UPDATE (Tuesday, April 3): Grindr announced it will stop sharing users’ HIV status with other companies, following a public outcry over this story.
LOS ANGELES — A new report revealing that gay hookup app Grindr has been providing user HIV status to two other companies that optimize apps has shaken those who use the service and outraged civil rights groups.
The two companies that help optimize apps — Apptimize and Localytics — receive some of the information that Grindr users choose to include in profiles, including their HIV status and “last tested date,” according to BuzzFeed, which employed cybersecurity experts to confirm results from a study by Norwegian nonprofit SINTEF.
Grindr, founded in 2009, has branded itself as an app for safe hookups and gay cultural content. It has more than 3.6 million daily active users globally.
The SINTEF report said that with the app, a user’s HIV status is packaged together with users’ GPS data, phone ID and email, allowing anyone monitoring the network — such as a hacker, ISPs or government — to see what the user’s location is, compromising user privacy.
SINTEF’s report also showed that Grindr was sharing its other user data regarding users' “tribe” (the gay subculture they identify with), sexuality, relationship status, ethnicity and phone ID to other third-party advertising companies.
Grindr, in a statement to BuzzFeed, said that no user information is sold to third parties and that the company pays the two software vendors to utilize their services.
The Free Speech Coalition today called Grindr’s decision to use package the HIV data with other information “incredibly disturbing.”
“The Grindr leak seems to be part of a larger pattern in which private data from sexual communities — whether that of gay men, sex workers, or adult consumers — is treated without proper regard for how that information might be used against them,” Mike Stabile, the FSC’s communication director, told XBIZ.
“The sharing of private health data, including HIV status, is not only a violation of trust, in many instances it is violation of HIPAA," Stabile said. "But it goes beyond just health data. Apps and sites need to be aware that data around users’ sexuality, identity and practices can have massive implications for people's jobs, healthcare, insurance, legal standing, relationships and housing.”