Grindr: Yeah, we shared your HIV status info with other companies – but we didn't charge them!

Coitus collaboration code claims – THE TRUTH


Hookup fixer Grindr is on the defensive after it shared sensitive information, including HIV status and physical location, of its app's users with outside organizations.

The quickie booking facilitator on Monday admitted it passed, via HTTPS, people's public profiles to third-party analytics companies to process on its behalf. That means, yes, the information was handed over in bulk, but, hey, at least it didn't sell it!

"Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers," CTO Scott Chen said in a statement.

Rather than apologize, Grindr said its punters should have known better than to give it any details they didn't want passed around to other companies. On the one hand, the data was scraped from the application's public profiles, so, well, maybe people ought to calm down. It was all public anyway. On the other hand, perhaps people didn't expect it to be handed over for analysis en masse.

"It’s important to remember that Grindr is a public forum," Chen said. "We give users the option to post information about themselves including HIV status and last test date, and we make it clear in our privacy policy that if you choose to include this information in your profile, the information will also become public."

This statement is in response to last week's disclosure by security researchers on the ways the Grindr app shares user information with third-party advertisers and partners. Among the information found to be passed around by Grindr was the user's HIV status, something Grindr allows members to list in their profiles.

The HIV status, along with last test date, sexual position preference, and GPS location were among the pieces of info Grindr shared via encrypted network connections with analytics companies Localytics and Apptimize.

The revelation drew sharp criticism of Grindr, with many slamming the upstart for sharing what many consider to be highly sensitive personal information with third-parties along with GPS coordinates.

Grindr rolled out the option to list HIV status in profiles last year with the intention of allowing punters to clearly warn others of their condition.

"We’ve talked to countless experts, including activists, public health professionals, and individual Grindr users from all walks of life, to understand whether and how to make this change. What stood out the most from these discussions is just how often we heard about the intense anxieties users had about bringing up sexual health when they were chatting on the app," Grindr said at the time.

"Professionals and users alike asked us for more ways to exchange information about things like HIV status, viral load, and PrEP use. For some, this might be the only way they connect with potential partners on the subject, and for others, it could spark a longer conversation."

Apparently, Grindr also used the information as part of its conversation with the two companies that handle its app analytics. Now, Grindr says that if its users didn't want that information to be handed out to outside companies, they should not have put it on their profile in the first place, claiming "it is up to each user to determine what, if anything, to share about themselves in their profile."

Similarly, Localytics says it only collects and stores information that users want it to have:

"Under no circumstances does Localytics automatically collect a user's personal information, nor do we require personal information in order for our customers to get the benefits from using our platform," Localytics product VP Bryan Dunn said in a statement to The Register.

"It is up to each customer to determine what information they send to Localytics, and Localytics processes that data solely for the customer’s use."

So, here's your daily reminder that anything you put online – especially publicly online – can be automatically filed, stamped, indexed, and numbered by ad networks, analytics outfits, search engines, government snoops, social networks, and so on. ®


Keep Reading

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021