Wait, Tinder has a public API? Damn it, whenever I have to teach students what a public API is, I use Tinder as an example of a service that does not provide an API and the resulting hoops a programmer has to jump through in order to programmatically use the service:
> But [the app] doesn’t do so by hacking into Tinder, or even by “scraping” the app manually. Instead, it searches the database using Tinder’s official API, which is intended for use by third-party developers who want to write software that plugs in with the site. All the information that it can reveal is considered public by the company, and revealed through the API with few safeguards.
Yes; that is the line that danso noticed. However, nemothekid tried to verify it and was unsuccessful in finding any documentation for this presumbably publically available API. A github gist is the top google result for 'Tinder API documentation'
Thanks for doing the Googling for me...should have assumed that the reported article and/or the people behind the app would be unreliable sources...any company of Tinder's size that puts the effort into making a public API would make relatively decent documentation that would show up in a cursory Google search result.
Also part of the lesson on "What is an API?": the concept that some companies do not have an incentive to make an API...and Tinder, for many good reasons, is one of those.
And worse, it is just regurgitating the Vanity Fair article, which has the same claim about a public API and is just as wrong. Great "journalism" there!
> But it doesn’t do so by hacking into Tinder, or even by “scraping” the app manually.
So it does scrapes everything manually. I am familiar with their non-public API, and there isn't any other way to find someone specific. You just have to swipe non-stop until you find them.
Doing so also breaks the actual app, though. In my experience, the private network API for a service with a client application is often more stable than the public one.
the cheating / jealousy market is a huge one. People with money that are insecure or suspicious may spend billions each year in private investigators, spy apps, etc. This page may be already making a killng, specially with all the free publicity from the medias that featured it
Of course, the expectation would not be "for any stranger at all to do systematic and statistical analysis". Similarly how most people don't mind stepping out of the house and being seen by strangers, yet reserving various notions of privacy.
Because there's a conflict of interest there - making money can, and often leads to business ending up harming the public to maintain/increase its profits.
Personally, I'm fine with businesses doing work for the good of the public. They should be transparent about it though.
In this case though the statement about "privacy" is seriously marred by the marketing of the product as "Hey, find out if your partner is cheating" rather than going "Hey, see how much we could find out from some vague details?"
28 comments
[ 3.5 ms ] story [ 66.3 ms ] threadhttps://www.youtube.com/watch?v=Qgnxb-O-CBQ
It's much easier to run it on an Android and just use adb shell to simulate taps on an area. iOS devices take a bit more effort but still doable.
> But [the app] doesn’t do so by hacking into Tinder, or even by “scraping” the app manually. Instead, it searches the database using Tinder’s official API, which is intended for use by third-party developers who want to write software that plugs in with the site. All the information that it can reveal is considered public by the company, and revealed through the API with few safeguards.
https://gist.github.com/rtt/10403467
which suggests that Tinder does not provide a public official API, people have simply reverse engineered the network requests of the application.
In short, the article is wrong.
Also part of the lesson on "What is an API?": the concept that some companies do not have an incentive to make an API...and Tinder, for many good reasons, is one of those.
It's interesting to see how companies structure their APIs, and public APIs usually seem to be much different from private.
So it does scrapes everything manually. I am familiar with their non-public API, and there isn't any other way to find someone specific. You just have to swipe non-stop until you find them.
Except if the app is using HTTPS with strict certificate pinning to connect to the API, which anyone should do.
Android apps still can be modified to ignore invalid certs, but with iOS it's harder.
No. You wanted to make money. Get off your high horse.
It's concerning that many feel this is not the case.
Personally, I'm fine with businesses doing work for the good of the public. They should be transparent about it though.
what makes tinder tinder is it restricted usability. there's no search and no rewind.