Slashdot Mirror
Massive Tinder Photo Scrape Has Users Upset (techcrunch.com)
Images of Tinder users "were swept up in a massive grab of some 40,000 photos from the dating app by a dataset collector who plans to use the selfies in artificial intelligence training," writes Slashdot reader Frosty Piss, sharing this summary of a report in TechCrunch.
Tinder said in a statement that the photo sweeper "violated the terms of our service" and "we are taking appropriate action and investigating further." The creator of the data set, Stuart Colianni, has released it under a CC0: Public Domain License and also uploaded his scraper script to GitHub.
He describes it as a "simple script to scrape Tinder profile photos for the purpose of creating a facial dataset," saying his inspiration for creating the scraper was disappointment working with other facial data sets. He also describes Tinder as offering "near unlimited access to create a facial data set," and says scraping the app offers "an extremely efficient way to collect such data."
The article notes that Tinder's API has already been used for other "weird, wacky, and creepy" projects, including "hacking it to automatically like every potential date to save on thumb-swipes; offering a paid look-up service for people to check up on whether a person they know is using Tinder; and even building a catfishing system to snare horny bros and make them unwittingly flirt with each other.
"So you could argue that anyone creating a profile on Tinder should be prepared for their data to leech outside the community's porous walls in various different ways -- be it as a single screenshot, or via one of the aforementioned API hacks. But the mass harvesting of thousands of Tinder profile photos to act as fodder for feeding AI models does feel like another line is being crossed."
He describes it as a "simple script to scrape Tinder profile photos for the purpose of creating a facial dataset," saying his inspiration for creating the scraper was disappointment working with other facial data sets. He also describes Tinder as offering "near unlimited access to create a facial data set," and says scraping the app offers "an extremely efficient way to collect such data."
The article notes that Tinder's API has already been used for other "weird, wacky, and creepy" projects, including "hacking it to automatically like every potential date to save on thumb-swipes; offering a paid look-up service for people to check up on whether a person they know is using Tinder; and even building a catfishing system to snare horny bros and make them unwittingly flirt with each other.
"So you could argue that anyone creating a profile on Tinder should be prepared for their data to leech outside the community's porous walls in various different ways -- be it as a single screenshot, or via one of the aforementioned API hacks. But the mass harvesting of thousands of Tinder profile photos to act as fodder for feeding AI models does feel like another line is being crossed."
Tinder said in a statement that the photo sweeper "violated the terms of our service" and "we are taking appropriate action and investigating further."
TOS is meaningless in cases like this. TOS are meaningless anyway, except as, perhaps, a means to ban users. And that's pretty pointless as well.
But really, what do people that put their photographs out on the Intertubes like this expect? Privacy? Really?
If you want news from today, you have to come back tomorrow.
I'm also an AI researcher. If I need a face dataset I could either use CelebA or the Facebook API to scrape user profile pictures. There's also a mugshot database/public DoJ and County jail mugshot API's so there's also that.
Now with "GAN" generative models, there's very little need for large datasets unless the existing datasets are biased in some way.
Let's get real here: someone wanted to build a Deep NN classifier for sexual promiscuity. Other than attention whoring, that's the only reason to harvest tinder users specifically.
Grindr would do well to tighten their hatches. Training a NN to classify "heterosexuality" from their userbase is the next natural progression. Perfect for a homophobic witch hunt in 3rd world countries. Will I go to hell if I sold such an app to a the Middle East law enforcement agency? Doesn't matter if it works as long as you can demonstrate efficacy on the training data.
Their purchasing agents are unlikely to be sophisticated enough to understand the importance of "hold out data", so it wouldn't be hard to put together a demo with near perfect accuracy.
Putting photos out where anybody can see them means putting photos out where anybody can see them.
I was thinking about making an autoliker that only liked attractive people using machine learning, and learn neural networks while at it. This dataset will come in handy.
"The article notes that Tinder's API has already been used for other "weird, wacky, and creepy" projects, including "hacking it to automatically like every potential date to save on thumb-swipes"
Where is this? Please, I need it!
I can see downloading for research purposes as being ok. And I can see developing the algorithms as being ok. I can even see uploading the algorithms as being ok.
Now all of the above is predicated on not violating the terms the "researcher" agreed to if/when she signed up for the account he used. Assuming an account was required.
But uploading the photos taken somewhere else for public consumption is just wrong.
Abuse of privileges is how we get to the point we find ourselves many times in society. This breech of the public's confidence is just another stab in the back to a society that values respect.
Caution: Contents under pressure
The article links this as being the dataset "consist[ing] of six downloadable zip files, with four containing around 10,000 profile photos each and two files with sample sets of around 500 images per gender."
https://www.kaggle.com/scolian...
Which gives a 404.
If you're a zombie and you know it, bite your friend!
Putting aside all the victim blaming for a second...
This is meant to be a private (closed-source) application, with a private API interacting to the private server.
Why the hell can anyone (read: unauthenticated users) access private data via a public and unrestricted URL? I've read articles reverse engineering their API. It's terrible! This is another company who did not put enough time and effort into securing the application and API, and now users (read: non-technical, real people, some of which paid money, all of which trusted the company) are left exposed.
I really wish there was a way to force companies (ie: legislate) to place far higher importance on this. I've also been in situations where, as a developer, I've had managers scuttle or ignore requests to lock things down, in the interests of deadlines or cost or worse yet, "we'll fix it once it's up and running."