Grindr has a communication problem.
The social networking app used by 3.6 million people has been doing more than simply facilitating hookups, and in the process has potentially put the privacy of its users at risk.
According a report from BuzzFeed News, the company is sharing user data with two other companies — data that includes email addresses, GPS data, phone IDs, and HIV statuses. Taken as a whole, this information could be used to determine the HIV status of individuals by name.
After all, how many of you use some form of your real name as your email address? This, paired with your phone ID and GPS location, is likely more than enough to peg data to a specific person. What’s more, even if Grindr doesn’t have specific health data on you, this information might be enough to identify you as a user of a queer-focused app.
The companies in question are Localytics and Apptimize. Apptimize bills its service as helping companies “make better apps,” and Localytics says its goal is “to help customers build stronger relationships with their mobile and web app users through our analytics and marketing platform.”
So why do they need to know Grindr users’ self-reported HIV statuses? According to Grindr, it’s to make the app better.
“As an industry standard practice, Grindr does work with highly-regarded vendors to test and optimize how we roll out our platform,” a company spokesperson told Mashable over email. “These vendors are under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.”
The statement further noted that yes, the “data may include location data or data from HIV status fields as these are features within Grindr, however, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users’ privacy from disclosure.”
Fuck advertising companies. Fuck people who collude with advertising companies. Fuck people who put other people at risk for the sake of marketing and analytics.
— Sarah Jamie Lewis (@SarahJamieLewis) April 2, 2018
And while the spokesperson insisted in the statement that “Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers,” that doesn’t apply here as no one has accused Grindr of selling this information.
Following BuzzFeed News’s report, Bryan Dunn, VP of Product at Localytics, issued a statement clarifying his company’s policy surrounding the data it receives.
“We do not share, or disclose, our customer’s data,” read the statement in part.
Still, this is all obviously not a good look for Grindr. The move to share HIV status information with other companies potentially puts the health and safety of users at risk. If that data were to leak or be stolen, or even accessed inappropriately by someone at Apptimize or Localytics, it could be devastating for those whose privacy was violated as a result.
Just exactly how devastating is revealed by a current lawsuit against CVS for allegedly unintentionally revealing the HVS status of 6,000 customers in Ohio. In that case, individuals claim to have experienced significant emotional distress following their nonconsensual exposure.
Grindr’s sharing of this immensely personal data with other companies, no matter the stated intention and protections put in place, could have similar consequences if things went wrong. And on the internet, things almost always go wrong eventually.
UPDATE: April 2, 2018, 3:53 p.m. PDT According to Axios, Grindr will stop sharing the HIV status of its users with third-party companies.