On Monday, Buzzfeed reported that Grindr, a hook-up app targeting gay, bisexual, trans, and queer users, has been sharing users’ HIV status and last-tested dates with two third-party companies.
The gay hookup app Grindr, which has more than 3.6 million daily active users across the world, has been providing its users’ HIV status to two other companies, BuzzFeed News has learned.
The two companies — Apptimize and Localytics, which help optimize apps — receive some of the information that Grindr users choose to include in their profiles, including their HIV status and “last tested date.”
Because the HIV information is sent together with users’ GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF. (SINTEF was commissioned to produce the report by Swedish public broadcaster SVT, which first publicized the findings.)
Anyone with those data could pinpoint and target users based on their HIV status.
SINTEF’s analysis also showed that Grindr was sharing its users’ precise GPS position, “tribe” (meaning what gay subculture they identify with), sexuality, relationship status, ethnicity, and phone ID to other third-party advertising companies. And this information, unlike the HIV data, was sometimes shared via “plain text,” which can be easily hacked.
“It allows anybody who is running the network or who can monitor the network — such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government — to see what your location is,” Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
“When you combine this with an app like Grindr that is primarily aimed at people who may be at risk — especially depending on the country they live in or depending on how homophobic the local populace is — this is an especially bad practice that can put their user safety at risk,” Quintin added.
Criticism was quick, well-founded, and high-profile.
As Dan Seitz pointed out at Uproxx, there’s a not-so-minor legal dimension to this privacy violation.
This could also land Grindr in some fairly serious legal trouble. HIV and AIDS status are protected under the Americans With Disabilities Act, and it’s also often protected on the state level. And while Grindr may not have technically violated medical records law, since it’s a dating site instead of a doctor’s office, it may also be facing questions on that basis depending on where the records went and who used them.
Although its breach wasn’t as direct as that of CVS Health, under legal siege for mailing 6,000 letters to Ohio HIV patients in envelopes with clear windows that made both name and status visible, Grindr could hypothetically find itself facing suit.
Yet Grindr’s initial response was to defend the breach of privacy, despite the threat it posed users—and the liability it may expose Grindr to.
Grindr said that the services they get from Apptimize and Localytics help make the app better.
“Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem,” Grindr Chief Technology Officer Scott Chen told BuzzFeed News in a statement. “No Grindr user information is sold to third parties. We pay these software vendors to utilize their services.”
Uglier yet: Grindr blamed users for entrusting the app with the data it solicited.
In its statement, Grinder said it’s important to remember it is a public forum and users have the option to post information about their HIV status and date when last tested. It says its users should carefully consider what information they list in their profiles.
Only late Monday did Grindr announce they’d stop sharing HIV-related data.
Grindr has stopped sharing users' HIV status with its third-party vendors, the company's head of security told Axios. However, much of the concerns with Grindr's data-sharing practices were a misunderstanding of what was being shared and with whom, says Grindr security chief Bryce Case.
"I understand the news cycle right now is very focused on these issues," Case said, but added, "I think what’s happened to Grindr is, unfairly, we’ve been singled out." ... He said people hear the term third parties and think that the company has been sharing information the way that Facebook user data ended up in the hands of Cambridge Analytica.
Even after announcing an end to the policy, Grindr kept trying to defend itself. One version: Disclosure was optional, guys, so ... maybe privacy was, too?
Grindr also notes that, while HIV status can be a particularly sensitive issue in many parts of the world, and even in the U.S., it is an optional field on Grindr and when users do share that information it is available publicly to anyone viewing their profile.
And while advertisers do have access to other information, including age, interests, location and relationship status, HIV status is not shared.
"We’ve been very careful to balance the needs of our customers with the needs of our advertisers," Case said. "User trust is paramount."
The pushback to the “but we didn’t give it to advertisers” defense was immediate, and apt.
Plenty of people were unsatisfied with Grindr's explanation, pointing out that most other sites aren't trusted with someone's HIV status.
It’s been less than a week since Grindr was being lauded for adding a HIV testing-reminder feature, which could promote, destigmatize, and normalize HIV testing.
[Jeffrey] Klausner, a professor and former director of STD Prevention and Control Services at the San Francisco Department of Public Health, has used Grindr in research that distributed HIV testing kits to gay and bisexual men.
"Those kinds of projects aren’t really sustainable, so to see [Grindr] do something themselves and change the platform in a way that can really lead to sustained increase in HIV-testing reminders … is really a breakthrough," he told BuzzFeed News.
"Grindr is a leader in the field, so I’m hoping as Grindr paves the way,
Whatever Grindr does next, its practices have deeply alarmed the LGBTQ community and will almost certainly set back willingness to share HIV status.
It may be a commercial app, but as an LGBTQ app Grindr has responsibilities to the wider communities. That does not include sharing something as profoundly personal (and still stigmatised) as HIV status. If people wish to be open about their status on Grindr, that should be applauded and celebrated. Having an app that wraps itself in the rainbow flag passing on that status to third parties without their consent is a betrayal.
Grindr’s also vastly reduced the likelihood of its testing reminder feature to encourage testing. HIV continues to be stigmatized and criminalized, both at home, where non-disclosure can result in criminal prosecution, and abroad.
The data flaw raises questions about the security of Grindr's users around the world. Among the experts raising concerns is Harlo Holmes, director of newsroom digital security at the Freedom of the Press Foundation. Holmes said it’s important that companies like Grindr, which gather deeply personal information from users, not let that data fall into the wrong hands.
“Dating apps must especially take care to protect users from letting bad actors access sensitive data,” Holmes said. “This type of info exposure betrays our trust that the service can determine what fields of data should be public and private.”
Holmes said unlike Twitter, which is more public and which is transparent about who has blocked whom, Grindr introduces the additional layer of sexual orientation, and the release of a user's personal information could lead to increased stalking and other forms of sex-based harassment.
“LGBTQ folks have vastly different legal standing across countries and continents,” Holmes added.
The flurry of coverage suggests that even if Grindr doesn’t get the magnitude of its sins, the rest of us do.