Tech

Grindr is reportedly sharing users’ HIV status with third parties

Experts fear data-sharing could lead to users being outed.

Photo of Ana Valens

Ana Valens

A new report from BuzzFeed News reveals Grindr is sharing users' HIV status.

Users who include their HIV status in their Grindr profile may not have control of who sees their diagnosis outside the platform.

Featured Video

BuzzFeed News reports that Grindr has been sharing data on its users’ HIV status and testing date with two companies, Apptimize and Localytics. The former helps improve users’ experiences while using apps, while the latter is primarily engaged in app optimization and analytics overviews.

Antoine Pultier, a researcher with Norwegian independent research company SINTEF, warns data on users’ HIV testing date and status are sent together alongside other identifying information, such as a user’s GPS location and email. That means HIV-positive users on Grindr could be identified and outed in a potential data breach.

“The HIV status is linked to all the other information. That’s the main issue,” Pultier said to BuzzFeed News. “I think this is the incompetence of some developers that just send everything, including HIV status.”

Advertisement

https://twitter.com/__keating/status/980836591659831301

https://twitter.com/__keating/status/980839055591174145

https://twitter.com/azeen/status/980837432986923008

A report from SINTEF published on GitHub, which was later verified by BuzzFeed News, further identifies privacy concerns found throughout the service. While the study claims that a user’s HIV status and testing date are securely sent via HTTPS to Apptimize and Localytics, SINTEF reportedly found users’ gender, GPS location, age, Phone ID, Advertising ID, and various other identifying details are sent off to third-parties under “unsafe HTTP and HTTPS.” This means some data is sent to third-party companies under plain text, BuzzFeed News reports, which is much easier to obtain and read due to its unencrypted nature.

Advertisement

“It allows anybody who is running the network or who can monitor the network—such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government—to see what your location is,” Electronic Frontier Foundation’s Cooper Quintin told BuzzFeed News.

LGBTQ activists, meanwhile, are outraged by Grindr’s handle on users’ profile information. A potential data breach means users could be individually identified based on any information they gave to Grindr, and with multiple companies owning details on users’ profiles, that means there’s a higher risk for Grindr users to end up being identified without their consent.

“Grindr is a relatively unique place for openness about HIV status,” James Krellenstein of AIDS advocacy group ACT UP told BuzzFeed News. “To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety—that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”

Advertisement

Advertisement

Advertisement

Advertisement

Like Krellenstein, some are particularly upset because Grindr was designed by and for the queer community. It’s not like Elon Musk was running a gay dating app; gay users trusted their own to manage data properly.

Advertisement

Advertisement

https://twitter.com/yakionline/status/980844399063072768

The news follows Grindr rolling out an HIV testing reminder designed to hook up its users with nearby facilities to check their status. But with the dating app reportedly sharing users’ data with other companies, privacy concerns may lead users to pass on the opportunity.

Read the full BuzzFeed News report here, and look through SINTEF’s report here.

Advertisement

Update 8:22pm CT, April 2: Grindr has said it’s no longer sharing users’ HIV status with third-party vendors, Axios reported Monday. Security chief Bryce Case emphasized that users’ most sensitive information was encrypted and not shared with advertisers, but that when users share information on their profile, it becomes publicly available.

“I understand the news cycle right now is very focused on these issues,” Case said. “I think what’s happened to Grindr is, unfairly, we’ve been singled out.”
 
The Daily Dot