The dating/hook-up app Grindr is sharing the HIV status of its roughly 3.6 million daily users with two other companies.
On the platform that caters largely to queer men, Grindr users can share what their status is using an “HIV status” category where they can put if they’re positive, negative, being treated, etc. Grindr has also long promoted sexual health, even recently implementing a feature that will regularly remind users to get tested for HIV.
But now Buzzfeed News reports that the Norwegian nonprofit SINTEF discovered that companies Apptimize and Localystics, which reportedly help optimize apps, were receiving users’ HIV status, along with other highly specific information like users’ GPS data, phone ID, sexuality, relationship status, and email address. And all of that information together, if leaked beyond these companies, could potentially endanger users if they’re not fully out with their status.
“When you combine this with an app like Grindr that is primarily aimed at people who may be at risk — especially depending on the country they live in or depending on how homophobic the local populace is — this is an especially bad practice that can put their user safety at risk,” Cooper Quintin, a senior staff technologist and security researcher at the Electronic Frontier Foundation, tells Buzzfeed.
While Grindr’s chief technology officer defended the choice to use what he referred to as “highly-regarded platforms,” the data sharing still makes Grindr users vulnerable, especially data as sensitive as someone’s HIV status. And while users might feel comfortable sharing that specific information with Grindr, it’s not clear enough in the app’s privacy policy that their personal information could potentially be shared elsewhere.
Just a few days ago, NBC News reported that a security flaw in Grindr was revealed after a man named Trever Faden created a site in which users could see who blocked them on Grindr. After users entered their username and password, Faden gained a bunch of users’ data like unread messages, photos, and email addresses. Shortly after Faden exposed the security loophole, Grindr told NBC News it had changed its system to prevent that kind of access.
DISCUSSION
As someone who works in STI/HIV research and has done work in digital health and health privacy, this is huge news and I’m surprised I haven’t seen it elsewhere. To my mind, this is a far bigger deal than many of the other recent privacy breaches, because this one contains what might be considered PHI (personal health information). While PHI usually only pertains to medical records, I’d be curious to know what the legal language covering HIV status is in Grindr’s terms of use, and if this type of data sharing was allowed or not.
In research that utilizes medical records, patients are usually required to sign a pretty hefty consent form before any of their (DEIDENTIFIED) data can be used. In this case it seems like HIV status was linked to non-deidentified data before it was sold.