Grindr has been sharing 3.6 million daily active users' HIV statues along with other highly sensitive information with at least two outside companies. According to reports they have been sending this information to Applimize and Localytics; the information being shared was personal information (including your HIV status), along with your last tested dates.
The information was send with you GPS's data, email and phone ID; this was uncovered by Antoine Pultier a researcher at the nonprofit SINTF. “The HIV status is linked to all the other information. That’s the main issue,” Pultier told BuzzFeed News. “I think this is the incompetence of some developers that just send everything, including HIV status.” James Krellenstein, a member of ACT UP New York, calls the whole thing “an extremely, extremely egregious breach of basic standards.” Further more “Grindr is a relatively unique place for openness about HIV status,” he says. “To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety–that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”
But wait it gets better; Grindr has also been sharing your "tribes", sexualities, ethnicties, and relationship statues to third-party advertising companies. To make matters worse the information was send via "plain text" that can easily be hacked.
“When you combine this with an app like Grindr that is primarily aimed at people who may be at risk–especially depending on the country they live in or depending on how homophobic the local populace is–this is an especially bad practice that can put their user safety at risk,” Cooper Quintin, a senior staff technologist and security researcher at the Electronic Frontier Foundation, says.
Grindr released a statement stating that the reason they are sharing your health information is to improve their app. “No Grindr user information is sold to third parties,” the company says. “We pay these software vendors to utilize their services.”
The fact that Grindr is selling the information is a issue, but they are making the information available to third party companies that is a major issue. “Even if Grindr has a good contract with the third parties saying they can’t do anything with that info,” he says, “that’s still another place that that highly sensitive health information is located.” Quintin stated, and a bigger issue is “If somebody with malicious intent wanted to get that information, now instead of there being one place for that–which is Grindr–there are three places for that information to potentially become public.”
STILL WANT TO USE GRINDR?