It’s generally accepted in today’s society that once something is put online, it is no longer private. Most people are cautious about what they put on their social media profiles because they understand that employers or other people can access those profiles. However, are people equally cautious about their online dating profiles?

Privacy on Tinder; Searching for People

Tinder, a relatively new dating app, has gained tremendous popularity because of its simplicity and ease of use. It allows a person to decide if they’re interested in another user based off a picture, and to express interest by “swiping right.” However, a user can’t send a message to another user until they’ve each swiped right for the other. And, unlike other dating apps, Tinder doesn’t allow users to search profiles by username or email address, so it’s tough to find specific users. Many people might think that this makes Tinder a more secure or more private service, and that their profiles are safe. Sadly, this is not the truth.

New App, Swipe Buster, Trouble for Tinder?

A couple of weeks ago, a new website called “Swipe Buster” was introduced. For $5, this site allows people to see if a specific person is active on Tinder by searching their first name, age, and location. At first glance, one might think this is a violation of privacy or that the system is hacked, but this information is actually public. Tinder’s app programming interface (API) and database are public and accessible with simple effort from a person who understands computer coding, and the API is what stores each user’s name, age, location, and relevant information. No illegal methods or hacking were necessary to create Swipe Buster, which was specifically made to show people that the information people are sharing on Tinder is not as private as they think, even in an app that has no search feature and that only shows other users who are nearby and compatible. Swipe Buster proves that despite Tinder’s premise and usual user interface, the information that a user puts into the app can be easily accessed.

Privacy Concerns

Swipe Buster’s creator told Vanity Fair that the purpose of creating Swipe Buster was to demonstrate how much supposedly-private data is easily available, even when users aren’t aware of it. While app developers don’t necessarily have to make their APIs and databases private, and in fact often intentionally leave them public, a public API can be a scary thing to an app user who knows the potential consequences of having personal information available online.

For more information about privacy concerns or violations and how you can protect yourself, contact Revision Legal’s team of experienced internet attorneys through this form or by calling 855-473-8474.

Image courtesy of Flickr user Daniel Pesaresi.

What Tinder’s API Exposure Reveals About App Privacy Law

The Swipe Buster episode illustrates a gap that runs through much of US privacy law: the legal system has generally treated “publicly accessible” information as unprotected information. If a company’s API is publicly accessible — even if most users are unaware of it — extracting and aggregating the data from that API is typically not illegal under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030. The CFAA prohibits “unauthorized access” to computer systems, but if the API is open to anyone with the technical knowledge to use it, there is no unauthorized access — there is simply access.

This is the same principle at issue in hiQ Labs, Inc. v. LinkedIn Corp., 938 F.3d 985 (9th Cir. 2019), where the Ninth Circuit held that scraping publicly accessible LinkedIn profiles did not constitute unauthorized access under the CFAA. The court reasoned that the CFAA’s “unauthorized access” element requires more than a platform’s preference that users not scrape — it requires actual technological access controls that the defendant circumvented.

The FTC Act and Deceptive Privacy Practices

Even where data collection and aggregation is technically legal, companies like Tinder face exposure under Section 5 of the FTC Act, which prohibits deceptive trade practices. If an app’s marketing and user interface create a reasonable consumer expectation of privacy — “your profile is only visible to people nearby” — but the technical reality is that the app’s API makes that same profile data globally accessible, the gap between the representation and the reality is potentially deceptive.

The FTC has pursued this theory in multiple enforcement actions against companies whose privacy practices materially differed from their stated policies. In In re Snapchat, Inc. (2014), the FTC found that Snapchat’s representations that photos would “disappear” were deceptive because photos could be intercepted, captured by third-party apps, and recovered from device storage. The FTC required Snapchat to implement a comprehensive privacy program monitored by an independent assessor for 20 years.

Tinder’s case is analogous in structure: users believed their profile data was controlled by Tinder’s matching algorithms and only exposed to nearby compatible users. The public API told a different story. Whether that gap rises to the level of an FTC deception claim depends on what Tinder represented in its privacy policy and terms of service — and whether those representations were clear enough to negate any reasonable expectation of privacy.

Location Data and the Special Problem of Geolocation Privacy

The Swipe Buster site did not just expose users’ names and ages — it exposed their approximate locations, because Tinder’s API exposed the distance between the searcher and the target user. Location data receives heightened legal treatment for good reason: precise location data reveals patterns of life — where a person lives, works, worships, seeks medical care, and forms intimate relationships. Courts and regulators have increasingly recognized that aggregated location data is more sensitive than any single piece of information it contains.

Under the California Consumer Privacy Act (CCPA), precise geolocation data (defined as a radius of 1,850 feet or less) is classified as “sensitive personal information” entitled to enhanced protections, including the right to limit its use and disclosure. Under the GDPR, location data that can be used to identify a natural person is personal data subject to all GDPR protections, and location data enabling inference of sensitive characteristics — such as sexual orientation, health conditions, or religious affiliation — may constitute special category data requiring explicit consent.

Dating app location data presents particular sensitivity because it can reveal that a user frequents LGBTQ+ venues, fertility clinics, addiction treatment centers, or places of worship — information the user may never have knowingly shared. Several regulators, including the Norwegian Data Protection Authority (Datatilsynet), have launched investigations and issued fines against dating apps for sharing location and behavioral data with third-party advertisers without valid consent.

Privacy Best Practices for App Developers

The Tinder/Swipe Buster episode offers concrete lessons for app developers:

• Audit your API exposure. Conduct a thorough inventory of what data your API makes available and to whom. Distinguish between data that must be public for the app to function and data that is incidentally exposed because of how the API is built. Rate limiting, authentication requirements, and field-level access controls can substantially reduce the risk of Swipe Buster-style aggregation attacks.
• Align representations with reality. Your privacy policy and user interface should accurately describe what data is accessible, to whom, and under what circumstances. If your API makes profile data globally queryable, your privacy policy should say so — or you should change your API so that it doesn’t.
• Limit location precision. Where location is used for matching or discovery, consider building in fuzzing — rounding coordinates to reduce precision — so that exact location cannot be derived from your API. This is both a privacy best practice and a defense against CFAA and FTC claims.
• Implement data minimization. Collect only the data necessary for the stated purpose. If your matching algorithm requires location data, collect it at the precision needed for matching — not at precision that would enable physical tracking of users.
• Conduct regular privacy impact assessments. Apps in the dating, health, and financial sectors handle categories of data that warrant periodic assessment of privacy risks. A privacy impact assessment identifies gaps before regulators or researchers do.

What Users Can Do to Protect Themselves

Users of dating apps and other services that collect location and behavioral data have limited but real options for protecting their privacy. Using a slightly inaccurate location when setting up profiles can reduce the risk of precise tracking. Reviewing and tightening app-level permissions on mobile devices — particularly location permissions — limits what data the app can collect in the first place. Most modern smartphones allow location access to be restricted to “while using the app” rather than always, which prevents background location collection. Users who believe an app’s privacy practices are materially deceptive can file complaints with the FTC at ftc.gov/complaint.

Talk to an Attorney

Whether you are an app developer trying to build privacy-compliant products, or a user who believes a platform has mishandled your personal information, Revision Legal’s internet attorneys can help. Contact us through the form on this page or call 855-473-8474.