Hot on the heels of last week’s security issues, dating app Grindr is under fire again for inappropriate sharing of HIV status with advertisers and inadequate security on other personal data transmission. It’s not a good look for a company that says privacy is paramount.
Norwegian research outfit SINTEF analyzed the app’s traffic and found that HIV status, which users can choose to include in their profile, is included in packets sent to Apptimize and Localytics. Users are not informed that this data is being sent.
That said, it’s a rather serious breach of trust that something as private as HIV status is being shared in this way, even if it isn’t being done with any kind of ill intentions. The laxity with which this extremely important and private information is handled undermines the message of care and consent that Grindr is careful to cultivate.
Perhaps more serious from a systematic standpoint, however, is the unencrypted transmission of a great deal of sensitive data.
The SINTEF researchers found that precise GPS position, gender, age, “tribe” (e.g. bear, daddy), intention (e.g. friends, relationship), ethnicity, relationship status, language and device characteristics are sent over HTTP to a variety of advertising companies.
Not only is this extremely poor security practice, but Grindr appears to have been caught in a lie. The company told me last week when news of another security issue arose that “all information transmitted between a user’s device and our servers is encrypted and communicated in a way that does not reveal your specific location to unknown third parties.”
At the time I asked them about accusations that the app sent some data unencrypted; I never heard back. Fortunately for users, though unfortunately for Grindr, my question was answered by an independent body, and the above statement is evidently false.
It would be one thing to merely share this data with advertisers and other third parties — although it isn’t something many users would choose, presumably they at least consent to it as part of signing up.
But to send this information in the clear presents a material danger to the many gay people around the world who cannot openly identify as such. The details sent unencrypted are potentially enough to identify someone in, say, a coffee shop — and anyone in that coffee shop with a bit of technical knowledge could be monitoring for exactly those details. Identifying incriminating traffic in logs also could be done at the behest of one of the many governments that have outlawed homosexuality.
I’ve reached out to Grindr for comment and expect a statement soon; I’ll update this post as soon as I receive it.