Dating app Grindr, used by millions of people every day, has been sharing its users’ personal data including their HIV status with third parties, an investigation by BuzzFeed News has found. Grindr users, which include gay, bi, trans and queer people, have the option to indicate on their profile whether they are HIV positive or not.
Grindr has been sharing people’s HIV statuses and test dates with two companies that help “optimize” the app, called Apptimize and Localytics, BuzzFeed reported. As the HIV info is shared along with GPS data, phone IDs, and email addresses, it makes it possible to link specific Grindr users with their health condition. Perhaps more serious from a systematic standpoint, however, is the unencrypted transmission of a great deal of sensitive data as the report revealed.
What makes this particularly egregious is that Grindr has often talked a big game about privacy. In many places around the world Grindr users, primarily gay men rely on that touted privacy as sexual minorities face discrimination and the threat of violence. While sharing information about one’s HIV status is voluntary, many users may choose to do so in the interest of transparency with potential sexual partners. There is no reason the app maker has to share this critical information with third parties at least not without the informed consent of the users.
Grindr’s chief technology officer, Scott Chen said that Grindr doesn’t sell its user info to third parties. Still, security experts and LGBT advocates told BuzzFeed the app should have been more clear on how it handles the data, especially since it affects an already-vulnerable community that’s often a victim of harassment.
Grindr is popular with gay and bi people in India, where they face persecution from the law (Article 377) and discrimination in society. It is seen as a secure and closed forum, but with if identifiable personal data from the platform is unsecured and is getting shared then it leaves these users vulnerable to being identified against their will.
Journalist and LGBTQ activist Dhrubo Jyoti told Medianama,
“Grindr is used in India by many people in very vulnerable personal situations where their queerness and sexuality can expose them to discrimination, bias and violence privacy and discreetness is the main reason why apps such as these got popular. So the danger of someone finding out you’re gay could be getting fired from a job or thrown out of home worse is sharing HIV status in a country where they are considered diseased and are subject to multiple biases. This is particularly egregious because Grindr made its business selling to vulnerable communities who trusted it”
Hours after the BuzzFeed article was published, Grindr told Axios that it had made a change to stop sharing users’ HIV status. The company’s security chief, Bryce Case, said that he felt Grindr was being “unfairly … singled out” in light of Facebook’s Cambridge Analytica scandal and said that the company’s practices didn’t deviate from the industry norm. At a time when the “industry norm” on privacy is being questioned by users, internet activists and lawmakers it probably not very smart to hide behind that as a defence for your failures.
This was followed by a Tumblr post by the company’s CTO Scott Chen that came across as tone deaf. Chen said “as a company that serves the LGBTQ community, we understand the sensitivities around HIV status disclosure”, but pointed out that Grindr was a “public forum” and “if you choose to include this information in your profile, the information will also become public”. This comes across as a ridiculous statement that passes the buck onto the user. The app may be open to anyone for download but it’s not a leap to expect that information shared on the platform stay visible only to people using that platform.
An editorial on The Guardian nails it by saying, “There could not be a more dramatic illustration of the pervasive nature of the data economy.”