Meanwhile in the parallel universe, in Russia, VKontakte provides full API access to anyone who clicks the button to create an API app. You only need manual review if you want access to messaging from user tokens, and that's a relatively recent change. Somehow, this hasn't turned into a privacy nightmare in more than 10 years the API was available.
I'm not defending VK — it does some increasingly user-hostile stuff too after having been acquired by Mail.Ru Group — but you can still integrate it into whatever the hell you want with ease.
Most of the data you can access through the API is public anyway. You could as well scrape it off the website, API just provides it in a more convenient format. For example, you're able to get profiles and friend lists and posts of arbitrary people, as long as they're publicly visible, without real authentication (but you do need a "service token" you get on the app settings page).
The worst thing to ever happen with that open data was that some debt collection agencies used it to threaten people and their friends, and I believe that's why those service tokens were introduced. And that story was rather widely publicized: https://www.the-village.ru/business/finance/217569-banki-pis... for example.
FindFace? It shut down its user-facing service several years ago and focused on selling its technology. There are rumors it has some government contracts.
Now there's FindClone instead. And I would consider finding somebody's identity by matching a photo of them with a database of VK profile pictures a privacy nightmare. I don't know If they got the pictures via an API or scraping, but it shows what can be done with easy access to this kind of data. People used FindFace to deanonymize porn actresses and out them to family for instance.
I'm not defending VK — it does some increasingly user-hostile stuff too after having been acquired by Mail.Ru Group — but you can still integrate it into whatever the hell you want with ease.