"Some 800 pages came back containing information such as my Facebook “likes”, my photos from Instagram (even after I deleted the associated account)"
It's going to be interesting to see how Tinder tackles the 2018 EU General Data Protection Regulation in 2018 and how things will play out in courts and practice.
For example, are you allowed to store information that I have chosen to unlink? Will Tinder have an easy way to export the data without having to settle to long email conversations, as there is a right to data portability? If so, in what format will this data be presented?
Damn, the right to data portability had completely passed by me. This has the potential of being way more of a headache for existing services than the right to be forgotten. It's great, though - I can't wait to see when this gets tested in court.
Considering that they've managed to gather all of the author's data in a short time they would fare pretty darn well, for most companies that is the hard part.
The GDPR isn't nearly as scary as people set it out to be, and it gives companies a huge amount of wiggle room.
The GDPR replaces the right to be forgotten with the right to erasure.
But article 17 also gives the following grounds for refusal:
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
1) for exercising the right of freedom of expression and information;
2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5) for the establishment, exercise or defence of legal claims.
The first example is effectively a carte blanche to argue nearly any request for refusal in court.
The second one allows member states to pretty much tell companies not to delete information, whilst this was set up with compliance in mind, the wording has likely been formatted to also fit other needs such as security and state monitoring.
The third one pretty much allows you to keep medical records and insurance information.
The forth one is similar to the first with celebrities, public figures and major events in mind (the Gawker clause).
The fifth one has been singled out by dating sites and other services such as ride sharing apps as the reason for them to keep data.
I am not a lawyer this isn't a legal advice, speak to a legal firm or an auditor for proper advice.
I have been working on a few GDPR compliance projects internally for the past year and I've had to speak with quite a few lawyers and they all pretty much said it's actually far better for most companies than the existing framework as long as they can automate data discovery and know where they data comes from and where does it go.
You can fight the right to erase the data of a user pretty easily, what you cannot cockup (Art. 15, 20 and 21 of the GDPR primarily) is the ability to disclose what data you have on them and what is it used for which is like I've previously stated the tricky part for most cases.
And as far as I can see Tinder pretty aced the tricky part.
But what you are forgetting is Tinders (or any other companys) legal merrit for storing your data in the first place. Generalizing the Regulation; In most cases Tinder or any other only have the right to store (process or transmit to a third party) you data if you have given explicit consent. And you can revoke your consent.
So the issue is not the right to delete data in the case where you no longer use Tinder. The issue is that Tinder is simply not allowed to keep your data. In fact they must on their own initiative actively ensure they dont store data they are not allowed to, that is, on their own initiative delete your data, if you revoke your consent.
Edit: oh, and the best part. If you withdraw your consent Tinder is responsible for instructing all other companies that they shared your data with (including sold to) to delete your data (and followup that they did).
"The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal."
I'm also not sure if how did Tinder get the data (and yes it's important), Data sharing, 3rd party clauses etc. are also covered by the GDPR.
Does the GDPR can improve privacy? yes, but it really isn't the sledge hammer that people think it is.
This is a very big subject to big to cover over this channel to be frank.
Hmm but do you interpret that to be the act of processing while the consent was in effect is not retrospectively made illegal, or to mean that data shared/obtained while a concent was in effect is still legal to keep after the consent is withdrawn.
You do not have to delete the data once consent is retracted, unless it's the only basis for lawful processing and even then I'm not entirely sure if deletion is mandated as archiving is allowed.
Also (from B&B):
"Individuals can require data to be ‘erased’ when
there is a problem with the underlying legality of
the processing or where they withdraw consent."
This is also a bit vague but it looks like withdrawing consent does not invoke deletion explicitly, it might simply change the lawfulness of processing which might require you to delete data if it's you only use consent as the basis of your LP.
However explicit consent is also not the only way to do "lawful processing" there are other ways to keep and get data.
Tinder can claim lawful processing after a retraction of consent with other allowances under Article 6:
1) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
2) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The 2nd one is pretty straight forward this is in essence a third party clause loophole, and the first one can be used by Tinder or the likes specifically in such cases where they would need to give data to the authorities in the such cases as sexual assault or harassment.
There is also a difference with what the GDPR defines as "further processing", which what happens when you want to use information for other purposes than what consent was given for, there has to be a link but this is again vague enough to be on a case by case basis.
"Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes should be considered to be compatible lawful processing operations."
Bird & Bird has a lot of free information on GDPR and it's real world implications for companies google them :)
Completely agree that there are other basis for legality, but most of the seem to favor either the registered person or other laws. And that was sort of my thought when saying Tinder would have to delete if you withdraw consent: I would think consent would be the only grounds for processing data for a company like Tinder. Wrt 1 and 2 of article 6 you mention. I'd have though Tinder wouldnt be able to claim anything since for 1) the interest of the subject would the to delete it and 2) "Tinder making money on your data" cannot be considered a legitimate interest. And when it comes to Tinder havning to store due things like in the case of sexual assault they would still have to consider the priciples of limitation on what they use the data for (eg. cannot sell your sexual prefernces to adverticers if the only legal grounds is some law requirinh them to store data for a very scific cause), right? And then there is the whole notification to the subject thats going to be a major pain aswell.
Anyway, not a lawyer, and all the special cases you point out is probably valid. But thats why the only really interesting thing is to see the first cases and judgements on this so we can get some indication of interpretation. And ofcourse seeing EU will actually execute the high fines - if not then all this wont have any effect anyway
I think worst case (best case?) scenario is that they will 'copy' the data they're not supposed to keep off to another country, maybe anonymize it but otherwise the data will still be there. Its too important - even in anonymized form. Its capable of helping sociologists, medical researchers, advertisers, etc... They don't need to know that "James. T. McLovin' of 123 Happy Lane, went on 15 dates and slept with 3 women, prefers brunettes", but knowing that a "John Doe, M, 27, income of $50k, likes rugby, etc..." is good information to have.
The country the data resides in is irrelevant. If the data is about an EU citizen, that's all that matters.
I believe the company in question would also need a legal entity in the EU in order for the EU to prosecute them, as I don't think you can take (e.g.) an American company to an EU court. IANAL though.
You can take an American company to an EU court assuming the EU court has jurisdiction, and laws can specify that its jurisdiction should extend to actions taken outside the geographical area (I don't know if that is the case here).
Without a US court case they'd be dependent on assets or an income stream in the EU to be able to force payment of any fines, though.
If the company wants to do business with a EU customers, they have _some_ surface area in the EU, which is enough.
> an income stream in the EU
If the company cares for EU customers, there's probably also _some_ way to make money on them.
Unless EU customers will exclusively get Netflix USA ads in the future (which are 100% useless to them) on an otherwise 100% free service, there is a money stream to hook into.
That's not necessarily true for every site, though. A US site selling goods to EU consumers via US payment providers does not necessarily have any assets or income stream going through EU banks etc. that they could easily go after.
That said, that's usually only a problem with small companies. Very few large companies manage to avoid all financial exposure to the EU and still do business with EU residents, so it has relatively little practical impact.
Not only the money stream part, but if a big company pulls out of the EU, then they leave a big hole for someone else to fill. And you've just created a competitor who has a market base that you are choosing to not compete it.
e.g. if Facebook pulled out (unlikely), then someone can just make a new Facebook site (we already know what functionality to copy), and then suddenly Facebook has a competitor.
The GDPR relies on international treaties to make the location of the business irrelevant. Any company processing data of EU citizens must comply IIRC.
Do you have any pointers to where I can find info on that? It's clear that the GDPR itself establishes jurisdiction for EU courts over GDPR worldwide - it's very explicit about that.
But I can't find anything about how they'd make it enforceable in other jurisdictions (as opposed to enforcing the judgements by e.g. fining EU subsidiaries and the like).
Article 50 does say the Commission should take "appropriate steps" to ensure international "cooperation mechanisms", and its clear under e.g article 44 onwards that carrying out a transfer to a jurisdiction where the data would be subject to inadequate controls would be a violation of the directive, so you may very well be right.
>You can take an American company to an EU court assuming the EU court has jurisdiction,
Sure you can. EU Courts did it to Microsoft over (IIRC) internet explorer resulting in a brand new SKU. Microsoft tried the logic you used at which point the EU courts started levying 1.5m euro / day fines for noncompliance.
Turns out that if you want to do business in a jurisdiction badly enough, it creates their leverage to enforce their laws on you.
eh. Maybe. If they copy the data to a 3rd party in America (i.e. sell the data a marketing company, for "research" purposes), then the EU can't really go after the marketing company. I'm not saying it's right. I don't see why they couldn't anonymize the data (morally or ethically). But, I don't own a marketing company.
If a company based in the EU is transferring the data to a 3rd party in America without appropriate safeguards to ensure said data is treated in a way that complies with EU law, then the transfer itself is unlawful, and the EU can go after the company for that.
> If they copy the data to a 3rd party in America (i.e. sell the data a marketing company, for "research" purposes), then the EU can't really go after the marketing company.
No, but they can go after the original company who transfered the data. Remember, under EU law, companies don't own that personal data. It's not theirs to give away.
At first I thought "how would they know that" but it's simple: establish "home" for each of a match pair and identify that both parties' devices are at one or the other "home" during certain hours after matching.
In that sense, it's more than just data, it's inference, and that's almost worse as a private company's data could end up libeling you if it leaks!
I got fed up with Tinder's Android client and reverse-engineered their API (this was back when the Android security model let you use mitmproxy). Two things stood out to me:
1. The AI was kind of hacky. Updates were done by polling rather than push. There were a lot of unused fields - for example, "remaining likes" would hang at 100 until the likes were used up, then it would go straight to 0.
2. They tracked absolutely every action you took and sent it to a different server from the API requests. Opening settings, opening your own profile, opening someone else's profile - it was all logged. They knew exactly what you were doing in the app and for how long.
It wouldn't surprise me nowadays if this is standard practice but it was eye-opening to see it happening firsthand.
> 2. They tracked absolutely every action you took and sent it to a different server from the API requests. Opening settings, opening your own profile, opening someone else's profile - it was all logged. They knew exactly what you were doing in the app and for how long.
Are there always-connected apps that don't do things like this? It's always seemed like an obvious source of usage research data that the product team isn't going to want you to forego.
A lot of apps are A/B tested for new features, I would assume this is where the results come from.
I work on a web application, and would love to have some metrics which I would consider "logging". The distinction I would make is,
- Data collection is about learning things about your users
- Logging is about learning what your users were doing when Something Went Wrong.
Obviously, there's a _ton_ of overlap here, in that a lot of (all of?) the info one uses collects for one purpose could be used for the other. As a developer of the UI, however, my main concern is not about learning more about our users (our UX people already do that), but rather about understanding what happened, or which features are actually being used (so that we can know if they are safe to prune).
In reply to and0, you also need to keep in mind that companies alao might need to know which behaviors did NOT cause a crash to figure out the root cause of a crash as a sort of control group.
I think a simple test for how innocent the UI logging is would be: does it get uploaded all the time or logged locally until a crash happens?
If a company is hitting an external API with every interaction, I'm guessing it's for gathering data on user behavior. The question then is whether or not it's anonymous.
I wouldn't say it's more for logging, it's most likely for analytics purposes. A/B tests, funnels (how many people who install the app launch it, how many create an account, how many swipe right, how many swipe right a bunch, how many write a message, how many write a bunch of messages, how many buy the subscription, what page did they click it off of, how 'attractive' (some arbitrary number based on how many swipe rights, possibly) was the person they decided to buy the subscription for, etc.
Note, most sites that do analytics don't really care about who you are, individually, as a person, just how can they categorize you and your activities so they can generalize it and find ways to "improve the user experience" (read: improve how many users spend mucho dinero on our services).
And it's gotten to the point that they're never satisfied and want as much data as they can get away with so they can analyze it from a billion angles and tell the developers to change everything about the app every other week in the chase for better numbers.
You would have to tear apart the Android app itself. If it isn't obfuscated, it usually comes out pretty clean. Depends on how they implement things from there, but you could in theory reconstruct all their calls to their backend from the code. If they have an API/HTTP client that wraps it up nicely it often simplifies this chore from a static analysis perspective.
You can still use MiTM HTTP proxies pretty easily. If they don't pin certificates it is trivial. If they do pin certificates you have to understand how they are doing it and break that. Often trivial to easy, but requires an app-specific approach.
We haven't met an Android or iOS app using HTTPS that we could not MiTM yet. Usually without a lot of effort. Some times with a small to moderate amount of effort (a couple hours to a day of poking the app/code/certs).
> A few months earlier, 70,000 profiles from OkCupid (owned by Tinder’s parent company Match Group) were made public by a Danish researcher some commentators have labelled a “white supremacist”, who used the data to try to establish a link between intelligence and religious beliefs.
The guy's name is Emil Kirkegaard and the paper and data is still available. I skimmed the paper and have no idea why he was labled a "white supremacist", or by whom. ("some commentators", really? Is this journalism?)
Reading one of the only papers in his self-published "journal" that isn't concerned with showing that immigrants have lower IQs or more criminality than native white populations probably isn't the best way to establish whether he's a white supremacist or not, though it might be evidence for the claim that he's more contrarian crank than obsessive nationalist.
One can of course draw rather more obvious negative inferences about the quality of his research from everything from the paper's laughable description of the sampling methodology to its entire premise that correlation between responses semi-arbitrarily assumed to represent intelligence demonstrates validity of that set of responses as a measure of cognitive ability.
Assuming a reasonable portion of these are refugees(or from third world countries), wouldn’t that be a fair link to make? Malnutrition has a clearly established link to lower IQs, hence migrants having a lowe IQ(iirc, Nordic countries have the Flynn effect strongest, so this link might hold true even for immigrants from developed nations).
I'm loath to go down this rabbit hole, but wouldn't you also assume that migrants are the most tenacious and smartest, since they managed to survive huge changes, go somewhere new, and try to build something? It seems like migrants are self selecting for smarter people, although IQ tests are notoriously slanted by cultural expectations an societal norms and seem to be a poor method of measuring this.
People are weirdly positive about immigration. Are you sure you want tenaceous immigrants if they are criminals and/or seek to change the culture that you and yours live by?
I suppose we should differentiaye between illegal and legal immigrants. I'd venture to guess that, on average self selection for intelligence manifests in the form of legal immigration, while the so called "tenaceous" immigrants tend to ignore legal borders.
Before anyone accuses me of white supremacy or privilege or such nonsense, my parents were first generation legal immigrants.
> Before anyone accuses me of white supremacy or privilege or such nonsense, my parents were first generation legal immigrants.
How is that inconsistent with White supremacy or privilege? Because of geographic distribution of races, immigration demand, and per-country allocation of visa quotas, white people often have an advantage in legal immigration and the legal immigration is structured around preference classes which are themselves institutionalized privilege and also correlate with various more general privileges of birth, inheritance, and circumstance.
I think his intention in stating that was only trying to focus on the objective, informational debate at hand, and not devolve into complaints about him being a 'white supremacist', which people often use in debate to prematurely dispel arguments without considering their logic or point of view.
Ironically enough, his attempt at focusing on the objective led to you solely responding with accusations about how 'being white etc etc etc'.
Take arguments at face value; they can only be fully dispelled after reasoned, objective consideration.
Also: I will say that your point is a really interesting one re: racial privilege, but it's not relevant to the validity of his immigration stance.
> Did you ever consider that it OK to select people in a way that manifests as privilege?
I never said it wasn't. I simply said that your parents being “first generation legal immigrants” does not serve as an effective preemptive rebuttal to accusations of white supremacy or privilege directed at you, because the legal immigration system selects for privilege and includes (and in some sense advantages) whites (and does not systematically exclude whites who might later have offspring who might become white supremacists.)
Whether it is good or bad that the system has selective features that create their own privilege classes and align with existing socio-economic privilege is a separate and unrelated question.
> And here you've made the assumption that I am white.
No, I have not. I've merely pointed out that the preemptive defense against claims of white supremacy and/or privilege that you have offered doesn't actually defend in any way against those claims. I've stated nothing that makes any presumption about your race, which I'm not even remotely interested in.
> Also, I love how you're lumping in privilege of white immigrants with that of "white privilege" in the U.S.. It is a remarkably miopic view, as whites are not a powerful minority everywhere.
That's true, there are many places (like the US) where they are the dominant and privileged majority rather than any kind of minority.
Though, as you note, it's your parents, not you, who are immigrants, so, insofar as the position of the White race would be relevant at all to your experience, it would be the position of the White race in the US, not in some hypothetical place where White privilege does not exist.
> I cannot believe someone is seriously arguing about white privilege
But you are the one who—preemptively, without provocation—raised the issue of white privilege. All I've done is pointed out that your preemptive defense completely fails to defend against the imagined future attack against which you deployed it.
> If people like you didnt make certain research topics forbidden
What people have made which research topic forbidden, and in what way are those people like me? You seem to be engaged in a feverish debate against positions you’ve only imagined exist.
> You dont even know my ethnicity
Nor do I care.
> you fucking racist.
What, precisely, have I said that is even remotely “racist”? All I've said is that your claim to have first-generation immigrant parents is not any kind of rebuttal to the accusations of white supremacy or privilege against whose imagined future occurence you offered it.
> And how deep do you want to go down this rabbit hole?
Not as deep as you've already gone on your own, thanks.
> Fuck you and your divisive politicking.
I'm not sure exactly how pointing out that your statement about your parentage was not even germane to the point you offered it for is “divisive politicking”, but, yeah, whatever.
If you're so blind that the literal term "white privilege" is not racist to you, then there is no use in talking.
You've judged an entire race, including myself, and accused us of having some kind of property. Worse still, you use it as justification for taking from those you've determined have this nebulous "privelege".
Its identical to the logic used by white supremacists against Jews, or groups like the panthers and blm. Racism is not ok just because you're a minority and you think some guy had it easier because he's white.
It is so absurd that I have to point this out. That casual anti white racism has become so acceptable.
Look at places like Zimbabwe if you want to see where this could go. We made some 60 years of progress in race relations, and now people like you go around dividing us and screaming about something ad nonsensical as white privilege.
Let me spell it out to you, because you are truly oblivious to your bias. You blanketly characterized a group of people based off their skin color. And let me remind you, you brought whiteness and white privilege into this as though it were relevant. Not me.
I'm not interested in addressing the rest of your comment until you recognize your egregious racism; otherwise your logic is simply inconsistent.
And things like not having iodine in salt. That costs roughly $.05 per person per year but raises average IQ around 4 points. I gave money to the Iodine Global Network last year and I'd encourage others to do likewise.
And there are also all the other things that public hearth programs do for those of us lucky enough to grow up in wealthy countries which most people don't appreciate nearly enough.
Hi, I am the person who is cited in the article and who helped Judith get access to her data. If you are interested in the OKCupid story, Judith also wrote about this in more details, also with my input. https://www.letemps.ch/sciences/2017/04/07/laboratoire-fake-...
Just a brief look on the titles of the Kirkegaard's other publications seems to confirm that he appears to have a deep interest in immigration, genetics, crime and IQ. One of his independent papers even mention cranial volume, which sounds vaguely familiar: https://en.wikipedia.org/wiki/Scientific_racism#Craniometry_...
Is there any tool (chrome extension or whatever) that'll take an article and give thumbs up or down depending on crap like "some commentators", "anonymous sources", "allegedly" etc? So people can simply skip over such articles?
I tried to create one once that would do this and follow the author around to other articles. Could not figure out the go to market strategy. Still have the domain betweenTheBylines .com
The situation is unfortunate, and the guy doesn't seem like the brightest, but he is asking research questions that need to be asked.
Unfortunately, people will take this as another example of how "racists are stupid," but they dont realize that the only people who are willing to touch what communities like HN have made taboo are those with nothing to lose, or those who have already been "outed" as the racists they'll be accused of being.
Research into gender and racial differences does not need to be as sloppy as this Kierkegaard guy, and I can't deny that he unfortunately has an agenda, and that he's created a breeding ground for confirmation bias and cherry picking.
Point is, though, taboo is antithetical to science. And when we dont treat it as such, and cordon off certain topics as "not socially acceptable questions," then we end up with shit like Kierkegaard.
I always felt a bit silly logging in to Facebook in a private browser window in every other week, many times through a VPN. Also not sharing much more than jokes and cartoons or memes. Not to mention my absense from the hip social web, including Tinder, but many more as well.
Outliers such as yourself won't do much to curtail the practice of companies amassing identifiable, weaponizable, and often undersecured data about their users. And because the data is valuable and there have been few regulations put in place to balance that value with the burden of responsible handling, those companies will continue to collect more and in more creative ways, whittling away at your creative maneuvers to avoid it.
In my estimation, this is a good first step, but privacy has to be a feature of the system, not just a heavy shield you carry through it.
I just don't see the doom and gloom. You say "weaponizable" but even the worst offenders for oversharing aren't giving facebook information that seems that bad? Compare the data talked about in this article (likes, jobs, dating preferences) to data that already is public knowledge and avaliable to everyone: (assuming US) how much you payed in property taxes, where you live, what your phone number is, which political party you're registered to vote in (depending on the state this might also be linked to your telephone number or even last 4 SSN), all documents related to any companies you may have incorporated. Your public data footprint is far more expansive than the tiny slice companies like tinder and facebook have. The only reason they don't bother linking to the public realm is that personal data (unaggregated) is worthless from the prospective of "building models to sell adds".
They still build profiles on you though. When you phones wifi is near someone with an android phone or a Facebook app they'll handshake and tell the interwebs where you are and with whom.
I think Tinder specifically has far better grounds for having all this data than most tech companies. After all it is their core function to try to match people, and to do that well you need to know the people.
In theory, sure. In practice, Tinder seems to be a pretty blunt dating instrument. I'd be surprised if A / B testing a data-driven vs. non-data-driven match would yield significantly different user experiences.
I wouldn't go so far as to say they need all this data. The service could work fine with just self-reported preferences and profiles if you wanted it to.
"There is significant discrepancy between a user's stated dating preference and his/her actual online dating behavior." For how much discrepancy, read the paper.
It just dawned on me that Tinder is basically the new and improved version of Zuckerberg's original creation - Facesmash. Except Tinder can do so much more than that. And amusingly, Tinder is hailed as a great app while Facesmash was decried as a way of dehumanizing and objectifying people. My, how far we have come.
Absolutely. That also says something about the difference in the times. Zuckerberg forced people onto Facemash probably because he thought it would be easier than getting people to sign up voluntarily.
I actually know a couple who met on hot or not, and are now married. I didn't even think this was possible, but it turns out there was a comments section...
Data Available In-App
· Username
· Email Address (current)
· Phone Number (current)
· Birthday
· Name
· Snapcode/Profile Picture
· Snap Privacy Settings
· Stories Privacy Settings
· Friends (Contacts)
· Blocked Friends
· Snapcash Transactions
Data Available for Download
Account History and Information
Snap Count
Local, Live, and Crowd-Sourced Content History and Information
Purchase History
Snapchat Support History
Content and App Engagement History
Demographic Profile
Rumor is that snap keeps messages in google cloud compute encrypted. When messages are expired or read by the user, they just delete the encryption key.
I suspect the same reason PostgreSQL has VACUUM. Immediate deletion can be expensive, and deletion can be cheaper if done in batch. On the other hand, they want to make it immediately unreadable. Deleting key seems to be a good way to make something immediately unreadable while avoiding expensive immediate deletion.
OK, yeah, if we're talking about some sort of tombstone operation I get it; I thought the claim was the nefarious overlords of Snapchat were keeping the data around, which was harder to understand.
Probably for the same reason your hard drive doesn't actually delete data when you tell the OS to delete it, except that in this case, if implemented correctly, the data would become truly unrecoverable immediately.
Dating websites are, quite possibly, worse for our privacy than any social network ever invented. Consider this: A website like OkCupid can go much deeper than Facebook in understanding who you are, and what makes you tick. This is invaluable to marketers, and the government for that matter. I avoid dating websites because whose to say this data can't be used by others, such as insurance, employment, or the police? The following exchange from the television program "Person of Interest" I think is quite telling, albeit tongue in cheek, as to this threat: https://www.youtube.com/watch?v=DPirWp2oAJ4
In short, "certain data", for "analytical purposes".
Data retention
We keep your information only as long as we need it for legitimate business purposes and as permitted by applicable legal requirements. If you close your account, we will retain certain data for analytical purposes and recordkeeping integrity, as well as to prevent fraud, enforce our Terms of Use, take actions we deem necessary to protect the integrity of our Service or our users, or take other actions otherwise permitted by law.
My own biggest issue with data retention is not that these companies collect all this data (they need to for their business models to work) but that they keep all of it, forever, regardless of whether it could possibly still be relevant to any business purpose (such as chat conversions from a decade ago).
I actually think chat conversation from a decade ago would be quite relevant. One baseline recommendation system is "people who bought X also bought Y". Consider "people whose conversation is in cluster X generally liked people in cluster Y". If chat conversation can be usefully used to cluster users for better matching (and I think it can), it would be valuable to keep even if content is of no interest.
As a data scientist, I think losing actual words would be a loss. Words would be only used by word embeddings like word2vec, but actual words let you switch to better word embedding later.
It's scary that this data can be kept for years without the user being aware of it. If this data was breached it would be worse than Ashley Madison. I suggest there should be laws that say users should be given the option to delete data older than x months selectable by the user. It seems obvious that sensitive data should not be kept indefinitely after following https://haveibeenpwned.com .
Well, for instance, if your chat log still hangs around if you message the same person then it has to be on the server. A lot of stuff might be similar (don't show people you've already seen, etc.). The chat geolocation stuff though who knows.
Never had that, actually lot of people don't use their real names on dating sites or even FB. And if someone asks you say its for privacy reasons, people do understand. Look at Okcupid, its all nicknames there ;) same goes for other sites. Same goes for Apps.
Shit, if I dig deep enough in Usenet or my email archive (going back to the nineties!), I can easily find some cringe worthy things written by me. It's actually rather humbling and enlightening.
That's around 220 matches a year since shes had the app, so like 18 matches per month for four years...
She matched with a new guy every two days basically, and he mentioned she only sent 1700 messages since she started. That's almost two average messages per match before getting bored and moving on.
With that much abundance of choice, I guess you could say life is nice and easy for the author.
Well, you could say that, but is it true? Perhaps the post-match experience isn't necessarily very good, and anyway I'm not sure raw quantity maximizes anything normal people care about.
The going stereotype about Tinder is that most men (all but the most attractive) match poorly while most women (all but the least attractive) match well - but that (again, most) women nonetheless experience a lack of communication post-match.
Women have more matches, but a worse experience. Men have less matches, but the matches they get are better.
Which is better, getting 1,000 matches in a day, when 999 of them are people who just swiped right no matter what, or who are downright rude, aggressive or poor communicators?
Or getting 2 meaningful matches in a day from people who actually want to meet you and might be a good fit for a relationship or friendship?
The first is just a bunch of noise with no signal. The second is preferable.
And plus, I'm a guy and I would easily get 3 or 4 matches a day when I was on Tinder. It's not like men are completely ignored on it. I'm hardly a supermodel, but nice pictures and a well-written profile can go a long way on online dating. Plus living in a high-population city.
I've never used online dating and, barring some kind of calamity, won't ever be dating again, so I'm working only with second-hand experience. But what you say makes some sense for sure.
Well that makes sense since you hear about men just indiscriminately saying yes to everyone. And you also have to imagine that some of the comments are just obscene catcalls rather than attempts at conversation.
It's going to be interesting to see how Tinder tackles the 2018 EU General Data Protection Regulation in 2018 and how things will play out in courts and practice.
For example, are you allowed to store information that I have chosen to unlink? Will Tinder have an easy way to export the data without having to settle to long email conversations, as there is a right to data portability? If so, in what format will this data be presented?