Some thoughts on defending against bots
Geography - stoping them onboarding to Tinder
There are 3,706,452,992 IP addresses in the IPv4 space, IP blocks assigned to ISP’s there are companies that know if an address space is residential or non-residential, the likely hood of someone using cloud / vps system is way higher than someone using thier home network
re-captcha non-residential IP spaces, if you cant recapture, gate them, send an OOB request do a thing that slows down automation
Diff - Identifying them at scale
Images: A high volume of fake profiles use images from Cam sites it would be smart to have a chat with the team in amazon (https://aws.amazon.com/rekognition/) for something in house or cheaper ? to rely on a service to do it for you, given enough time http://thispersondoesnotexist.com will have an API and we’re all fucked hah.
Essentially what the engineers and dba’s need to focus on is partial duplication identification and compare the volume of duplication to action the outcome of basic or suspicious
for example, basic might be ‘here for a good time, not a long time’
suspicious might be ’ I’m a bad girl 077 that needs a bad boy451 to show me how to behave000…’ or something with non ascii characters ( at least in western geographies) - i’m not saying be racist to UTF-8 or others, i’m just saying i’ve seen alot of shite on tinder and sometimes they use special characters, if Tinder is comparing on keywords, i hope they’re comparing on partial and full duplication of profile content
Another (not absolout) point is those that mention social media accounts in thier profiles but dont actually connect them, that’s also high confidence bullshit.