Dating app Grindr is popular among gay men seeking dates and hookups, but users could be sharing more than they bargained for.
The dating service, which allows primarily gay men to match with singles in their area, has been providing user data including HIV status to at least two other companies, according to a report from BuzzFeed News published Monday.
Grindr allows users to list their HIV status on their profiles. It reportedly shared sensitive data from its more than 3.6 million global users with Apptimize and Localytics, two companies that Grindr contracts with to make the app run better.
Because the data shared included profile information as well as GPS data, phone ID information, and emails, it could be used to link user identities and HIV status, according to Norwegian-based nonprofit research organization SINTEF, which first identified the issue.
A spokesman for Grindr told MarketWatch “we understand the sensitivities around HIV status disclosure. Our goal is and always has been to support the health and safety of our users worldwide.”
“Grindr has never, nor will we ever sell personally identifiable user information — especially information regarding HIV status or last test date — to third parties or advertisers,” the statement added. Grindr offers a paid plan for $11.99 per month or a more limited free plan with advertising.
The breach comes after Facebook FB, -2.75% came under fire for harvesting the data of 50 million users and selling it to Cambridge Analytica, a firm hired to help Donald Trump’s presidential campaign in 2016.
It underscores the impact that data people give away voluntarily can have, said Dimitri Sirota, chief executive officer of data protection company BigID. Often with free services, he noted, the customers become the product. “The reality is that we overshare,” he said.
Critics say such disclosures are not clear enough — especially when HIV status has historically been used as grounds for discrimination. The number of people who experienced discrimination in the workplace over HIV/AIDS status jumped 88% between 2016 and 2017.
Sharing private health information with third parties must be anonymized in case of a data breach, said Chelsea Reynolds, an assistant professor of communications at Cal State Fullerton who researches online dating behavior.
“Imagine being an HIV-positive, closeted bisexual man using Grindr,” she said. “If his HIV status, email address, and geolocation were made public to his family and friends, he could be ostracized from his community or exposed to targeted violence.”
Many users are threatening to delete the app or at least remove their HIV statuses. Competing apps, meanwhile, are beefing up their own security, or underscoring existing privacy policies. On Scruff, another dating app for gay men, users are able to join different “tribes” or communities, one of which is “Pos,” which indicates the user is HIV positive and/or open to dating people who are HIV positive.
That information is never shared with outside parties, said Eric Silverberg, chief executive officer of Scruff. Scruff’s basic services are free and it offers a “pro” subscription with more features at $14.99 per month.
“We spent two years debating internally how to include this in our apps and profiles,” he said. “It was important for us to get it right and create a welcoming space for HIV-positive guys who want to date each other while at the same time preventing people from excluding HIV positive people from search results.”