Dating app Grindr has changed a controversial practice.
On Monday, news siteBuzzFeed published a report claiming that queer dating app Grindr had been sharing the HIV statuses that users had disclosed on their profiles, along with other information like email addresses, to two other companies. Grindr used the companies Apptimize and Localytics as app optimization services. (Disclosure: Grindr is INTO’s parent company.)
In a statement to the Los Angeles Times, Grindr’s chief technology officer Scott Chen said, “This information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users’ privacy from disclosure.”
According to BuzzFeed, a researcher, Antoine Pultier, at Norwegian nonprofit SINTEF first identified the issue. Pultier said the “main issue” was that the HIV status was linked to other information.
“I think this is the incompetence of some developers that just send everything, including HIV status,” Pultier said.
James Krellenstein, a member of ACT UP New York, called Grindr’s previous practices “an egregious breach of basic standards” to BuzzFeed.
SINTEF’s analysis also showed that some data, including GPS position, sexuality, ethnicity, and phone ID, but not the HIV-status data, was shared via “plain text,” which can easily be hacked.
“It allows anybody who is running the network or who can monitor the network such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government to see what your location is,” Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, said to BuzzFeed.
On Monday evening, in an exclusive interview with news site Axios, Grindr said that it would stop sharing HIV status information with third parties.
In the interview with Axios, Grindr security chief Bryce Case said that Grindr had been “unfairly” singled out in the current news cycle about data security.
“It’s conflating an issue and trying to put us in the same camp where we really don’t belong,” Case said.
According to a follow-up BuzzFeed article, Grindr will cease sharing HIV status with third parties in the app’s next update.
Case told BuzzFeed that the data was shared with Apptimize as part of the rollout of its new opt-in feature that would remind users to get tested for HIV. According to BuzzFeed, Grindr stopped sharing the information once the feature had rolled out. Case shared that the second company, Localytics, is a software program for internal use only. Case said he would “not admit fault” regarding that data.
Case did not say whether the data shared with Localytics would be retroactively deleted.
Quintin told BuzzFeed that there was “no reason” for Grindr to share data with these companies in the first place. “Grindr should be taking extra steps to secure this sort of very personal data,” he said.