Reports show that Grindr, the popular gay social networking app, has been sharing its users' HIV status with third party "optimization" companies. (Photo: Amanda Hinault/Flickr/cc)
In 'Egregious Breach' of Privacy, Popular App Grindr Supplies Third Parties with Users' HIV Status
Reports illustrate the need for a "Security Pledge" signed by tech companies, say critics
Just after civil liberties groups unveiled a new "Security Pledge," urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
BuzzFeed reported on the findings of a Norwegian nonprofit research organization, SINTEF, which showed that the dating and social networking app has supplied two companies that claim to "optimize" applications with users' HIV status, most recent HIV test dates, location, phone, and email information.
Much of the information is sent to the companies, Apptimize and Localytics, in plain text, which experts say leaves it vulnerable to hacking.
"When you combine this with an app like Grindr that is primarily aimed at people who may be at risk--especially depending on the country they live in or depending on how homophobic the local populace is--this is an especially bad practice that can put their user safety at risk," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
Journalist Steven Thrasher wrote on Twitter that the revelation of Grindr's privacy violation could have wide-reaching effects on the app's 3.6 million users.
Critics scoffed at an explanation released by Grindr, which stated, "Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem."
"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin said. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that--which is Grindr--there are three places for that information to potentially become public."
Grindr's actions could cost the company its reputation as a promoter of safe sex and open dialogue about health status between sexual partners.
"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of the AIDS advocacy group ACT UP New York, told BuzzFeed News. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety--that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."
Urgent. It's never been this bad.
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission from the outset was simple. To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It’s never been this bad out there. And it’s never been this hard to keep us going. At the very moment Common Dreams is most needed and doing some of its best and most important work, the threats we face are intensifying. Right now, with just three days to go in our Spring Campaign, we're falling short of our make-or-break goal. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Can you make a gift right now to make sure Common Dreams not only survives but thrives? There is no backup plan or rainy day fund. There is only you. —Craig Brown, Co-founder |
Just after civil liberties groups unveiled a new "Security Pledge," urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
BuzzFeed reported on the findings of a Norwegian nonprofit research organization, SINTEF, which showed that the dating and social networking app has supplied two companies that claim to "optimize" applications with users' HIV status, most recent HIV test dates, location, phone, and email information.
Much of the information is sent to the companies, Apptimize and Localytics, in plain text, which experts say leaves it vulnerable to hacking.
"When you combine this with an app like Grindr that is primarily aimed at people who may be at risk--especially depending on the country they live in or depending on how homophobic the local populace is--this is an especially bad practice that can put their user safety at risk," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
Journalist Steven Thrasher wrote on Twitter that the revelation of Grindr's privacy violation could have wide-reaching effects on the app's 3.6 million users.
Critics scoffed at an explanation released by Grindr, which stated, "Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem."
"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin said. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that--which is Grindr--there are three places for that information to potentially become public."
Grindr's actions could cost the company its reputation as a promoter of safe sex and open dialogue about health status between sexual partners.
"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of the AIDS advocacy group ACT UP New York, told BuzzFeed News. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety--that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."
Just after civil liberties groups unveiled a new "Security Pledge," urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
BuzzFeed reported on the findings of a Norwegian nonprofit research organization, SINTEF, which showed that the dating and social networking app has supplied two companies that claim to "optimize" applications with users' HIV status, most recent HIV test dates, location, phone, and email information.
Much of the information is sent to the companies, Apptimize and Localytics, in plain text, which experts say leaves it vulnerable to hacking.
"When you combine this with an app like Grindr that is primarily aimed at people who may be at risk--especially depending on the country they live in or depending on how homophobic the local populace is--this is an especially bad practice that can put their user safety at risk," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
Journalist Steven Thrasher wrote on Twitter that the revelation of Grindr's privacy violation could have wide-reaching effects on the app's 3.6 million users.
Critics scoffed at an explanation released by Grindr, which stated, "Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem."
"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin said. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that--which is Grindr--there are three places for that information to potentially become public."
Grindr's actions could cost the company its reputation as a promoter of safe sex and open dialogue about health status between sexual partners.
"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of the AIDS advocacy group ACT UP New York, told BuzzFeed News. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety--that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."