Grindr finally apologises after HIV data row
Grindr has finally apologised for sending data about users’ HIV statuses to outside companies.
The gay hook-up app came under the microscope this week after it was revealed that a massive amount of its user data, including users’ HIV status, was shared with two private companies that help “optimise” apps, Localytics and Apptimize.
Cybersecurity experts also alleged that the dating app was sending advertisers its users’ precise GPS position, sexuality, relationship status, ethnicity, phone ID, and even their ‘tribe’ – such as ‘twink’ or ‘daddy’ – in a plaintext format that could be easily hacked and stolen.
Grindr initially refused to apologise for its handling of the issue, insisting that the company would not “admit fault” and that critics were “misunderstanding technology”.
But after a prolonged backlash and calls for a probe over breaches of European data laws, the company finally apologised to users today.
Grindr’s Vice President of Social Impact Jack Harrison-Quintana apologised for the “distress” caused to users in a video.
Jack Harrison-Quintana, our VP of Social Impact and founder of Grindr for Equality, addresses concerns about HIV status information on Grindr and explains how we handle user data. Read our full statement about our HIV status data here: https://t.co/5Rw1id0HJw pic.twitter.com/mydtY4mqNN
— Grindr (@Grindr) April 5, 2018
He said: “I want to start by apologising from everyone here at the Grindr team for all of the distress that we’ve caused over the last 48 hours.
“I know that many of you have questions about what happens to the information you put on your Grindr profile, and I’m going to try and answer some of those questions today.
“I want to say at the outset very clearly that we have never and would never sell any user data, especially HIV information, to advertisers, or anyone else.”
He added: “[Three years ago] one of the things I heard from our users most frequently was that there was a lot of anxiety about bringing up sexual health in conversation, both online and off.
“Users asked for additional ways to communicate about HIV status on the app, so I worked to create options that allow self-reporting of HIV status for any users who wanted to do that.
“Disclosing HIV information on Grindr is and has always been completely optional.
“As I mentioned, Grindr has never, nor would we ever, sell user information, especially about HIV status. The only people who have access to Grindr user information are our trusted contractors, who help us roll out new features and deliver relevant messages to our users.
“They’re well respected companies who take privacy and security as seriously as we do.”
Harrison-Quintana added: “Over the past two days we’ve heard your concerns. Your privacy and trust are very important to us. It’s important to me. That’s why we’re making additional changes to keep this data even more secure.
“From now on, HIV status data will be isolated from the rest of the information we have, so that it’s inaccessible to our most trusted partners who we work with every day.”
Grindr (Photo by Leon Neal/Getty Images)
He added: “I want to apologise again from me and also from the entire Grindr team and also from me for all of the distress we’ve caused over the past two days. We take this very seriously and invite further questions as we work to rebuild your trust.”
However, the video does not address the majority of the concerns about the company’s data practices – or prior security flaws that came to light earlier this year.
Grindr-owned LGBT media platform INTO shied away from critical coverage of data concerns on the app despite lengthy reporting elsewhere in the media.
PinkNews contacted Grindr and INTO with a request for comment about editorial independence and whether the website avoided negative stories about Grindr. Neither had responded by the time of publication.
After publication Zach Stafford, editor in chief of INTO, told PinkNews: “INTO isn’t coordinated with Grindr and has its own editorial license. The news, video and content of INTO is not representative of the opinions of Grindr.”
(Photo by Leon Neal/Getty Images)
The Norwegian Consumer Council recently filed a complaint against the app “for breaching data protection law”, adding: “The Consumer Council find it disconcerting that users of the Grindr service are at risk of losing control over personal data regarding their sexual preferences and HIV-status.”
The body also queried Grindr’s claims that data relating to European users was in fact subject to US law, which includes much weaker protections.
The user data controversy is the latest Grindr security flaw to be exposed in the past month after it emerged that Grindr had a loophole which enabled Grindr users to find out who had blocked them.
Those security flaws were discovered by Trevor Faden, who created C*ckblocked, a website which allowed users to simply see the list that was buried with little protection in the app’s coding.
He later revealed that the C*ckblocked experiment had exposed another flaw.
After users had signed into the service with their Grindr account details, Faden was able to access a large amount of private data from their accounts – including unread messages, deleted photos and exact user location data, even from accounts that had opted not to share their exact location.
The breaches have led to fears that the app could be open to exploitation by security services around the world.
Security experts have already raised concerns that Grindr’s data could be accessed by the Chinese government after a Chinese tech giant completed a full buyout of the app in January this year.
Peter Mattis, a former U.S. government intelligence analyst and China fellow at the Jamestown Foundation, told the Washington Post: “What you can see from Chinese intelligence practices is a clear effort to collect a lot of personal information on a lot of different people [in the West], and to build a database of names that’s potentially useful either for influence or for intelligence.
“Then later, when the party-state comes into contact with someone in the database, there’s now information to be pulled.”
He added that Chinese companies often face pressure to pass over data to the government for “public security” reasons, and that the acquisition of US tech companies opens the door to control by Beijing.
