Hookup fixer Grindr is on the defensive after it shared sensitive information, including HIV status and physical location, of its app's users with outside organizations.
The quickie booking facilitator on Monday admitted it passed, via HTTPS, people's public profiles to third-party analytics companies to process on its behalf. That means, yes, the information was handed over in bulk, but, hey, at least it didn't sell it!
"Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers," CTO Scott Chen said in a statement.
Rather than apologize, Grindr said its punters should have known better than to give it any details they didn't want passed around to other companies. On the one hand, the data was scraped from the application's public profiles, so, well, maybe people ought to calm down. It was all public anyway. On the other hand, perhaps people didn't expect it to be handed over for analysis en masse.
This statement is in response to last week's disclosure by security researchers on the ways the Grindr app shares user information with third-party advertisers and partners. Among the information found to be passed around by Grindr was the user's HIV status, something Grindr allows members to list in their profiles.
The HIV status, along with last test date, sexual position preference, and GPS location were among the pieces of info Grindr shared via encrypted network connections with analytics companies Localytics and Apptimize.
The revelation drew sharp criticism of Grindr, with many slamming the upstart for sharing what many consider to be highly sensitive personal information with third-parties along with GPS coordinates.
Hi, just because your online users share their HIV status publicly does not give @Grindr the right to pass that information to third parties without people's consent. Is this clearly stated somewhere for potential online users to read through before they make a decision to join?— Shaz Islam (@ShaziaIslam) April 2, 2018
A sloppy and defensive response to a blatant gross violation of privacy. Shameful and unacceptable. Is this what we can continue to expect now that you are owned by a company based in China?— Danny (@djw4444) April 2, 2018
Grindr rolled out the option to list HIV status in profiles last year with the intention of allowing punters to clearly warn others of their condition.
"We’ve talked to countless experts, including activists, public health professionals, and individual Grindr users from all walks of life, to understand whether and how to make this change. What stood out the most from these discussions is just how often we heard about the intense anxieties users had about bringing up sexual health when they were chatting on the app," Grindr said at the time.
"Professionals and users alike asked us for more ways to exchange information about things like HIV status, viral load, and PrEP use. For some, this might be the only way they connect with potential partners on the subject, and for others, it could spark a longer conversation."
Apparently, Grindr also used the information as part of its conversation with the two companies that handle its app analytics. Now, Grindr says that if its users didn't want that information to be handed out to outside companies, they should not have put it on their profile in the first place, claiming "it is up to each user to determine what, if anything, to share about themselves in their profile."
Similarly, Localytics says it only collects and stores information that users want it to have:
"Under no circumstances does Localytics automatically collect a user's personal information, nor do we require personal information in order for our customers to get the benefits from using our platform," Localytics product VP Bryan Dunn said in a statement to The Register.
"It is up to each customer to determine what information they send to Localytics, and Localytics processes that data solely for the customer’s use."
So, here's your daily reminder that anything you put online – especially publicly online – can be automatically filed, stamped, indexed, and numbered by ad networks, analytics outfits, search engines, government snoops, social networks, and so on. ®