Massive Tinder Photo Scrape Has Users Upset

Images of Tinder users "were swept up in a massive grab of some 40,000 photos from the dating app by a dataset collector who plans to use the selfies in artificial intelligence training," writes Slashdot reader Frosty Piss, sharing this summary of a report in TechCrunch. Tinder said in a statement that the photo sweeper "violated the terms of our service" and "we are taking appropriate action and investigating further." The creator of the data set, Stuart Colianni, has released it under a CC0: Public Domain License and also uploaded his scraper script to GitHub.

He describes it as a "simple script to scrape Tinder profile photos for the purpose of creating a facial dataset," saying his inspiration for creating the scraper was disappointment working with other facial data sets. He also describes Tinder as offering "near unlimited access to create a facial data set," and says scraping the app offers "an extremely efficient way to collect such data."
The article notes that Tinder's API has already been used for other "weird, wacky, and creepy" projects, including "hacking it to automatically like every potential date to save on thumb-swipes; offering a paid look-up service for people to check up on whether a person they know is using Tinder; and even building a catfishing system to snare horny bros and make them unwittingly flirt with each other.

"So you could argue that anyone creating a profile on Tinder should be prepared for their data to leech outside the community's porous walls in various different ways -- be it as a single screenshot, or via one of the aforementioned API hacks. But the mass harvesting of thousands of Tinder profile photos to act as fodder for feeding AI models does feel like another line is being crossed."

tender your photo with Tinder

[turkeydance]

well, i like it

Good Grief...

[Frosty Piss]

Tinder said in a statement that the photo sweeper "violated the terms of our service" and "we are taking appropriate action and investigating further."

TOS is meaningless in cases like this. TOS are meaningless anyway, except as, perhaps, a means to ban users. And that's pretty pointless as well.

But really, what do people that put their photographs out on the Intertubes like this expect? Privacy? Really?

Re:

[ShanghaiBill]

It's been established that violating the TOS means Tinder can have him prosecuted under the CFAA.

The individuals should also be able to sue him under copyright law. You don't give up copyright just by posting a picture to a website. By downloading, copying, and redistributing the photos as a "dataset", he is clearly breaking the law.

Re:

[viperidaenz]

I'd imaging they gave Tinder unlimited rights to their photo when they uploaded it, including allowing them to grant access to 3rd parties.
A 3rd party being anyone who access the API...

Re:

[henni16]

Just because a 3rd party is legally allowed to access something, doesn't mean that 3rd party has the right to redistribute or relicense the stuff.

Re:

[viperidaenz]

Depends on the agreements the user agreed to when they gave Tinder their photo.

Statute of limitations expired.

[HornWumpus]

I've personally made a few bucks scraping the entire use database of a bar, online golf game that ran tournies. For their competitors.

Just don't advertise what your doing and nobody cares.

I never had an account, never agreed to TOS. Zero security, enter acct name, data came up. Just hammered the site, brute force.

Re:Good Grief...

[mrsquid0]

Its called blaming the victim. It is very popular in some circles.

Re:

[AmiMoJo]

Clearly the general public has rather different expectations.

Education is required. Maybe also some legal intervention... In the EU what this guy did might already be illegal, due to data protection laws.

Attention whoring of the highest order

[Anonymous Coward]

I'm also an AI researcher. If I need a face dataset I could either use CelebA or the Facebook API to scrape user profile pictures. There's also a mugshot database/public DoJ and County jail mugshot API's so there's also that.

Now with "GAN" generative models, there's very little need for large datasets unless the existing datasets are biased in some way.

Let's get real here: someone wanted to build a Deep NN classifier for sexual promiscuity. Other than attention whoring, that's the only reason to harvest tinder users specifically.

Grindr would do well to tighten their hatches. Training a NN to classify "heterosexuality" from their userbase is the next natural progression. Perfect for a homophobic witch hunt in 3rd world countries. Will I go to hell if I sold such an app to a the Middle East law enforcement agency? Doesn't matter if it works as long as you can demonstrate efficacy on the training data.

Their purchasing agents are unlikely to be sophisticated enough to understand the importance of "hold out data", so it wouldn't be hard to put together a demo with near perfect accuracy.

Re: Attention whoring of the highest order

[Brockmire]

You need to go back to keyboard school to learn how to use the return key.

Re: Attention whoring of the highest order

[Brockmire]

That's going to be a shitty algorithm if it only gets fed optimal images. Every one is probably a lot further than you on this.

Re:

[HornWumpus]

Also most: duck lips, startled look, tits stuck out at camera, in tight so fat not visible, flexing, scanned from _film_ print, completely fake.

Surprise, surprise...

[Chris Mattern]

Putting photos out where anybody can see them means putting photos out where anybody can see them.

Where is this...

[Anonymous Coward]

I was thinking about making an autoliker that only liked attractive people using machine learning, and learn neural networks while at it. This dataset will come in handy.

"The article notes that Tinder's API has already been used for other "weird, wacky, and creepy" projects, including "hacking it to automatically like every potential date to save on thumb-swipes"

Where is this? Please, I need it!

Re:

[h33t l4x0r]

Which are you though? Weird, wacky, or creepy?

DMCA

[Luthair]

Seems like people who had selfies scraped could file DMCA takedowns as they would own the copyright to the images.

Really though, is this surprising? Seems like one could get most of these images from Facebook directly anyway.

Uploading Not Okay

[OYAHHH]

I can see downloading for research purposes as being ok. And I can see developing the algorithms as being ok. I can even see uploading the algorithms as being ok.

Now all of the above is predicated on not violating the terms the "researcher" agreed to if/when she signed up for the account he used. Assuming an account was required.

But uploading the photos taken somewhere else for public consumption is just wrong.

Abuse of privileges is how we get to the point we find ourselves many times in society. This breech of the public's confidence is just another stab in the back to a society that values respect.

Re:

[henni16]

I see nothing wrong with scraping and sharing the scripts even if not for research purposes.
And if there's a ToS violation, well, that's between tinder and the user and tinder is welcome to block the account.

But - morality aside - uploading the scraped images will certainly violate copyright law pretty much everywhere and at least in certain (European) countries it will also violate privacy laws which make it illegal to distribute images without the consent of the depicted persons. So, yeah, not cool.

Re:

[imidan]

I can see downloading for research purposes as being ok.

In an academic environment, at least, you'd have to run that plan by the Institutional Review Board and maybe the Human Studies Review Board. You're collecting personally identifying data about people. Even though the information is available on a publicly accessible website, does that make the data public? It's against the TOS of the web site to scrape it, so unless you made a deal with Tinder to get the data, I'd guess that the Board would reject

Re:Uploading Not Okay

[aussie_a]

But uploading the photos taken somewhere else for public consumption is just wrong.

Tell that to all the people who upload material illegally and the millions who download them illegally.

Society has spoken and said copyright law is irrelevant. These are the consequences. Suck it up.

The dataset appears to be missing

[innocent_white_lamb]

The article links this as being the dataset "consist[ing] of six downloadable zip files, with four containing around 10,000 profile photos each and two files with sample sets of around 500 images per gender."

https://www.kaggle.com/scolian... [kaggle.com]

Which gives a 404.

Re:

[MillionthMonkey]

According to his README.md, the site got a takedown request from Tinder.

WAKE UP SHEEPLE

[XSportSeeker]

:P Sorry for the title.

But really, to the people complaining about this, ALL of your publicly accessible photos are entirely subject and probably already into "massive photo scrape". Tinder is saying they'll do "something" about it just because you know, PR speak, but they can't do much other than banning accounts which did it... which pretty much ammounts to nothing.
This also could easily be done with any social network profile photos. Any service which you can easily create a profile and go searching for

Why isn't the API secured?

[snoozy355]

Putting aside all the victim blaming for a second...

This is meant to be a private (closed-source) application, with a private API interacting to the private server.

Why the hell can anyone (read: unauthenticated users) access private data via a public and unrestricted URL? I've read articles reverse engineering their API. It's terrible! This is another company who did not put enough time and effort into securing the application and API, and now users (read: non-technical, real people, some of which paid money, all of which trusted the company) are left exposed.

I really wish there was a way to force companies (ie: legislate) to place far higher importance on this. I've also been in situations where, as a developer, I've had managers scuttle or ignore requests to lock things down, in the interests of deadlines or cost or worse yet, "we'll fix it once it's up and running."

Re:Why isn't the API secured?

[epyT-R]

The pragmatic reality is that once your pic is uploaded to the net it's up there for good. No amount of legislation will change that. If you don't want the pic shared with the public, don't upload it anywhere. These 'victims' should know better by now.

Re:

[DarkOx]

There is fine line between victim blaming and pointing out for the benefit of others who could learn from all this how not to be a target.

If you leave the door unlocked to house while you are going for the day, it does not give someone the right to enter and take your stuff. It does however make it easy for someone dressed in something looking like a letter carriers uniform, to go door to door trying knobs, in your typical bedroom community to take your stuff.

You are still a victim, but your choices or lac

Re:

[Chris Mattern]

The upshot is you are sending data that can be interpreted by a machine that is totally under the recipient's control. Expecting to be able to keep access to that data restricted for the recipient is foolish at best. There is no way to secure it, I don't care what your API does. You can't encrypt against access if you're going to giving away the keys.

Re:

[chispito]

Putting aside all the victim blaming for a second...

How are they victims? The only one victimizing people was whoever convinced the users they could anonymously use a service that requires a photograph. If one other person can view your photo, that one other person can distribute it.

Re:

[lucm]

Fuck me, this guy is a full blown autist.

He used Python, so he's probably just a mild aspie. If he had been a full-blown autist he would have used ruby.

Re: Full Blown Autism

[Anonymous Coward]

Well aspie or not, he's not wrong.

Re:

[Anonymous Coward]

The guy's a sociopath. That's not the same as autism.

Zuckerberg did that Harvard

[Anonymous Coward]

And was almost expelled for FaceMash

I Bitch and moan...

[TheOuterLinux]

I bitch and moan about Facebook and AI. After all, I am just a "no social life, crazy" Linux user. You tell people how stupid it is to use anything related to Facebook and that AI is nothing more than a tool to kill encryption and anonymity, and people get angry; I'm sure Slashdot keeps a record of my comments for you to confirm my rantings on this. And not to take credit, for many others have made this point as well. I know Slashdot has a Facebook and there will probably be a bunch of moderating in the nex

Re:

[__aaclcg7560]

I'm sure Slashdot keeps a record of my comments for you to confirm my rantings on this.

According to my scraping script [slashdot.org], you're a noob on Slashdot. Soapbox much?

Pages Processed: 13, Comments (Accepted/Total): 195/195
Scores (195) | -1: 0, 0: 8, 1: 155, 2: 24, 3: 3, 4: 3, 5: 2
Bonus (11) | Flamebait: 0, Funny: 1, Informative: 1, Insightful: 3, Interesting: 4, Offtopic: 1, Redundant: 1, Troll: 0
Total Time: 00:00:47.00

Re:

[TheOuterLinux]

Not really soap-boxing as much I'm just tired of the red herrings and ad hominems to keep people distracted and peer pressured on total crap. It seems as though most people are content as long as they have their iPhone and the polar ice doesn't melt. Meanwhile, the world sees people like me as figuratively holding a cardboard sign like a nut job. What's really frustrating is people knowing that their data is being used this way but not care, using phrases such as "I've got nothing to hide" (older generation

The data

[fulldecent]

So... has anyone actually seen the dataset? And can you make any comments about it?

Ummmm.....

[MerlTurkin]

Shiver me Tinders?