Gay Dating App Grindr Is Letting Other Companies See User HIV Status, Location Data

An anonymous reader quotes a report from BuzzFeed: The gay hookup app Grindr, which has more than 3.6 million daily active users across the world, has been providing its users' HIV status to two other companies, BuzzFeed News has learned. The two companies -- Apptimize and Localytics, which help optimize apps -- receive some of the information that Grindr users choose to include in their profiles, including their HIV status and "last tested date." Because the HIV information is sent together with users' GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the issue.

Grindr was founded in 2009 and has been increasingly branding itself as the go-to app for healthy hookups and gay cultural content. In December, the company launched an online magazine dedicated to cultural issues in the queer community. The app offers free ads for HIV-testing sites, and last week, it debuted an optional feature that would remind users to get tested for HIV every three to six months. But the new analysis, confirmed by cybersecurity experts who analyzed SINTEF's data and independently verified by BuzzFeed News, calls into question how seriously the company takes its users' privacy. SINTEF's analysis also showed that Grindr was sharing its users' precise GPS position, "tribe" (meaning what gay subculture they identify with), sexuality, relationship status, ethnicity, and phone ID to other third-party advertising companies. And this information, unlike the HIV data, was sometimes shared via "plain text," which can be easily hacked.

Grindr rules

First rule of Grindr: What happens in Grindr, stays in Grindr
Second rule of Grindr: Never tell the truth about your HIV status

Re: Grindr rules

[bill_mcgonigle]

All dating sites really should flat out reject anyone who is HIV positive.

Can you actually catch HIV if you already have HIV? This sounds tricky.

Re: Grindr rules

[fafalone]

Well, actually you can. There's more than one strain; HIV-1, HIV-2, and subtypes.

Re: Grindr rules

Since there are different straibs of HIV, yes you can catch more than one type.

Also, going back to the idea dating apps should turn away people with HIV, that is a pretty dumb idea. All that will do is encourage people to lie about their status, making everyone less safe.

Re: Grindr rules

Vaginal sex also transmits HIV, so the key is really safe sex and not being a rabbit. Vaginal sex has lower transfer rates due to natural lubrication and less likelihood of tearing tissue and exposing blood. HIV effects everyone but the higher transmission rate for anal intercourse coupled with the more rampant sex man crave (multiple partners, higher frequency, less screening, etc.) leads to this problem.

Just like IT security, it works best in layers, so you can also throw Truvada in the risk if you're high risk but don't use that as some type of magic barrier, use it as a safety net for broken condoms with fewer partners less frequently.

Re:Grindr rules

[MillionthMonkey]

I know, it's so easy. Just add an "I have HIV" checkbox to your dating site that hides the rest of the page when checked, thus preventing the HIV positive user from accessing the site.

Problem solved!

Re: Grindr rules

[madbrain]

In practice, superinfection (with multiple strains or subtypes) is exceedingly rare for people who are already on antiretrovirals. At least according to my physician.

Re:Grindr rules

[madbrain]

You realize that doesn't prevent anything, right ?
This very likely violates ADA and all kinds of anti-discrimination laws as well.
Considering the extremely high rate of HIV in the LGBT community, this would be a really bone-headed move by any site
Even with the current option to do so, very few positives ever disclose their status in their profile. Very likely because of uninformed, backwards attitudes like yours. With TasP, PreP and PEP available, the people of known HIV+ status on anti-retrovirals are the least likely to infect anyone on the whole site.
The real danger with HIV is people who do not actually know their status.

Re: Grindr rules

[Cederic]

How hard is this for you people to fucking understand

Very hard, as although I'd normally ignore you as a troll, you're dispensing lethally bad advice, so please, let me assure you: You're wrong.

You can get HIV without fucking anybody, and going nowhere near a bat or a monkey.

Learn the transmission vectors and learn how to protect yourself.

Re:Grindr rules

[eaglesrule]

Sure, because people can always be relied upon to be honest about providing that kind of information. They'd never lie to get what they are biologically driven towards.

Re:Grindr rules

[madbrain]

Makes no sense since HIV isn't a death sentence and hasn't been for years.

Condoms also fail occasionally, even if one is informed of their partner's HIV status.
But at this point, anyone who is positive should go on HAART and become undetectable, which makes HIV untransmittable, regardless of condom use.

Re: Grindr rules

[Cederic]

No, it does not. There are around 20,000 HIV positive women in the UK, they didn't stick their dick anywhere.

Your ignorance risks qualifying you for a Darwin Award.

Re:Grindr rules

[Anonymous+Cow+Ward]

I think flatly rejecting HIV positive people won't work out the way you want it to. Some of them will just lie about it and increase the risk of infecting others. We should be encouraging people to be honest and open, as much as possible. Putting such a huge stigma on it helped make the epidemic worse in the first place.

Plain text can be easily hacked ROFLMAO

[iamhassi]

Anyone else find it funny when it said plain text can be easily hacked. Author apparently doesn't understand plain text doesn't need to be hacked, it's already plain text

Re:Plain text can be easily hacked ROFLMAO

[iamhassi]

I guess anyone that can read is a hacker now, a hacker of "plain text" lol

Re:Plain text can be easily hacked ROFLMAO

[SeaFox]

Author apparently doesn't understand plain text doesn't need to be hacked, it's already plain text

You have to be literate to understand plain text. I guess that's a skill that even befuddles internet "journalists" now.

---
Brought to you by BRAWNDO. The thirst mutilator!

Re:Plain text can be easily hacked ROFLMAO

[madbrain]

You still need to tap to intercept the plaintext traffic somewhere.

Re:Plain text can be easily hacked ROFLMAO

[nzkbuk]

Author, You mean BuzzFeed !
I don't find it surprising at all that they haven't got about encryption or hacking. Most content from BuzzFeed is along the lines of more keyboards with more windows open is how you hack stuff. Many consider the average trashy glossy mags to be more reputable.

Apps have sexual preferences ?

[Archfeld]

I wasn't aware that apps, or programs, or code in general had sexual preferences. I think they mean the Grindr app used by homosexuals is making data that ignorant people have inappropriately shared available to others which seems like a case of you get what you deserve for over sharing...

Re:Apps have sexual preferences ?

[Gojira+Shipi-Taro]

Except that Medical Data generally has a higher standard of privacy (HIPPA) which Grindr may well be in violation of. If you're in possession of that data, and you're not the individual to which it applies, you're probably going to have a big problem if you're giving it out freely. In the US for HIPPA, and I'm certain that the EU has even more strict rules.

Re:Apps have sexual preferences ?

[quantaman]

I wasn't aware that apps, or programs, or code in general had sexual preferences. I think they mean the Grindr app used by homosexuals

It's an app intended for gay dating, "Gay Dating App Grinder" is a perfect way to describe it.

"Grindr app used by homosexuals" is both awkward to say and could just as well describe an app for grinding spices that happens to be popular among homosexuals.

is making data that ignorant people have inappropriately shared available to others which seems like a case of you get what you deserve for over sharing...

"Inappropriately shared"? We're talking about HIV status on a dating/hookup app. It's information that can literally saves lives.

Re:Apps have sexual preferences ?

[Archfeld]

HIPPA applies only to doctors, dentists or pharmacists, as well as healthcare insurance companies, but NOT life insurance companies. If you choose to share your medical data with a cab driver or your barber they are not bound by the strictures of the law. The law does include some 3rd party entities to which you are referred such as companies that make orthopedics and the like.

Re:Apps have sexual preferences ?

[Archfeld]

I agree that sharing such information with someone you might potentially be in a physical relationship is wise and should occur, but giving that info to a 3rd party intermediary prior to even establishing a relationship seems a bit umm, reckless ? foolish ?

Re:Apps have sexual preferences ?

[Archfeld]

https://en.wikipedia.org/wiki/...

governs the usage and security of medical health information in the US. Very unlikely to appear in employer HR software as it is primarily designed to prevent employers or others from discriminating against individuals based of existing health risks or conditions.

Re:Apps have sexual preferences ?

[madbrain]

It makes complete sense, IMO. Maybe a positive person only wants to hookup with another positive person, to avoid uncomfortable conversations that lead nowhere.
Of course, conversely, a lot of misguided negatives will filter out based on HIV status, not understanding that sero-sorting does not work for "negatives". Most people on the site who claim to be negatives haven't had a recent HIV test. Even the most sensitive HIV tests still have a 2 week window period of false negative. The most common and cheaper antibody tests have a 3 months window period for false negatives.

Re:Apps have sexual preferences ?

[Opportunist]

The sexual orientation of an app is none of your business and please quit staring at its package.

Re:Apps have sexual preferences ?

[Cederic]

It's an app intended for gay dating, "Gay Dating App Grinder" is a perfect way to describe it.

It's also helpful for people like me that don't use Tindr or Grindr and always mix the two of them up.

Which leads to some interesting misunderstandings when others discuss them.

Re:Apps have sexual preferences ?

[Dogtanian]

Maybe a positive person only wants to hookup with another positive person

Unfortunately, while the logic undelying this decision is usually "it doesn't make any difference if we're both already infected", things don't actually work like that and you risk HIV superinfection.

Re: Apps have sexual preferences ?

[madbrain]

HIV+ individuals who have an undetectable viral load still test positive on HIV antibody tests. They do not "seroconvert to a seronegative state".

As far as risk of transmission not being zero, even the CDC states that "People who take ART daily as prescribed and achieve and maintain an undetectable viral load have effectively no risk of sexually transmitting the virus to an HIV-negative partner." .

Re:Apps have sexual preferences ?

[madbrain]

Yes, it really does work like that. HIV superinfection is not a real concern once one is undetectable. Contacting another strain while on HAART is almost impossible. This is because the strains that are resistant to some meds are also not very "fit" as explained by my doctor.

If you are positive but not on treatment, yes, there is more of a risk that you could contract multiple strains.

Name?

[Tablizer]

Who gave it that name? That's a horrible name. It would be like naming a family horse trail vacation company "rash.com".

Re:Name?

[Tablizer]

I suspect it was more like a jokish name when the site was small and informal, but the site grew in size.

Re:Name?

[Dogtanian]

Perhaps, but R Kelly- who isn't homosexual as far as I'm aware (#)- used almost the same term in the name of a song almost 25 years ago, and it didn't stop *that* from becoming a hit.

(#) He's apparently more into the wholesome heterosexual act of urinating in the mouths of underage girls. (Link goes to music website article entitled "R. Kelly’s Alleged Sex Crimes Are Still Horrific 13 Years Later " in case you're wondering whether it's okay to click).

Re:HIV Status?? WHY!

[Cinnamon+Beige]

It's not a dating app, it's a hookup app for male homosexuals. There are people for whom it does in fact matter, and the least problematic group of 'em are those who are deliberately seeking sex partners whose HIV status is the same as theirs.

Part of how you can tell the difference is that hookup apps assume that, basically, you're for various reasons unable or unwilling to hire a sex worker--but you probably should, if you're not willing to even talk enough before having sex to discuss things related to safe sex. Of course, that might also be why you may not be able to hire any of the local sex workers anymore...

Re:HIV Status?? WHY!

[postbigbang]

Disclosure is part of the law in a number of jurisdictions. Others don't want to have that strange moment when one of the two says, "Oh, BTW, I'm poz.". A lot of poz guys get broken hearts that way. Some guys want to be aware of the status, while it doesn't matter to others.

Definitely. Not. HIPAA

Disclaimer - I believe Grindr sharing this data, and other data is bad. And other sites sharing unknown types and amounts of data without the individuals knowledge is bad. BUT - the person chose to disclose this information to a third party in a non-medical setting. If the same person got up on a bar stool and told the whole bar they were HIV positive, everyone in the bar would NOT magically be bound by HIPAA to keep their secret... Don't disclose private information to untrusted entities.

Do we need reminding?

[VeryFluffyBunny]

Number one rule of the web: Don't disclose sensitive personal information to startups or apps.

Number two rule of the web: Don't disclose sensitive personal information to startups or apps.

Number three rule of the web: DON'T DISCLOSE SENSITIVE PERSONAL INFORMATION TO STARTUPS OR APPS!

etc..

Re:Do we need reminding?

[Opportunist]

You do know that people have developed a capability lately that became known to experts as "lying"?

Re:Do we need reminding?

[bluefoxlucid]

Long ago, I actually considered this when looking at the whole STD spread thing. I live in a community that has a considerably-high STD rate.

This lead down a rabbit hole of designing an ID card or bracelet that contains medical records (using high-security storage--military-grade chipsets are actually dirt cheap, e.g. what Yubikey uses in $20 devices) and uses RTC tracking. You bring yours up to someone else's, you both acknowledge (physical button press) the exchange, and they blink a color-coded code to show time-decayed status (recent STD test? Clean? Positive?). Doctor has to code the update into it, so you have to go for a blood test to keep your shiny, green rating.

"Stick your HIV status into an online user profile" seems like it would have really bad outcomes.

Re:Do we need reminding?

[eaglesrule]

This idea is interesting but as a form of trust verification it still relies heavily on the user, and would instill a sense of false security that could only lead to more not adhering to safe sex practices. It seems to be more of a Rube Goldberg method of sharing lab report printouts.

Technology that could provide a test quickly and accurately on demand would go much further in helping to limit the spread of infection.

Re:Do we need reminding?

[bluefoxlucid]

Yeah, that's pretty much it. You'd get closer with medical reporting and some sort of social system (e.g. people anonymously notate details about their sexual partners and the data is correlated, so we can extrapolate sexual habits, risk behaviors, and contact with those infected to identify potential infections); but that involves the back-end to be aware of all of these facts about everyone.

The whole approach was to eliminate any third-party knowledge. That becomes ... difficult at high connection rates. Shamir's Scheme doesn't help here.

Re:Do we need reminding?

[antdude]

Why just startups? Also big companies too like MS, Apple, Google, Facebook, etc.

Re:Do we need reminding?

[madbrain]

Diseases that were recently acquired cannot instantly be detected . Individuals who just contracted HIV are actually the most infectious. they have a very high viral load, but test negative on an antibody test, which is typically used for screening. You would need to know for sure that you haven't had any exposure during the entire window period of the test. And moreover, you would need to make sure that your partner either. I fail to see how a technological gadget helps with that problem.

Re:Do we need reminding?

[bluefoxlucid]

Yep. The whole thing is a risk control; there's no such thing as risk elimination. You can avoid the risk by not having sex, although you still have the risk of transmission by other bodily fluid contact (e.g. blood). You can mitigate it with condoms (these can fail).

We currently have a sort of voluntary system whereby people give you soft data: "Yes I'm clean, I get tested regularly, I always use condoms". The fact that they're willing to perform oral sex without a condom should be a warning, although it's hard to get HIV on one end of that. If you're concerned about e.g. HSV, though, they're essentially running around unprotected. Then you have the problem that they may have contracted HIV by performing oral on another partner and the condom full of nonoxyl-9 is the only thing protecting you from HIV. You even have serial monogamists who sleep with one partner at a time for a short-term dating span, so churn through lots of partners just like promiscuous folks; and some of those are lax about protection or testing of their partners.

So you have personal trust and lots of uncontrolled risk, rather than a validated hard metric.

That means you have the risk of being given faulty or incomplete data among a sea of faulty and incomplete data.

Plain-text and network surveillance

Sandvine (AKA Procera Networks) recently and quietly added a signature for Grindr, more or less directly when that department was out-sourced to India. The plain-text "feature" is a chilling fact knowing this, and knowing that their products can excerpt details from dataflows in realtime, adding only configuration.

Posting AC for obvious reasons.

Grindr isn't about coffee dates with hipsters?

[Pezbian]

I guess I understand the gay thing in theory. I just can't relate on any practical level.

Hey, if it's love, it's love, and love is difficult enough to find in the "straight" world as it is.

Re:Grindr isn't about coffee dates with hipsters?

[Hognoxious]

Odd, isn't it? That must be why they never have big moustaches and wear lots of leather.

Re:Grindr isn't about coffee dates with hipsters?

[eaglesrule]

It is probably enough to appreciate that people are wired differently, and human sexuality is as varied and unique as individual facial features. There are things about it I'll never be able to understand, and thankfully, I don't need to.

Re: Just thought I'd point out:

[Opportunist]

Still, more people have a pussy as a pet than an ass.

Re:HIV status should be public record.

[Opportunist]

Do they get to choose the side they have to wear the star on?

Re: This could be fun

[Megol]

To be honest, I'd rather be dead than homosexual.

That can be arranged. Polonium or nerve agent?

Re:That's a serious HIPAA violation

[Megol]

So if someone tells you they got HIV they violate HIPAA? Because this it people telling other people (potential hookups) some vital information with Grindr the media they use for communication.

just a couple more

[AndyKron]

I'm about one or two more posts like this before I rip the Internet cable out of my property and throw away my phone.

Re:HIV Status?? WHY!

[wisnoskij]

You can get double aids, in fact already having aids makes you super sensitive to getting a second strain of it. The HIV status is used by people trying to pretend they are being safe while having unprotected sex with strangers and "bugchasers" whose fetish includes having sex with/contracting AIDs.

Re:Just thought I'd point out:

[Cederic]

What fucking gay bashers on here? I've seen maybe two posts in the whole discussion that are critical of homosexuality and they're hardly fucking 'bashing'.

Still, don't let your defensiveness stop you being a bigger arsehole than, well, the goatse guy. Who may or may not be gay.

Re:HIV Status?? WHY!

[Cinnamon+Beige]

I did say 'least problematic' group. Most of the discussion about all of this isn't happening in public, and some of the people I've met who are offended by bringing it up are involved in shaping the public health response to HIV...so, unfortunately, a decent number of them aren't 'trying to pretend' but rather completely unaware because the people whose job it is to make sure they know better are playing ostrich.

Re:HIV Status?? WHY!

[madbrain]

There is no such thing as double AIDS. If you had AIDS and went on HAART, the chance of being infected with a second strain, ie. superinfection, is remote. Source: my primary physician who is also an HIV specialist.

And the HIV status on hookup apps/ads is primarily used for other cases, not the deranged cases your cited.

Re:HIV Status?? WHY!

[madbrain]

There are missing facts from that page, IMO. People who are on HAART on already contract seldom, if ever, become subsequently infected with another strain which may be resistant to their own meds. If this actually happened, they would cease to become undetectable, ie. their meds no longer would work. As long as the meds work, and the viral load remains undetectable, viral particles that could be analyzed to determine the presence of another strain are simply absent, by definition.
Thus, superinfection is really only a concern prior to going on HAART and becoming undetectable. Ie. you can initially be infected by multiple strains.
But once you go on treatment - which will depend on which strain and mutations you got - this is no longer a real issue.

Re:Wrong mindset

[madbrain]

No. It is mainly spread because many people don't know their real, current HIV status.

Re:HIV Status?? WHY!

[wisnoskij]

Super infections are common.
https://www.sciencedirect.com/...

Re:HIV Status?? WHY!

[madbrain]

Not in people already on HAART.

Re:HIV Status?? WHY!

[wisnoskij]

What does HAART have to do with using a dating app?