Facebook's Privacy Fixes Have Broken Tinder (theverge.com)

← Back to Stories (view on slashdot.org)

Facebook's Privacy Fixes Have Broken Tinder (theverge.com)

Posted by BeauHD on Wednesday April 4, 2018 @08:50AM from the stuck-in-purgatory dept.

Since the recent Cambridge Analytica data privacy scandal, Facebook has been rolling out more security and data privacy updates. "Today, however, the company announced sweeping changes to many of its most prominent APIs, restricting develop access in a number of crucial ways," reports The Verge. "Soon after, Tinder users started noting on Twitter that they had been kicked off the dating app and couldn't log back on, as those who used Facebook Login were caught in an infinite loop that appears to be related to an unknown bug." From the report: The app has been bringing up an error message to booted users, titled Facebook Permissions, stating that users need to provide more Facebook permissions in order to create or use a Tinder account. If users tap "Ask me," which is the only given option, the app requests they log into Facebook once more and the loop starts again. Roderick Hsiao, a senior software engineer at Tinder, tweeted that users could still access the service through its web browser while engineers worked on fixing the mobile client.

73 comments

Min score:

Reason:

Sort:

Day of reckoning by DigiShaman · 2018-04-04 08:52 · Score: 4, Insightful

A day of reckoning. We're all going to get our due. Meanwhile, I've got lots of popcorn ready, just need more butter.

--
Life is not for the lazy.
1. Re:Day of reckoning by ilsaloving · 2018-04-04 09:57 · Score: 4, Funny
  
  *queries facebook to find out exactly how much butter and popcorn you have, and how that relates to your political position and buying habits*
2. Re:Day of reckoning by bluefoxlucid · 2018-04-05 02:16 · Score: 1
  
  Can you tell me if he's likely to donate, or does that cost an extra 6 cents per append?
  
  --
  Support my political activism on Patreon.
Grindr by 110010001000 · 2018-04-04 08:53 · Score: 5, Funny

Grindr still works fine.
1. Re:Grindr by 110010001000 · 2018-04-04 08:58 · Score: 3, Funny
  
  Smoking is a terrible habit.
2. Re:Grindr by Anonymous Coward · 2018-04-04 09:14 · Score: 0
  
  What if she is smoking hot?
3. Re: Grindr by Anonymous Coward · 2018-04-04 09:33 · Score: 1
  
  That means you didn't use enough lube.
4. Re:Grindr by Anonymous Coward · 2018-04-04 09:57 · Score: 0
  
  Smoking pole is amazing.
5. Re: Grindr by Anonymous Coward · 2018-04-04 13:29 · Score: 0
  
  Only required if she is actually a he. A vagina that demands a full cock will flow like a river, so lube not needed
6. Re: Grindr by Anonymous Coward · 2018-04-04 18:42 · Score: 0
  
  Creimertard detected. Calling in drone strike now.
7. Re: Grindr by Anonymous Coward · 2018-04-04 20:33 · Score: 0
  
  I've needed lube for even attractive women. After menopause, they may need a bit of help. Before menopause, there are some orifices some women enjoy that may benefit from some lube. Conversely, your mother didn't need lube, she needed clothespins to hold things closed.
Tinder and Trump by Anonymous Coward · 2018-04-04 08:54 · Score: 0

Did Tinder collude with Trump or with Hillary?
Fuck no! by Anonymous Coward · 2018-04-04 09:01 · Score: 0

All in the subject.
Tinder deserves it by Anonymous Coward · 2018-04-04 09:07 · Score: 0

Tinder deserves it for depending on somebody else's platform that can be changed on a whim.
Good by Anonymous Coward · 2018-04-04 09:09 · Score: 1

Maybe, just maybe, when it stops them from banging, people start to realize, that they double-sold their soul to facebook after starting to use facebook sign-on in 3rd party apps...
LOL ... Jesus, really by Anonymous Coward · 2018-04-04 09:13 · Score: 5, Insightful

Holy fuck, you use Facebook ... as your login to Tinder ... and when that breaks, you turn to Twitter to bitch about it?
Why the fuck you would use your Facebook as a login for every other site is beyond me. Sure, it's convenient, but at that point you've decided Facebook should be integrated into every aspect of your life.
Fuck, there's no hope for humanity. This social media shit has created a world full of fucking morons.
You idiots deserve what you get.
1. Re:LOL ... Jesus, really by b0s0z0ku · 2018-04-04 09:17 · Score: 4, Informative
  
  I think Tinder actually REQUIRES Fecebook and pulls photos, etc from your profile.
2. Re:LOL ... Jesus, really by UnknownSoldier · 2018-04-04 09:23 · Score: 1
  
  Why do you think its called FecesBook by people who don't use it?
  * People post their crap that no one gives a fuck about,
  * Only shit-for-brains people use it
  --
  FaceBook Censorship: "facebook purity" will be blocked but reversing it works: purity facebook. WTF!? *facepalm*
  Source: https://tech.slashdot.org/comm...
3. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 09:25 · Score: 0
  
  This social media shit has created a world full of fucking morons.
  Not just fucking morons, but morons that are fucking.
  Humanity is doomed.
4. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 09:37 · Score: 0
  
  I agree. Losers, the lot of them. Get out of your basements and off your friggin phones and enjoy the sunshine and fresh air with some friends.
5. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 10:02 · Score: 4, Insightful
  
  I think Tinder actually REQUIRES Fecebook and pulls photos, etc from your profile.
  LOL ... oh my fucking god, its the goddamned fucking social media apocalypse.
  I'm glad I'm too old and grumpy to give a fuck about any of this social media crap, because that level of stupid is beyond my comprehension.
  So the whole world has lost their collective fucking minds, and bought into the notion that Facebook should be central to your fucking lives? And you fucking morons are OK with this???
  Holy fuck, but humans are fucking stupid.
6. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 10:14 · Score: 0
  
  They were trying to get out of their basements but since they relied on FB login they were unable to continue to try to find a reason to go out.
7. Re:LOL ... Jesus, really by jareth-0205 · 2018-04-04 10:24 · Score: 3, Insightful
  
  I agree. Losers, the lot of them. Get out of your basements and off your friggin phones and enjoy the sunshine and fresh air with some friends.
  He says, by posting on Slashdot...
8. Re:LOL ... Jesus, really by youngone · 2018-04-04 10:26 · Score: 2
  
  I understand a senior manager where I work asked why she could not use her Facebook logon to access the corporate network.
  I was not involved in the conversation, but I the realities of security were explained to her quite forcefully.
  I am not confident she got the message however, as she works in HR so it probably went right over her head.
9. Re: LOL ... Jesus, really by Anonymous Coward · 2018-04-04 10:44 · Score: 0
  
  Being a loooooooong time Corp IT person.
  Trying to force someone in HR to follow policies that they helped write, support or enforce is about like trying to make anyone on government do the same. Except, in this case the fear of the boogey man getting you is real as they can shitcan your ass.
10. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 10:53 · Score: 0
  
  be careful what you wish for, the last time a horde of basement dwellers emerged, they made a stupid tv series out of it, something about zombies...and none of this will benefit humanity.
11. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 11:23 · Score: 0
  
  A world full of fucking morons
  
  Exactly. We still need to login before we get to the f***ing, you insensitive clod!
  
  Just to make things perfectly clear.
12. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 11:25 · Score: 0
  
  I'm glad I'm too old and grumpy to give a fuck about any of this social media crap, because that level of stupid is beyond my comprehension.
  
  Dunno...your post doesn't seem like that of someone who doesn't give a fuck.
13. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 14:13 · Score: 0
  
  well I created a second facebook account with no info just for tinder.
14. Re: LOL ... Jesus, really by Anonymous Coward · 2018-04-04 16:33 · Score: 0
  
  Well that's their ÂluckÂ
15. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 16:53 · Score: 0
  
  No you can just sign up with your phone number.
16. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 18:32 · Score: 0
  
  He doesn't give a fuck in the "I'm laughing at your face for being and idiot" kind of way.
17. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-04 22:54 · Score: 0
  
  I wish I could vote this up.
18. Re:LOL ... Jesus, really by bluefoxlucid · 2018-04-05 02:18 · Score: 1
  
  Wait until Tinder and OKC realize that FOSTA makes them criminally-liable if anyone sets their age to like 20 but is really 14, or is a prostitute being pushed by a pimp.
  Wait until Facebook realizes it, too, is liable.
  
  --
  Support my political activism on Patreon.
19. Re:LOL ... Jesus, really by Anonymous Coward · 2018-04-05 02:42 · Score: 0
  
  I knew it was a bad idea to let tinder have access to my facebook but dude I got mad puss that way.,
20. Re: LOL ... Jesus, really by Anonymous Coward · 2018-04-05 08:34 · Score: 0
  
  Slashdot is not social media.
  I don't come here to talk to friends. I come here to discuss tech topics and to get into arguments with strangers you insensitive clod.
21. Re:LOL ... Jesus, really by Jesus_666 · 2018-04-06 04:44 · Score: 1
  
  You are aware that Slashdot is a social media site? It's not the share-your-life kind of social media but its heavy emphasis on discussion does make it social media.
  
  Of course the rest of your point still stands. Non-pseudonymous social media are inherently dangerous and Facebook is about as trustworthy as a guy waving around a burning torch inside a fireworks factory.
  
  --
  USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Who trusts FB as an authentication provider? by ctilsie242 · 2018-04-04 09:16 · Score: 3, Insightful

I know this is dumb, but why are sites trusting FB to do their gatekeeping for them? FB doesn't have any certifications or compliance. They do not sell themselves as this, but other companies use them for this purpose. We don't even know if FB does password hashing.
1. Re:Who trusts FB as an authentication provider? by b0s0z0ku · 2018-04-04 09:18 · Score: 3, Informative
  
  Tinder doesn't just use FB as a login -- it was (at least originally) an overlay over FB that used your profile info (i.e. photos, etc) to generate a profile.
2. Re:Who trusts FB as an authentication provider? by Jarik+C-Bol · 2018-04-04 09:31 · Score: 1
  
  I have no idea. There have been a number of websites and services that I've actually just ignored or found alternatives to over the years because they all hump facebook's leg by using facebook login as their only form of user registration.
  I remember when facebook was young, and all my friends and family where signing up, and I actually visited the "Make an account" page, and had this weird unsettling sinking feeling, said to myself "I do not want or need this bullshit." and closed the page, and never looked back.
  Based on the recent news cycles, I think I made the right choice.
  
  --
  I've decided to Diversify my Holdings. I've divided my cash between my left and right pockets, instead of all in one.
3. Re: Who trusts FB as an authentication provider? by Anonymous Coward · 2018-04-04 09:48 · Score: 0
  
  I am pretty sure there are people who use Facebook to authenticate on Slashdot...
4. Re:Who trusts FB as an authentication provider? by jareth-0205 · 2018-04-04 10:33 · Score: 1
  
  Convenience... it gets you out of the tedium of asking users for names, DOB and photos and things, and having to build photo uploading tools, and requiring the user to actually find photos that they may not have available on the device their currently using... Or you can use Facebook login and just drag all that from their site. It's a huge timesaver for the dev and the user, if you are willing to lean on Facebook. I mean yeah it's not a great idea to be reliant on a 3rd party, but then Tinder was one of the first to do it and it really helped them in the early days, they might not be a thing at all with out having that sort of convenience.
5. Re:Who trusts FB as an authentication provider? by rogoshen1 · 2018-04-04 11:04 · Score: 1
  
  Ah yes; but at this point it doesn't matter if you made a profile yourself. While the 'shadow profile' thing gets trotted out frequently, there's a reason for that.
  What would you wager the odds are of FB being able to identify you by browser signature/IP etc; and tying that to your shadow profile?
  So basically you're getting the same dose of privacy rape as everyone who uses FB directly; but with none of the (questionable?) benefits of using the site.
6. Re:Who trusts FB as an authentication provider? by ceoyoyo · 2018-04-04 11:07 · Score: 1
  
  Facebook does sell themselves as a single sign on provider. Here's a photo of 2010 Zucks announcing the mobile version:
  https://www.cnet.com/news/face...
  How good a job do they do? Probably a pretty good one. Their profitability is directly tied to getting, having, and keeping loads of data. Probably better than the random companies who would otherwise roll their own. Do they keep track of where you've signed on using the service? Of course.
7. Re:Who trusts FB as an authentication provider? by Anonymous Coward · 2018-04-04 11:08 · Score: 0
  
  Convenience... it gets you out of the tedium of asking users for names, DOB and photos and things, and having to build photo uploading tools, and requiring the user to actually find photos that they may not have available on the device their currently using
  Ah, they had a business plan, some VC funding, and no competent staff to build the pieces they were trying to sell.
  So what you're telling us is Tinder was implemented my lazy, incompetent morons who piggy backed on someone else's work?
  Wow, and people wonder why I think most tech millionaires should be shot. Lazy, useless sacks of shit.
8. Re:Who trusts FB as an authentication provider? by Anonymous Coward · 2018-04-04 23:19 · Score: 0
  
  Basically, it is FaceMash. FB should acquire Tinder.
9. Re:Who trusts FB as an authentication provider? by bluefoxlucid · 2018-04-05 02:29 · Score: 1
  
  I should totally make shadow profiles illegal, specifically. If you have a sign-up service and a person doesn't sign up, you can't aggregate data about them to an identity and act on it (transfer, sell, aggregate) except to allow said person to initiate a contact in which they would like to see what data you are able to collect about them from data they are allowed to collect and retain about people who have signed up.
  Yes that's a weird exception. If I have a bunch of stuff about you spread out and I just "don't look at it", I can still whip up a specific profile about you in 30 seconds. If it's data about other people--people keep saying they're hanging out with you, they go to your house a lot, they show up in photos with you--I can't scrub that without censoring those people or not having data about their movements (which means not having data about anyone's movements). If I'm allowed to have data about people at all, I can infer a lot about you, and pretending I can't only damages transparency.
  Thus it should be illegal for me to share the profile, aggregate the profile into data, or use the profile for anything other than to allow you to see what I can figure out about you on a whim (or maybe to fill in your profile if you create one and instruct me to do so).
  Note that this such data should not ever contain data sourced from you--such as an identification of your presence in an area (e.g. your friend posted a picture at a bar with you, sure; we identified your phone there because you browsed a Wordpress site with Facebook comments and were able to correlate the browser with you personally and the IP to the bar, NO. BAD).
  
  --
  Support my political activism on Patreon.
10. Re:Who trusts FB as an authentication provider? by Anonymous Coward · 2018-04-05 03:13 · Score: 0
  
  Tinder isn't exactly what I consider a top tier dating app either.
11. Re:Who trusts FB as an authentication provider? by Anonymous Coward · 2018-04-05 10:07 · Score: 0
  
  The whole point of Tinder was to be a dating app that used Facebook info to make sure it never recommended someone you already knew. Facebook login isn't a side-feature of Tinder; it's the primary feature of Tinder.
12. Re:Who trusts FB as an authentication provider? by Jarik+C-Bol · 2018-04-07 12:17 · Score: 1
  
  True, and with no way to check if facebook has a shadow profile for you, its impossible to tell what they do and don't have. From what I can tell, beyond keeping a mild lookout for people taking pictures at parties and trying to stay out of frame, (to avoid being tagged in their pictures) there is not much you can do to minimize or prevent the existence of a shadow profile. I suppose if you're lucky, and never gotten a picture of you tagged, you can keep your actual image out of the data they have on you. So they mostly only have what they can infer from other peoples posts that mention you, and what they scrape from websites with their ubiquitous "Like" button; and who knows what all that thing scoops up.
  Honestly, the idea of shadow profiles of me existing on sites i've never used bugs the hell out of me when I think about it much, but alas, probably only the most isolated members of humanity are safe from them; aka never interacting with anyone who might take a picture of you. Hell, there are probably shadow profiles of amish people at this point.
  
  --
  I've decided to Diversify my Holdings. I've divided my cash between my left and right pockets, instead of all in one.
Testing, 1,2,3 by Camarillo+Brillo · 2018-04-04 09:23 · Score: 1

Hello software programmers; its called regression testing. You do it after making major changes to check if you have broken anything. I think it's ususlly taught in CompSci 101.
1. Re:Testing, 1,2,3 by Anonymous Coward · 2018-04-04 09:33 · Score: 0
  
  Too many folks thing unit tests are all that has to be done prior to release. FUNCTIONAL TESTS TOO THAT ARE LARGE THAN A UNIT ARE REQUIRED :P
2. Re:Testing, 1,2,3 by PolygamousRanchKid+ · 2018-04-04 09:40 · Score: 1
  
  Hello software programmers; its called regression testing.
  Have you ever heard the expression:
  "The world is my oyster!"
  Facebook says:
  "The world is my regression test!"
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
3. Re:Testing, 1,2,3 by Aristos+Mazer · 2018-04-04 09:48 · Score: 1
  
  In this case, it doesn't seem like a case of not testing. It seems more like a case of not caring what happens to downstream APIs. Facebook changed the API ... I bet all their own stuff kept working. The third parties are the ones scrambling to deal with the API change.
4. Re:Testing, 1,2,3 by Desler · 2018-04-04 10:03 · Score: 1
  
  I think it's ususlly taught in CompSci 101.
  Well there’s your problem. It’s not.
5. Re:Testing, 1,2,3 by Anonymous Coward · 2018-04-04 10:05 · Score: 0
  
  If only there were unit tests for spelling and grammar. Yikes!
6. Re:Testing, 1,2,3 by jareth-0205 · 2018-04-04 10:28 · Score: 1
  
  Hello software programmers; its called regression testing. You do it after making major changes to check if you have broken anything. I think it's ususlly taught in CompSci 101.
  Um... I doubt that Facebook were going to test 3rd party sites when they're changing their API, they've got more important self-interest things to worry about now. And Tinder devs were caught out because the API changed.
  Reminds me of when Windows locked down admin privileges and a bunch of programs broke. Probably they shouldn't have been operating like that in the first place... but that's difficult to know when it was working fine...
7. Re:Testing, 1,2,3 by Anonymous Coward · 2018-04-04 20:12 · Score: 0
  
  Grammarly. Just checked and it catches two of the poster's errors. Better than none.
8. Re:Testing, 1,2,3 by Anonymous Coward · 2018-04-04 22:34 · Score: 0
  
  Call API
  Check return code of API was successful else exception routine.
  I guess they never studied programming.
9. Re:Testing, 1,2,3 by parkinglot777 · 2018-04-06 04:58 · Score: 1
  
  Hello software programmers; its called regression testing. You do it after making major changes to check if you have broken anything. I think it's ususlly [sic] taught in CompSci 101.
  Are you talking about FB or Tinder programmers? It sounds like you are talking about FB but I hope you at least are talking about Tinder instead.
10. Re: Testing, 1,2,3 by Camarillo+Brillo · 2018-04-08 23:55 · Score: 1
  
  I was referring to both. An API is sort of a contract. An interface is meant to be a defined relationship with expected responsibilities on the caller and the host. If the host wants to change the interface, they should add a new function, rather than modify the existing one. At least, they should notify the users that a serious change had been made, so that the caller can do better testing.
On a positive note by Anonymous Coward · 2018-04-04 09:32 · Score: 0

STD rates should start dropping with Tinder down.
1. Re:On a positive note by Anonymous Coward · 2018-04-04 10:06 · Score: 0
  
  As 110010001000 noted, Grindr still works fine.
2. Re:On a positive note by Anonymous Coward · 2018-04-04 15:41 · Score: 0
  
  True. Pole smokers everywhere are unaffected by this outage.
'Manual workaround' by TJHook3r · 2018-04-04 10:39 · Score: 1

Dates with Palmela Handerson on the agenda.
Facebook is NOT a good federated identity provider by imidan · 2018-04-04 10:43 · Score: 1

I've had this conversation with multiple people in academic/research contexts. We want single sign-on, and we want to reduce the proliferation of accounts that people need, and the suggestion keeps coming up that we use Facebook as authentication for various systems. Now, for the things we're talking about, security is probably not the biggest concern (low-value, low visibility target with access to niche data that most attackers wouldn't know what to do with). But Facebook has no guarantee of a stable API, I have no idea what it would take to get a support contract for authentication, there are any number of institutional policies that would prevent using it, ... and the list goes on. People like the idea because it sounds easy, but it's a terrible idea for a lot of reasons.
This is Tinder's fault, not Facebook's by Anonymous Coward · 2018-04-04 10:59 · Score: 0

I hate Facebook as much as everyone else, but let's be honest here - this is Tinder's fault probably for asking for way more info than should be required just to use Facebook's SSO feature. Facebook didn't break anything.
1. Re:This is Tinder's fault, not Facebook's by broknstrngz · 2018-04-04 11:08 · Score: 1
  
  If people used their LinkedIn profile pictures on Tinder, would anyone still get laid?
Tinder fail by reanjr · 2018-04-04 13:30 · Score: 1

Maybe Tinder shouldn't base their entire business model on the good graces of Facebook.
Re: Facebook is NOT a good federated identity prov by reanjr · 2018-04-04 13:33 · Score: 1

If you just want sign-on, FB's API is OAuth based and mostly standard. I wouldn't worry about it unless you're actually using it to scrape the user graph or somehow impersonate the user's actions on FB (like leaving a comment in their name).
Tinder caught with their by Anonymous Coward · 2018-04-04 16:20 · Score: 0

What I take from this is that Tinder could have just been caught riding piggyback on Facebook's lack of security and, therefore, may have a few other secrets to contribute to this whole tech-behemoth debacle.