SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
Reports show that Grindr, the popular gay social networking app, has been sharing its users' HIV status with third party "optimization" companies. (Photo: Amanda Hinault/Flickr/cc)
In 'Egregious Breach' of Privacy, Popular App Grindr Supplies Third Parties with Users' HIV Status
Reports illustrate the need for a "Security Pledge" signed by tech companies, say critics
Apr 02, 2018
Just after civil liberties groups unveiled a new "Security Pledge," urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
\u201cJust one more reason why we launched the #SecurityPledge. Only YOU should decide what info tech companies can share about you with third parties: https://t.co/pfVxPl7L6B\nhttps://t.co/QV3aRCTxDE\u201d— @team@fightforthefuture.org on Mastodon (@@team@fightforthefuture.org on Mastodon) 1522690092
BuzzFeed reported on the findings of a Norwegian nonprofit research organization, SINTEF, which showed that the dating and social networking app has supplied two companies that claim to "optimize" applications with users' HIV status, most recent HIV test dates, location, phone, and email information.
Much of the information is sent to the companies, Apptimize and Localytics, in plain text, which experts say leaves it vulnerable to hacking.
"When you combine this with an app like Grindr that is primarily aimed at people who may be at risk--especially depending on the country they live in or depending on how homophobic the local populace is--this is an especially bad practice that can put their user safety at risk," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
Journalist Steven Thrasher wrote on Twitter that the revelation of Grindr's privacy violation could have wide-reaching effects on the app's 3.6 million users.
\u201cCouldn't health insurance companies or employers get these lists to deny jobs/insurance? While it's not legal to fire someone for HIV *for now*, it IS legal in most states to fire/not hire them for being LGBTQ. THIS could be an end-road to not hire an "expensive" person w HIV.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
\u201cThen there's the state. Knowing someone's HIV status could lead to prosecution from an American government, but it could also mean the denial of a visa to any number of governments around the world. \n\nGiven the US obsession w social media to come here, get ready for blowback.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
Critics scoffed at an explanation released by Grindr, which stated, "Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem."
\u201cGrindr is leaking users' GPS locations over plaintext and sharing users' HIV status with companies. Their disappointing response? \n\n"These are standard practices in the mobile app ecosystem." https://t.co/xlVfvrvQp9\u201d— EFF (@EFF) 1522690731
"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin said. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that--which is Grindr--there are three places for that information to potentially become public."
Grindr's actions could cost the company its reputation as a promoter of safe sex and open dialogue about health status between sexual partners.
"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of the AIDS advocacy group ACT UP New York, told BuzzFeed News. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety--that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, The U.S. is on a fast track to authoritarianism like nothing I've ever seen. Meanwhile, corporate news outlets are utterly capitulating to Trump, twisting their coverage to avoid drawing his ire while lining up to stuff cash in his pockets. That's why I believe that Common Dreams is doing the best and most consequential reporting that we've ever done. Our small but mighty team is a progressive reporting powerhouse, covering the news every day that the corporate media never will. Our mission has always been simple: To inform. To inspire. And to ignite change for the common good. Now here's the key piece that I want all our readers to understand: None of this would be possible without your financial support. That's not just some fundraising cliche. It's the absolute and literal truth. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. Will you donate now to help power the nonprofit, independent reporting of Common Dreams? Thank you for being a vital member of our community. Together, we can keep independent journalism alive when it’s needed most. - Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Just after civil liberties groups unveiled a new "Security Pledge," urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
\u201cJust one more reason why we launched the #SecurityPledge. Only YOU should decide what info tech companies can share about you with third parties: https://t.co/pfVxPl7L6B\nhttps://t.co/QV3aRCTxDE\u201d— @team@fightforthefuture.org on Mastodon (@@team@fightforthefuture.org on Mastodon) 1522690092
BuzzFeed reported on the findings of a Norwegian nonprofit research organization, SINTEF, which showed that the dating and social networking app has supplied two companies that claim to "optimize" applications with users' HIV status, most recent HIV test dates, location, phone, and email information.
Much of the information is sent to the companies, Apptimize and Localytics, in plain text, which experts say leaves it vulnerable to hacking.
"When you combine this with an app like Grindr that is primarily aimed at people who may be at risk--especially depending on the country they live in or depending on how homophobic the local populace is--this is an especially bad practice that can put their user safety at risk," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
Journalist Steven Thrasher wrote on Twitter that the revelation of Grindr's privacy violation could have wide-reaching effects on the app's 3.6 million users.
\u201cCouldn't health insurance companies or employers get these lists to deny jobs/insurance? While it's not legal to fire someone for HIV *for now*, it IS legal in most states to fire/not hire them for being LGBTQ. THIS could be an end-road to not hire an "expensive" person w HIV.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
\u201cThen there's the state. Knowing someone's HIV status could lead to prosecution from an American government, but it could also mean the denial of a visa to any number of governments around the world. \n\nGiven the US obsession w social media to come here, get ready for blowback.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
Critics scoffed at an explanation released by Grindr, which stated, "Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem."
\u201cGrindr is leaking users' GPS locations over plaintext and sharing users' HIV status with companies. Their disappointing response? \n\n"These are standard practices in the mobile app ecosystem." https://t.co/xlVfvrvQp9\u201d— EFF (@EFF) 1522690731
"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin said. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that--which is Grindr--there are three places for that information to potentially become public."
Grindr's actions could cost the company its reputation as a promoter of safe sex and open dialogue about health status between sexual partners.
"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of the AIDS advocacy group ACT UP New York, told BuzzFeed News. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety--that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."
Just after civil liberties groups unveiled a new "Security Pledge," urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
\u201cJust one more reason why we launched the #SecurityPledge. Only YOU should decide what info tech companies can share about you with third parties: https://t.co/pfVxPl7L6B\nhttps://t.co/QV3aRCTxDE\u201d— @team@fightforthefuture.org on Mastodon (@@team@fightforthefuture.org on Mastodon) 1522690092
BuzzFeed reported on the findings of a Norwegian nonprofit research organization, SINTEF, which showed that the dating and social networking app has supplied two companies that claim to "optimize" applications with users' HIV status, most recent HIV test dates, location, phone, and email information.
Much of the information is sent to the companies, Apptimize and Localytics, in plain text, which experts say leaves it vulnerable to hacking.
"When you combine this with an app like Grindr that is primarily aimed at people who may be at risk--especially depending on the country they live in or depending on how homophobic the local populace is--this is an especially bad practice that can put their user safety at risk," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
Journalist Steven Thrasher wrote on Twitter that the revelation of Grindr's privacy violation could have wide-reaching effects on the app's 3.6 million users.
\u201cCouldn't health insurance companies or employers get these lists to deny jobs/insurance? While it's not legal to fire someone for HIV *for now*, it IS legal in most states to fire/not hire them for being LGBTQ. THIS could be an end-road to not hire an "expensive" person w HIV.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
\u201cThen there's the state. Knowing someone's HIV status could lead to prosecution from an American government, but it could also mean the denial of a visa to any number of governments around the world. \n\nGiven the US obsession w social media to come here, get ready for blowback.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
Critics scoffed at an explanation released by Grindr, which stated, "Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem."
\u201cGrindr is leaking users' GPS locations over plaintext and sharing users' HIV status with companies. Their disappointing response? \n\n"These are standard practices in the mobile app ecosystem." https://t.co/xlVfvrvQp9\u201d— EFF (@EFF) 1522690731
"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin said. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that--which is Grindr--there are three places for that information to potentially become public."
Grindr's actions could cost the company its reputation as a promoter of safe sex and open dialogue about health status between sexual partners.
"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of the AIDS advocacy group ACT UP New York, told BuzzFeed News. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety--that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.