A big intel gap I’ve noticed in the OSINT space has been Tinder and other dating apps. By intel gap, I mean there’s information available but it’s hard to access and difficult to verify. Tinder is probably the most popular and notorious of the dating apps. However, because of it’s nature of being connected via Facebook/Instagram, it stands as a valuable source for OSINT discovery even in the face of scarce data. I’ve been pondering on how to make the most of this limited search in an investigation and have reflected on a tweet by Nico (@dutch_osintguy) where he shows how to access basic information from Tinder if you have a username you want to search.
I gave it some thought, and here’s my process.
The information available on Tinder when using the above method can be tested by using a couple generic usernames and comparing results. Here’s an example of @bob:
As you can see, what we have is a photo, a name, an age, and an occupation. Now, there’s no way at this point to verify if any of these data points are valid. We’ll have to compare to existing data we’ve collected or data we will collect in the future; however, this is what’s available and it’s actually quite a lot to work with.
There’s another thing I want to mention here though. Let’s say right off that bat you realize that the username you entered doesn’t match your preexisting data. Instead of lowering your head in failure, you have an Edison-like solution in front of you. Because the username you’ve previously verified doesn’t match the Tinder account, you can proceed with caution moving forward on the verification of that username on future account look ups. If you’re using a tool like Sherlock, this can be a valuable mindset to approach your work with.
For continuity, let’s take a look at another example. This time it’ll be @hannah, another generic username:
As you can see here, you have a picture, a name, and an age, but you’re missing an occupation. It’s important to note you wont have a consistent stream of data.
The ability to collect OSINT from photos is actually increasing with the rise of more advanced reverse image search and facial recognition technology. A recent post shared by Craig Silverman (@craigsilverman) included a great infographic on how to approach reverse image search with a breakdown of each search engine’s results. Here’s that image.
Since we’re looking at finding a face on this search, Yandex and Bing seem to be the best options; however, you shouldn’t count the others out. Doing a reverse image search may allow you to find additional profiles.
Note: There are more sophisticated reverse image search/facial recognition APIs out there. Clarafai and Rekognition come to mind. These, or APIs like these, will likely become more mainstream (free to cheaper) as time goes on.
The name doesn’t have a lot of value. However, two values it contains in an OSINT investigation upon initial glance is verification and alias discovery. If the name matches the preexisting name you have from your research, it adds validity to the previous data. If it doesn’t match, that doesn’t necessarily make it illegitimate. This could provide two possibilities.
- This is an alias the subject uses
- An imposter is using the subject’s photos
I’m sure there are other possibilities, these two just come to mind. Making a note of these when doing research, even when false information is possible, is important.
The display of age is important for a couple of reasons. Many mainstream social media platforms don’t display a subject’s age. Some offer a date of birth section, but they don’t enforce accuracy. With Tinder, it’s possible the age is incorrect, but the user is not very incentivized to mask their age unless their intent is nefarious. A positive match of photo and name could allow you to then record the displayed age as a possible data point in your research. However, remember to take everything you can’t verify with a grain of salt.
An additional thing to note, which was revealed to me by OSINT Support (@osintsupport) is that more information about the subject’s birthdate can be found by examining backend data through page source and the Mobile API. Here’s a snapshot of a random user:
It appears Tinder is still quite stealthy with their birth date format and true date of birth.
Occupation is another data point that has multiple points of value. At face value, the occupation section shows you where the subject may work. It also can reveal a location if it’s a unique workplace. If the subject works at Walmart, you might be screwed. If the subject works at TK’s Pizza, you may be in luck. Finding an occupation can also allow you to access coworkers through LinkedIn, Facebook, and other websites where users submit their workplace. Through those coworkers’ profiles, you can potentially find tagged images, endorsements, mutual friends, etc.
False Positives and Pivoting
Because of the lack of data and a search engine, Tinder will remain a bad source for OSINT. However, what it lacks in in-platform iteration is is abundant in off-platform iteration. The elaborate, the information you discover using this method of OSINT on Tinder can either confirm already collected data or provide new paths for data discovery. You can use a new image found on Tinder that isn’t available on other platforms as evidence. You can use a possible name difference as a pivot point for alias discovery leading to new profiles. You can use the age to verify an age you may have already collected. The possibilities are endless. It’s all about how you approach the data and how you make use of your false positives or what many would see as “useless” data that counts.