Grindr says sharing of sensitive user information is ‘industry practice’ - Security Boulevard

Grindr says sharing of sensitive user information is ‘industry practice’

Dating social network Grindr admitted sharing users’ sensitive information with third parties as this is “industry practice.” The data was encrypted and Apptimize and Localytics were bound by contract to keep the data safe and confidential.

Following an investigation, Buzzfeed reported on Monday that Grindr sent users’ health data such as HIV status together with precise GPS location, phone ID and email to software companies Apptimize and Localytics, paid by Grindr to optimize their platform.

Users say they were not explicitly notified about this, and warned it could become a major health and safety issue in countries where homosexuality is against the law.

“It allows anybody who is running the network or who can monitor the network — such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government — to see what your location is,” Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.

“It can put people in danger, and it feels like an invasion of privacy,” a Grindr user said.

The app’s privacy policy states: “You may also have the option to provide information concerning health characteristics, such as your HIV status or Last Tested Date. Remember that if you choose to include information in your profile, and make your profile public, that information will also become public.”

“Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers,” Chen said in a Tumblr post. “As a company that serves the LGBTQ community, we understand the sensitivities around HIV status disclosure”, but Grinder is a “public forum” and “if you choose to include this information in your profile, the information will also become public”.

Accused of compromising user privacy, Grindr Chief Technology Officer Scott Chen told BuzzFeed News that “no Grindr user information is sold to third parties. We pay these software vendors to utilize their services. The limited information shared with these platforms is done under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.”

Los Angeles-based Grindr was founded in 2009 to promote relationships and tailored content for the LGBTQ community. It has more than 3.6 million daily active users worldwide.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Luana Pascu. Read the original post at: