Apr 02, 2018
Just after civil liberties groups unveiled a new "Security Pledge," urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
\u201cJust one more reason why we launched the #SecurityPledge. Only YOU should decide what info tech companies can share about you with third parties: https://t.co/pfVxPl7L6B\nhttps://t.co/QV3aRCTxDE\u201d— @team@fightforthefuture.org on Mastodon (@@team@fightforthefuture.org on Mastodon) 1522690092
BuzzFeedreported on the findings of a Norwegian nonprofit research organization, SINTEF, which showed that the dating and social networking app has supplied two companies that claim to "optimize" applications with users' HIV status, most recent HIV test dates, location, phone, and email information.
Much of the information is sent to the companies, Apptimize and Localytics, in plain text, which experts say leaves it vulnerable to hacking.
"When you combine this with an app like Grindr that is primarily aimed at people who may be at risk--especially depending on the country they live in or depending on how homophobic the local populace is--this is an especially bad practice that can put their user safety at risk," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
Journalist Steven Thrasher wrote on Twitter that the revelation of Grindr's privacy violation could have wide-reaching effects on the app's 3.6 million users.
\u201cCouldn't health insurance companies or employers get these lists to deny jobs/insurance? While it's not legal to fire someone for HIV *for now*, it IS legal in most states to fire/not hire them for being LGBTQ. THIS could be an end-road to not hire an "expensive" person w HIV.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
\u201cThen there's the state. Knowing someone's HIV status could lead to prosecution from an American government, but it could also mean the denial of a visa to any number of governments around the world. \n\nGiven the US obsession w social media to come here, get ready for blowback.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
Critics scoffed at an explanation released by Grindr, which stated, "Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem."
\u201cGrindr is leaking users' GPS locations over plaintext and sharing users' HIV status with companies. Their disappointing response? \n\n"These are standard practices in the mobile app ecosystem." https://t.co/xlVfvrvQp9\u201d— EFF (@EFF) 1522690731
"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin said. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that--which is Grindr--there are three places for that information to potentially become public."
Grindr's actions could cost the company its reputation as a promoter of safe sex and open dialogue about health status between sexual partners.
"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of the AIDS advocacy group ACT UP New York, told BuzzFeed News. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety--that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."
Join Us: News for people demanding a better world
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Just after civil liberties groups unveiled a new "Security Pledge," urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
\u201cJust one more reason why we launched the #SecurityPledge. Only YOU should decide what info tech companies can share about you with third parties: https://t.co/pfVxPl7L6B\nhttps://t.co/QV3aRCTxDE\u201d— @team@fightforthefuture.org on Mastodon (@@team@fightforthefuture.org on Mastodon) 1522690092
BuzzFeedreported on the findings of a Norwegian nonprofit research organization, SINTEF, which showed that the dating and social networking app has supplied two companies that claim to "optimize" applications with users' HIV status, most recent HIV test dates, location, phone, and email information.
Much of the information is sent to the companies, Apptimize and Localytics, in plain text, which experts say leaves it vulnerable to hacking.
"When you combine this with an app like Grindr that is primarily aimed at people who may be at risk--especially depending on the country they live in or depending on how homophobic the local populace is--this is an especially bad practice that can put their user safety at risk," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
Journalist Steven Thrasher wrote on Twitter that the revelation of Grindr's privacy violation could have wide-reaching effects on the app's 3.6 million users.
\u201cCouldn't health insurance companies or employers get these lists to deny jobs/insurance? While it's not legal to fire someone for HIV *for now*, it IS legal in most states to fire/not hire them for being LGBTQ. THIS could be an end-road to not hire an "expensive" person w HIV.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
\u201cThen there's the state. Knowing someone's HIV status could lead to prosecution from an American government, but it could also mean the denial of a visa to any number of governments around the world. \n\nGiven the US obsession w social media to come here, get ready for blowback.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
Critics scoffed at an explanation released by Grindr, which stated, "Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem."
\u201cGrindr is leaking users' GPS locations over plaintext and sharing users' HIV status with companies. Their disappointing response? \n\n"These are standard practices in the mobile app ecosystem." https://t.co/xlVfvrvQp9\u201d— EFF (@EFF) 1522690731
"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin said. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that--which is Grindr--there are three places for that information to potentially become public."
Grindr's actions could cost the company its reputation as a promoter of safe sex and open dialogue about health status between sexual partners.
"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of the AIDS advocacy group ACT UP New York, told BuzzFeed News. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety--that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."
Just after civil liberties groups unveiled a new "Security Pledge," urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
\u201cJust one more reason why we launched the #SecurityPledge. Only YOU should decide what info tech companies can share about you with third parties: https://t.co/pfVxPl7L6B\nhttps://t.co/QV3aRCTxDE\u201d— @team@fightforthefuture.org on Mastodon (@@team@fightforthefuture.org on Mastodon) 1522690092
BuzzFeedreported on the findings of a Norwegian nonprofit research organization, SINTEF, which showed that the dating and social networking app has supplied two companies that claim to "optimize" applications with users' HIV status, most recent HIV test dates, location, phone, and email information.
Much of the information is sent to the companies, Apptimize and Localytics, in plain text, which experts say leaves it vulnerable to hacking.
"When you combine this with an app like Grindr that is primarily aimed at people who may be at risk--especially depending on the country they live in or depending on how homophobic the local populace is--this is an especially bad practice that can put their user safety at risk," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
Journalist Steven Thrasher wrote on Twitter that the revelation of Grindr's privacy violation could have wide-reaching effects on the app's 3.6 million users.
\u201cCouldn't health insurance companies or employers get these lists to deny jobs/insurance? While it's not legal to fire someone for HIV *for now*, it IS legal in most states to fire/not hire them for being LGBTQ. THIS could be an end-road to not hire an "expensive" person w HIV.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
\u201cThen there's the state. Knowing someone's HIV status could lead to prosecution from an American government, but it could also mean the denial of a visa to any number of governments around the world. \n\nGiven the US obsession w social media to come here, get ready for blowback.\u201d— Dr. Thrasher (@Dr. Thrasher) 1522697925
Critics scoffed at an explanation released by Grindr, which stated, "Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem."
\u201cGrindr is leaking users' GPS locations over plaintext and sharing users' HIV status with companies. Their disappointing response? \n\n"These are standard practices in the mobile app ecosystem." https://t.co/xlVfvrvQp9\u201d— EFF (@EFF) 1522690731
"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin said. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that--which is Grindr--there are three places for that information to potentially become public."
Grindr's actions could cost the company its reputation as a promoter of safe sex and open dialogue about health status between sexual partners.
"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of the AIDS advocacy group ACT UP New York, told BuzzFeed News. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety--that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.