END OF TERM PROJECT:
(Tinder)
Rana Tabbara
Yarah Moussawi
Kafa Khalil
According to Mike Abrams (2016), Tinder is a location-based mobile app, used to hook up people by finding their matches. It allows users to like (swipe right) or dislike (swipe left) other users, and allows them to chat with each other only if both parties swiped to the right (a match) so that undesired people won’t invade someone’s private bubble.
In order to have a Tinder account one should Log in with Facebook, which generates access to pictures and contact lists.One can also connect their Instagram and Spotify accounts so that others can see more photos and get to know the type of music a person likes (Keating, 2017).
As a dating app, it is expected that Tinder collects Personal Information, including Sensitive Data, and other information.To dig deeper on the kind of data gathered and used we should further know that Personal Information is individually identifiable information which would allow Tinder or any other data collector to determine the actual identity of, and contact, a specific living person. Moreover, Sensitive Data includes information, comments or content (e.g. photographs, video, profile, lifestyle), it revealsone’s ethnic origin, nationality, religion and/or sexual orientation (Evans, 2017). A worthy question to ask now is: What principles and policies for data management are in place? And follow up questions would be: How are these information collected? , Are they collected and used in a way that respects the privacy laws? And do users’ information end up in undesirable places?
The above questions are all worthy ones that would help us assess Tinder as a data collector, and in order to do so we start by stating Tinder’s privacy policy:
1- You should not expect your data to be totally secured
2- Some of the data can be shared with third parties
3- You accept that your data is transferred to countries with data protection rules lower than those of your home country.
4- We assign your device one or more cookies or other technologies that facilitate personalization.
Data Privacy and Security:
Having that said, we see that tinder doesn’t secure its users’ information. They do state this fact in their terms and conditions, which is a contract users agree on with Tinder, however, they do not give people a clear idea on what does it mean to have unsecured data about them. Unsecured data can be transferred to countries with no data protection, thus such information can be abused in many ways, where third parties can gain access to them and use them for a potential new Cambridge Analytica. An example of OkCupid’s research can be drawn here, a group of researchers released a data set on about 70,000 users; it took identifiable personal data without consent. The data that was collected even includes the user’s names, ages, religion, gender, personality traits, as well as the personal questions OkCupid asks in order to match potential couples (Resnick, 2016). The fact that such an incident happened was due to OkCupid’s lack of concern over securing their data collected. The researchers had their hands on these data because according to them “these data were already public.”
According to the readings, with respect to data covered by intellectual property and trade secrets: The rights and freedoms of others mentioned in Article 20(4) can also refer to “the rights or freedoms of others, including trade secrets or intellectual property and in particular the copyright protecting the software” mentioned in recital 63, in order to protect the business model of data controllers (Article 15). Even though these rights should be considered before answering a data portability request, “the result of those considerations should not be a refusal to provide all information to the data subject”. The right to data portability is not a right for an individual to misuse the information in a way that could be qualified as an unfair practice or that would constitute a violation of intellectual property rights. A potential business risk cannot, however, in and of itself serve as the basis for a refusal to answer the portability request and data controllers can transfer the personal data provided by data subjects in a form that does not release information covered by trade secrets or intellectual property rights.
Moreover, Tinder presents the purpose of collecting data in the list provided below:
1- deliver and improve our products and services, and manage our business;
2- manage your account
3- perform research and analysis about your use of, or interest in, our or others’ products, services, or content;
4- communicate with you by email, postal mail, telephone and/or mobile devices about products or services that may be of interest to you either from us or other third parties;
5- develop, display, and track content and advertising tailored to your interests on our Service and other sites, including providing our advertisements to you when you visit other sites;
6- website or mobile application analytics;
No Openness and Transparency:
Looking at the list, number 1 says that they want to improve their products and services through the information they gather on their users, however, they do not state how the users’ information can be of benefit nor do they mention what are the information that can be of benefit. Number 3 states that the information and data gathered can be used for research on their product (which brings us back to the OKCupid issue) and other products and services, however, they do not specify what are the other products and services thus they disregardtransparency.
Algorithms and Metric Power:
Moreover, number 5 clearly states that they use the information to tailor advertisements to the users, however, they don’t provide the calculations on how they use what they acquire from data to analyze the type of advertisements we want to see, which brings us to the issue of Metric power. What if we do not agree with the ads that are said to be tailored for us? Tinder doesn’t mention that we can appeal to the algorithms. EU’s privacy law clearly states that individuals have the right to appeal to an algorithm and change inaccurate data gathered on them. However, this is not the only issue with Tinder’s algorithms, when adding photos you’re able to select a Smart Photos option that tests all of your photos and picks the best one to show first. However, how do these algorithms measure what is your best picture? And what if you don’t agree with the algorithms? If you don’t agree with the algorithm you can always turn the option off right? True, but not anymore. Smart Photos is now built in the Tinder app, so as a user you can’t appeal to the algorithms anymore (“Smart Photos is now default”, 2016). Using a new algorithm Smart Photos analyzes which of your profile pictures perform best and get the most likes (swipe right) and ranks them in that order. As more people get to view and swipe on your picture the algorithm improves and reorders accordingly (Woollaston, 2016). However, that could be a limitation to those who don’t get a lot of swipes, the algorithm remains novice and does not improve accordingly.
Alternatively, and according to the readings, more specific location data can be gathered as a phone’s SIM card automatically checks in with its nearest antenna. This data is particularly detailed in the case of smart phones, which constantly check for updates to email or other applications. As noted by Michael and Clarke (2013), “mobile devices autoreport their presence 10 times per second.” Mobile traces are an important new resource in tracking human mobility, but there is a tension between using these data as an engineering tool for policy-relevant research and understanding its contextual, ethical and political dimensions. The concept of ‘proper anonymisation’ is not a sufficient response to the complex challenges of using mobile data about potentially vulnerable populations in areas of poverty, political instability or crisis, where risks stemming from privacy violations may be collective as much as individual, and where those risks may involve physical danger rather than the unwanted marketing or identity theft faced by data subjects in high-income countries.
Storage of Data and the new Download option:
Moreover, it is worthy to mention Judith Duportail’s case. With the help of human rights lawyer Ravi Naik, privacy activist Paul-Olivier Dehaye, and a EU data protection law available to every European citizen, she was able to get Tinder to send her all the personal data they had on her which added up to an eye-popping amount of information:
“Some 800 pages came back containing information such as my Facebook “likes”, my photos from Instagram (even after I deleted the associated account), my education, the age-rank of men I was interested in, how many times I connected, when and where every online conversation with every single one of my matches happened … the list goes on.on.”
This case shows us that data derived from the users are stored and never destroyed even after they delete their accounts, which refutes the fact that Tinder’s data collection is primarily made to improve the service and the users’ experience or to contact the users, because if so why would they still keep information on someone who is not a user anymore? We thus can conclude that these information and data are kept for the sole purpose of gaining profit whether from sharing these info with 3rd parties for research or for advertisement purposes.
In response to the case with Duportail, Tinder issued a new feature on its app, which allows people to download some but not all information gathered on them, however, these information can’t be edited, which goes against the law to redress data. In that sense, through the following map of how data is gathered on Tinder we shall find out which of these data are available on the data sheet that can be downloaded and which of them are not.
Data Collection Proccess — by PersonalData.io:
According to Jerome (2017), to the left side, we have the data that a user supplies directly to Tinder. One could assumethat Tinder would simply provide a full copy of this, however, they don’t. When someone uses Tinder, he/she provides the app with personal information. That doesn’t only happen by typing or clicking in the app, the device used to access the app can also sendloads of information related to that person to Tinder (i.e. geolocation, access to photo library, phone ID number, sensors information, which other app you use, cookies information, etc).
From the bottom, there is data that’s collected about the user from 3rd parties. If Tinder for example is using personal data attained from other 3rd party sources to personalizethe service or acquire new users, they are required by law to: tell which data they have acquired and provide a copy of it on demand, and provide the user with the names of such sources (Jerome, 2017).
On the top, there is data that is transferred to 3rd party companies. These companies include, but not only, brands or advertising companiesthat want to reach a category of targets consumers. “Users have the right to know which data was transferred (receive a copy of it) and to know which companies received such personal data” (Jerome, 2017).
On the right side, we have the data that’s shared between companies of the Match Group, it includes Tinder along with many other dating apps and services. According to the Co-founder of PersonalData.io, “as the group is trying to consolidate the dating industry, it is becoming, by nature, a significant point of failure from a privacy point of view.”Stating in the privacy policy that Tinder will most likely share information with other groups and companies is not enough. Users have the right to precisely know if their data was shared to better “cross sell” various dating services to them. They also have the right to ask for a copy of the data that was transferred and to know the names of other groups companies that acquiredthese info.
An additionalsignificant category of data worthy to mention is the personal data derived from all previously mentioned data –that is the personal data produced by applying some logic of processing . The chart below, done by PersonalData.ioprovides a fictional example of how it may work with “the data that Tinder collects from users side directly and a third party source providing additional information to Tinder on its users”:
Security Flaw:
The security flaws threaten to reveal every swipe, match and conversation a user makes to a complete stranger. Researchers at Indian computer security firm Appsecure uncovered the bug. When someone logs into Tinder, the app gives the option of logging in with a phone number as a security identifier. They are then redirected to Accountkit.com for login, if the authentication is successful then Account Kit passes the access token to Tinder log in (Collins, 2018).
Moreover, it is worthy to mention “Tinder Gold” it is a paid feature that includes several boosts along with the opportunity to see who is liking you. Tinder was initially made as an app where you can anonymously like someone so that embarrassment would not follow any user. However, with this feature the population who is willing to pay has an advantage to see who likes them without the second player knowing. For example, X can see that Y is liking him/her however, Y is unaware of that, and Y who uses the normal feature does not have the same benefit that X has.
Assessment:
Having all that said and going back to the questions raised in the introduction:
What principles and policies for data management are in place?
How are these information collected?
Are they collected and used in a way that respects the privacy laws?
And do users’ information end up in undesirable places?
We can say that the privacy terms and conditions set by the app are fair, but vague, the collection process is done without providing enough info on how it’s done, and some of them do not fall under the umbrella of privacy laws. The data gathered can potentially fall into the wrong hands, and the data sharing is neither safe norspecified to the users. The app may then be graded 4/10.
Conclusion:
“The thing about online dating is that it’s really intimate stuff we’re dealing with”, says Renan Godinho, CEO and co-founder of the new augmented reality dating app Flirtar. “The prospect of finding the match of your dreams with a few taps and swipes on your smartphone is an alluring one, which is why people are generally more open to sharing their personal details with dating services than they are with other applications.”
Online dating is a sensitive topic that entails a lot of added care with regards to how “dating services” handleits users’ personal information. A dating app is considered just like any other app when it comes to the law. Built on the information disclosed on its terms of usage, it has every right to use its users’ information however it sees fit. Beyond its privacy terms Tinder has no obligation entitled to its users, it is just another business.
References:
Abrams, M. (2016), Sexuality and Its Disorders: Development, cases, and treatment. SAGE Publications
Keating, L. (2017). Tinder Users Are Finding More Matches Thanks To Spotify: Popular ‘Anthems’ include songs from the weeknd and drake. Tech Times
Evans, W. (2017). Sensitive Data at Risk: The SANS 2017 Data Protection Survey. SANS Institute InfoSec Reading Room
Resnick, M. (2017). The Patron Saint of Making and Coding. Hello World, 22(1), 34–48
Smart Photos is now default. (2016). Retrieved from:
https://www.reddit.com/r/Tinder/comments/5k9ao5/smart_photos_is_now_default/
Woollaston,V. (2016). The Algorithm That Can Predict when a Tsunami Will Strike. WIRED
Jerome, G. (2017). Tinder must be joking with their “download your data” option. Personal data.IO
Collins, T. (2018). Tinder hackers find a major security flaw in the dating app that lets anyone break into your account and expose your private messages using just a phone number. Mail online. Retrieved from: http://www.dailymail.co.uk/sciencetech/article-5421815/Tinder-security-flaw-lets-hackers-break-account.html
