Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security Software

Gay Dating App Grindr Is Letting Other Companies See User HIV Status, Location Data (buzzfeed.com) 132

An anonymous reader quotes a report from BuzzFeed: The gay hookup app Grindr, which has more than 3.6 million daily active users across the world, has been providing its users' HIV status to two other companies, BuzzFeed News has learned. The two companies -- Apptimize and Localytics, which help optimize apps -- receive some of the information that Grindr users choose to include in their profiles, including their HIV status and "last tested date." Because the HIV information is sent together with users' GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the issue.

Grindr was founded in 2009 and has been increasingly branding itself as the go-to app for healthy hookups and gay cultural content. In December, the company launched an online magazine dedicated to cultural issues in the queer community. The app offers free ads for HIV-testing sites, and last week, it debuted an optional feature that would remind users to get tested for HIV every three to six months. But the new analysis, confirmed by cybersecurity experts who analyzed SINTEF's data and independently verified by BuzzFeed News, calls into question how seriously the company takes its users' privacy. SINTEF's analysis also showed that Grindr was sharing its users' precise GPS position, "tribe" (meaning what gay subculture they identify with), sexuality, relationship status, ethnicity, and phone ID to other third-party advertising companies. And this information, unlike the HIV data, was sometimes shared via "plain text," which can be easily hacked.

This discussion has been archived. No new comments can be posted.

Gay Dating App Grindr Is Letting Other Companies See User HIV Status, Location Data

Comments Filter:
  • by Anonymous Coward
    First rule of Grindr: What happens in Grindr, stays in Grindr
    Second rule of Grindr: Never tell the truth about your HIV status
  • by iamhassi ( 659463 ) on Monday April 02, 2018 @07:15PM (#56369999) Journal
    Anyone else find it funny when it said plain text can be easily hacked. Author apparently doesn't understand plain text doesn't need to be hacked, it's already plain text
    • I guess anyone that can read is a hacker now, a hacker of "plain text" lol
    • by SeaFox ( 739806 )

      Author apparently doesn't understand plain text doesn't need to be hacked, it's already plain text

      You have to be literate to understand plain text. I guess that's a skill that even befuddles internet "journalists" now.

      ---
      Brought to you by BRAWNDO. The thirst mutilator!

    • by madbrain ( 11432 )

      You still need to tap to intercept the plaintext traffic somewhere.

    • by nzkbuk ( 773506 )
      Author, You mean BuzzFeed !
      I don't find it surprising at all that they haven't got about encryption or hacking. Most content from BuzzFeed is along the lines of more keyboards with more windows open is how you hack stuff. Many consider the average trashy glossy mags to be more reputable.
  • I wasn't aware that apps, or programs, or code in general had sexual preferences. I think they mean the Grindr app used by homosexuals is making data that ignorant people have inappropriately shared available to others which seems like a case of you get what you deserve for over sharing...

    • by Gojira Shipi-Taro ( 465802 ) on Monday April 02, 2018 @07:37PM (#56370115) Homepage

      Except that Medical Data generally has a higher standard of privacy (HIPPA) which Grindr may well be in violation of. If you're in possession of that data, and you're not the individual to which it applies, you're probably going to have a big problem if you're giving it out freely. In the US for HIPPA, and I'm certain that the EU has even more strict rules.

      • by Anonymous Coward

        Disclaimer - I believe Grindr sharing this data, and other data is bad. And other sites sharing unknown types and amounts of data without the individuals knowledge is bad. BUT - the person chose to disclose this information to a third party in a non-medical setting. If the same person got up on a bar stool and told the whole bar they were HIV positive, everyone in the bar would NOT magically be bound by HIPAA to keep their secret... Don't disclose private information to untrusted entities.

      • by Archfeld ( 6757 ) <treboreel@live.com> on Monday April 02, 2018 @10:52PM (#56370855) Journal

        HIPPA applies only to doctors, dentists or pharmacists, as well as healthcare insurance companies, but NOT life insurance companies. If you choose to share your medical data with a cab driver or your barber they are not bound by the strictures of the law. The law does include some 3rd party entities to which you are referred such as companies that make orthopedics and the like.

    • I wasn't aware that apps, or programs, or code in general had sexual preferences. I think they mean the Grindr app used by homosexuals

      It's an app intended for gay dating, "Gay Dating App Grinder" is a perfect way to describe it.

      "Grindr app used by homosexuals" is both awkward to say and could just as well describe an app for grinding spices that happens to be popular among homosexuals.

      is making data that ignorant people have inappropriately shared available to others which seems like a case of you get what you deserve for over sharing...

      "Inappropriately shared"? We're talking about HIV status on a dating/hookup app. It's information that can literally saves lives.

      • by Archfeld ( 6757 )

        I agree that sharing such information with someone you might potentially be in a physical relationship is wise and should occur, but giving that info to a 3rd party intermediary prior to even establishing a relationship seems a bit umm, reckless ? foolish ?

        • by madbrain ( 11432 ) on Tuesday April 03, 2018 @02:51AM (#56371359) Homepage Journal

          It makes complete sense, IMO. Maybe a positive person only wants to hookup with another positive person, to avoid uncomfortable conversations that lead nowhere.
          Of course, conversely, a lot of misguided negatives will filter out based on HIV status, not understanding that sero-sorting does not work for "negatives". Most people on the site who claim to be negatives haven't had a recent HIV test. Even the most sensitive HIV tests still have a 2 week window period of false negative. The most common and cheaper antibody tests have a 3 months window period for false negatives.

          • Maybe a positive person only wants to hookup with another positive person

            Unfortunately, while the logic undelying this decision is usually "it doesn't make any difference if we're both already infected", things don't actually work like that and you risk HIV superinfection. [wikipedia.org]

            • by madbrain ( 11432 )

              Yes, it really does work like that. HIV superinfection is not a real concern once one is undetectable. Contacting another strain while on HAART is almost impossible. This is because the strains that are resistant to some meds are also not very "fit" as explained by my doctor.

              If you are positive but not on treatment, yes, there is more of a risk that you could contract multiple strains.

      • by Cederic ( 9623 )

        It's an app intended for gay dating, "Gay Dating App Grinder" is a perfect way to describe it.

        It's also helpful for people like me that don't use Tindr or Grindr and always mix the two of them up.

        Which leads to some interesting misunderstandings when others discuss them.

    • The sexual orientation of an app is none of your business and please quit staring at its package.

  • Who gave it that name? That's a horrible name. It would be like naming a family horse trail vacation company "rash.com".

    • Perhaps, but R Kelly- who isn't homosexual as far as I'm aware (#)- used almost the same term in the name of a song [wikipedia.org] almost 25 years ago, and it didn't stop *that* from becoming a hit.

      (#) He's apparently more into the wholesome heterosexual act of urinating in the mouths of underage girls [spin.com]. (Link goes to music website article entitled "R. Kelly’s Alleged Sex Crimes Are Still Horrific 13 Years Later " in case you're wondering whether it's okay to click).
  • by VeryFluffyBunny ( 5037285 ) on Monday April 02, 2018 @09:03PM (#56370497)

    Number one rule of the web: Don't disclose sensitive personal information to startups or apps.

    Number two rule of the web: Don't disclose sensitive personal information to startups or apps.

    Number three rule of the web: DON'T DISCLOSE SENSITIVE PERSONAL INFORMATION TO STARTUPS OR APPS!

    etc..

    • Long ago, I actually considered this when looking at the whole STD spread thing. I live in a community that has a considerably-high STD rate.

      This lead down a rabbit hole of designing an ID card or bracelet that contains medical records (using high-security storage--military-grade chipsets are actually dirt cheap, e.g. what Yubikey uses in $20 devices) and uses RTC tracking. You bring yours up to someone else's, you both acknowledge (physical button press) the exchange, and they blink a color-coded code

      • This idea is interesting but as a form of trust verification it still relies heavily on the user, and would instill a sense of false security that could only lead to more not adhering to safe sex practices. It seems to be more of a Rube Goldberg method of sharing lab report printouts.

        Technology that could provide a test quickly and accurately on demand would go much further in helping to limit the spread of infection.

        • Yeah, that's pretty much it. You'd get closer with medical reporting and some sort of social system (e.g. people anonymously notate details about their sexual partners and the data is correlated, so we can extrapolate sexual habits, risk behaviors, and contact with those infected to identify potential infections); but that involves the back-end to be aware of all of these facts about everyone.

          The whole approach was to eliminate any third-party knowledge. That becomes ... difficult at high connection ra

      • by madbrain ( 11432 )

        Diseases that were recently acquired cannot instantly be detected . Individuals who just contracted HIV are actually the most infectious. they have a very high viral load, but test negative on an antibody test, which is typically used for screening. You would need to know for sure that you haven't had any exposure during the entire window period of the test. And moreover, you would need to make sure that your partner either. I fail to see how a technological gadget helps with that problem.

        • Yep. The whole thing is a risk control; there's no such thing as risk elimination. You can avoid the risk by not having sex, although you still have the risk of transmission by other bodily fluid contact (e.g. blood). You can mitigate it with condoms (these can fail).

          We currently have a sort of voluntary system whereby people give you soft data: "Yes I'm clean, I get tested regularly, I always use condoms". The fact that they're willing to perform oral sex without a condom should be a warning, altho

    • by antdude ( 79039 )

      Why just startups? Also big companies too like MS, Apple, Google, Facebook, etc.

  • by Anonymous Coward

    Sandvine (AKA Procera Networks) recently and quietly added a signature for Grindr, more or less directly when that department was out-sourced to India. The plain-text "feature" is a chilling fact knowing this, and knowing that their products can excerpt details from dataflows in realtime, adding only configuration.

    Posting AC for obvious reasons.

  • I guess I understand the gay thing in theory. I just can't relate on any practical level.

    Hey, if it's love, it's love, and love is difficult enough to find in the "straight" world as it is.

    • It is probably enough to appreciate that people are wired differently, and human sexuality is as varied and unique as individual facial features. There are things about it I'll never be able to understand, and thankfully, I don't need to.
  • just a couple more (Score:3, Informative)

    by AndyKron ( 937105 ) on Tuesday April 03, 2018 @05:44AM (#56371671)
    I'm about one or two more posts like this before I rip the Internet cable out of my property and throw away my phone.

Parts that positively cannot be assembled in improper order will be.

Working...