According to extrapolated data from a research analysis, it has been revealed that Grindr is sharing your HIV status (among other sensitive data) with two other independent companies. This news has been independently verified by BuzzFeed News and confirmed by cybersecurity experts who analyzed data captured by the Norwegian nonprofit SINTEF.
Apptimize and Localyptics, the two companies in question, seek to help other mobile companies including Grindr optimize their apps. It’s been confirmed they receive private and personal information from Grindr profiles such as HIV statuses, “last tested dates,” and more.
According to Antoine Pultier, a researcher at SINTEF, the nonprofit that first identified the data breach, specific users and their HIV status could be identified because HIV information is sent together with other user data such as GPS location, phone ID, and email. Pultier specified that the HIV data on Grindr is linked with other information and it may be due to incompetence from some developers that happened to send along all information including private and personal data.
The app, which offers free ads for HIV-testing sites and debuted an optional feature that would remind users to get tested every few months, is now being called into question for how seriously it takes its users data.
SINTEF’s analysis also showed that Grindr was sharing additional user information like their precise GPS position, “Tribe” (meaning what gay subculture they identify with), sexuality, relationship status, ethnicity, and phone ID to other data collectors and advertising agencies. Some of which was sometimes shared via “plain text,” which can be easily hacked from outside sources.
“It allows anybody who is running the network or who can monitor the network – such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government – to see what your location is,” Cooper Quintin, a senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
“When you combine this with an app like Grindr that is primarily aimed at people who may be at risk – especially depending on the country they live in or depending on how homophobic the local populace is – this is an especially bad practice that can put their user safety at risk,” Quintin added.
Under the app’s HIV status category, users can select from a variety of statuses, which include whether the user is positive, positive and on HIV treatment, negative or negative and on PrEP. The app also links to a sexual health FAQ about HIV and how to get PrEP in your local area.
Following the disclosure of HIV status, questions are now being raised about Grindr’s privacy policy, which states:
“You may also have the option to provide information concerning health characteristics, such as your HIV status, or Last Tested Date. Remember that if you choose to include information in your profile, and make your profile public, that information will also become public.”
However, despite this, the average person may not comprehend or fully consider what they’ve agreed to when signing up. A few experts are now arguing that Grindr should be more specific in its user agreements about how its using their data.
“What the law regards as informed consent is in almost all instances uninformed consent,” Ben Wizner, director of the ACLU Speech, Privacy, and Technology Project, told BuzzFeed News. “I hope that one small silver lining here will be that users and citizens will realize that there are enormous loopholes in the privacy regime and that personal information is bought and sold freely on a global market.”
h/t: BuzzFeed