It's Grindr's Turn In The Barrel As America Finally Decides To Care About Consumer Privacy

from the standard-operating-procedure dept

Whatever you think about the Facebook Cambridge Analytica kerfuffle, it's pretty obvious that the scandal is causing a long overdue reassessment of our traditionally lax national privacy standards. While most companies talk a good game about their breathless dedication to consumer privacy, that rhetoric is usually pretty hollow and oversight borders on nonexistent. The broadband industry is a giant poster child for that apathy, as is the internet of very broken things sector. For a very long time we've made it abundantly clear that making money was more important than protecting user data, and the check is finally coming due.

While it may only be a temporary phenomenon, the Cambridge Analytica scandal is finally causing some much-needed soul searching on this front. And given how deep our collective privacy apathy rabbit hole goes, being sloppy with consumer data may actually bear witness to something vaguely resembling accountability for a little while. Case in point is gay dating site Grindr, which this week was hammered in the media after it was revealed that the company was sharing an ocean of data with app optimization partner companies, including location data and even HIV status.

Norwegian nonprofit SINTEF was commissioned to dig into the problem on behalf of Swedish public broadcaster SVT, which first broke the story. According to SINTEF, Grindr was also sharing its users’ precise GPS position, "tribe" (their preferred gay subculture), sexuality, relationship status, ethnicity, and phone ID with third-party advertising companies. And, because even "anonymized" data can never be truly considered anonymous, they concluded it isn't hard to identify these users based on this data.

Many were surprised that such a popular company would have such a casual disregard for its consumer privacy:

"Grindr is a relatively unique place for openness about HIV status,” James Krellenstein, a member of AIDS advocacy group ACT UP New York, told BuzzFeed News.

“To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community."

But again, this casual treatment of data isn't errant behavior on Grindr's part -- it's the norm. And in this case, many are correct to point out that in addition to it being problematic that users didn't know this data was being shared outside of the Grindr community, the exposure of the HIV data (which again was only with two app optimization companies) could potentially have placed people living in homophobic areas at risk of violence:

To its credit, Grindr wound up announcing that it would stop sharing HIV data with third parties, but not before the company issued a statement tinged with the usual lamentations about "misinformation." Several statements were made of the "everybody does it," flavor which didn't help the company's case. Grindr security chief Bryce Case also got defensive in comments to Axios about how the company was being "unfairly" singled out due to the Cambridge Analytica scandal:

"I understand the news cycle right now is very focused on these issues," Case said, but added, "I think what’s happened to Grindr is, unfairly, we’ve been singled out..."It’s conflating an issue and trying to put us in the same camp where we really don’t belong."

But nobody accused Grindr of doing what Cambridge Analytica did. They did however accuse the company of what's now fairly standard privacy apathy across countless industries, including overlong terms of service that don't make it clearer what data is being shared with whom, the sharing of some of private consumer data in unencrypted plain text (you know, like your television probably does), and sharing extremely-sensitive HIV status data that pretty clearly wasn't necessary for "app optimization":

"But some security experts say that this argument about whether the data was being sold to a third party for nefarious purposes or not misses the point: that HIV data is highly sensitive, and that sharing it with any outside companies is a move away from the security of its users.

"There was no reason for them to be storing that data with these analytics companies in the first place," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News. "Grindr should be taking extra steps to secure this sort of very personal data."

It's understandable that Grindr doesn't want to be lumped in with Cambridge Analytica, and it's obvious that there's a vast chasm between sharing some data with ad optimization partners and using unauthorized data to disrupt elections. Still, companies like Grindr are lucky that this come to Jesus moment in consumer privacy didn't arrive years ago.

Assuming this concern for privacy isn't just a temporary fashion trend, Grindr's certainly not going to be the last company caught in the crossfire of what should be seen as a cultural learning process. And hopefully, some of the truly terrible players on this front (like the telecom sector) will ultimately witness their time in the barrel as well. Especially since what many wireless carriers have routinely been up to makes Grindr's privacy missteps look like child's play, and the government's response so far has been to make it easier than ever to violate consumer privacy.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data sharing, hiv status, location data, privacy
Companies: grindr

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 4 Apr 2018 @ 6:59am

    Re: Re: come to Jesus moment

    I agree that the marketoids who think that Brave New World is an operating manual need to be told off here -- as it turns out, one can actually deliver more pertinent advertising to someone by focusing on matching the ads to the content being delivered, not on the recipient. (I get some hilariously off-base ads at times, myself, because the ad-trackers see things that are actually irrelevant from an advertising standpoint.)

    BTW: can you name the insecure features you're talking about? Because if you're saying "cookies should never have been implemented", then that's going to be a serious problem for anyone trying to do session management...

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.