp in any way you can always extract the keys and scrape...
-
@eval Well, yeah, but the scope will be limited. If you can only scrape stuff that you’d see in the app anyway it’s fine. That was clearly not my (or anyone’s) issue.
-
I wanted to do the same but didnt find the API :(. 6tin for example is an app for windows where you can move your location (which as far as I know, is only possible with the "premium" subscription). They must have some deal with tinder I must guess, but It's fun to watch how easily you can consume a public API and get something done with it (even if its bad)
-
@bennythecat96 It's not a public API, the api isn't supposed to be there anymore. Tinder uses it for gotinder.com I think. Otherwise they would've taken it offline.
-
Does it really matter if you violate any terms? They are not law, so the only consequence could be that your contract with Tinder could be ended... which is pointless if you have no profile and with that no contract.
I am very sure that they couldn't have forced you to stop using a public and documented API. -
About the data being public anyway: I'm no lawyer, so this ain't legal advice. I do know the laws in Switzerland a bit howerver. As far as I know at least here it doesn't matterbif it is/was "publicly" available to technical users, it's about if you did or didn't give access to a new group of users.
Abstract example: your university/employer has a contract with a publisher for some books or whatever which allow all employees/students to read them as pdf. If you now go on and share that pdf on your website or socialmedia, you've given other users access to that data.
At least in switzerland it would probably be the same. Before that data was only available to "power users", like people who know how to scrape a website and/or use an api. With a public accessable website you'd expose this data to a non technical audience...
That's just my two cents... -
If the API wasn't supposed to still exist, Tinder made a boo boo and should publicly confirm the leak because they presumably updated their privacy policy to reflect less public data.
I can't believe you built an entire application with that much logic and scraping and didn't think to read the TOS...
Violating TOS can mean legal issues and being shut down from current and future use of their service/API. This is true for any service. -
I'd definitely like to read an article on that. If at all possible, post it to Tinder's security mailing list in a less wide scope (this would definitely qualify as user exploitation) and hope that they don't check their API log (well they probably would). Maybe best to report anonymously. How much personal information about you did those API requests hold (don't wanna know, just think about it and make an appropriate conclusion)? If it's anonymous enough that you'd say that their security chaps wouldn't be able to trace it down to you even if they wanted to (which should always be assumed, experienced that firsthand), maybe consider reporting it. Anonymous nature wouldn't allow for bug bounty unless you decide to donate it though. Either way, really interesting story! Hopefully my Tinder data wasn't in it, but I don't have high hopes for it, haha. At least I've got the fact that I only turned on location (because apparently that's mandatory) when I opened Tinder going for me 😅
-
The Verge
"Over 20 million Tinder accounts leaked in Tindex scandal."
Buzzfeed
"Tindex: find out if your ex's Tinder account data has been leaked!"
New York Times
"EU sues tinder for 300 million euros over tindex data breach"
Techcrunch
"Chinese venture capital takes over Tinder stock after the €300 mio GDPR fine."
😆 -
@heyheni Hahahaha love it, thanks for this 😁
-
@heyheni this is perfect. Lol
-
@hobyrr yes for research purposes and stuff... 🎓🙈🤞
-
i don't want to kill the mood here but this is the same-old-programmers-are-lazy-to-secure-the-app story + a bit of reverse api engineering and it's not worth more than a nicely wrapped article.
while poking around i found out that i can freely book the "premium" seats for ryanair/wizzair (and maybe many more companies might have the same bug 😅) and this just the tip of the iceberg, but you don't see me bragging about it... oh wait... 🙈 -
@pitzyrulz 😲 are you a hacker? can you hack facebook?
-
@heyheni i don't hack and tell 😅
-
@010001111 bump.
-
@heyheni “ case study” 😁
-
@fullslack Grindex as in grind your ex?
-
@heyheni grinder. Thought i saw you there
Kenyans lost these great devs in a terror attack. A moment of silence
Last year I built the platform 'Tindex'. It was an index of Tinder profiles so people could search by name, gender and age.
We scraped the Tinder profiles through a Tinder API which was discontinued not long ago, but weird enough it was still intact and one of my friends who was also working on it found out how to get api keys (somewhere in network tab at Tinder Online).
Except name, gender and age we also got 3 distances so we could calculate each users' location, then save the location each 15 minutes and put the coordinates on a map so users of Tindex could easily see the current location of a specific Tinder user.
Fun note: we also got the Spotify data of each Tinder user, so we could actually know on which time and which location a user listened to a specific Spotify track.
Later on we started building it out: A chatbot which connected to Tinder so Tindex users could automatically send a pick up line to their new matches (Was kinda buggy, sometimes it sent 3 pick up lines at ones).
Right when we started building a revenue model we stopped the entire project because a friend of ours had found out that we basically violated almost all terms.
Was a great project, learned a lot from it and actually had me thinking twice or more about online dating platforms.
Below an image of the user overview design I prototyped. The data is mock-data.
rant
rip
tindex
wk143
yeah call us creeps