NEWS: GRINDR SECURITY.
Is the popular hook-up app doing enough to protect its users?
BOASTING millions of active users and approaching its 10th birthday, Grindr has firmly asserted itself into the collective queer consciousness. It facilitates friendships, dates, hook-ups and even breakups.
But as a mainstay in the lives of the LGBT community, Grindr transfers and stores some extremely sensitive data. Users can choose to share a range of information on their profile; including their name and age, a photo, their sexual preferences, even their HIV status. This makes the platform – and more importantly, its users – a lucrative target for potential wrongdoers.
From the infamous Cambridge Analytica scandal, to Google’s work on a censored search engine as part of its secret Project Dragonfly, to the plethora of high-profile security breaches, the last 12 months have given us more reason than ever to be skeptical of our favourite apps and services. In fact, this skepticism about how our data is being handled has coined a new word: techlash.
In this era of security scares, as we are warned to be ever more cautious of parting with our personal data, is enough being done to protect Grindr’s users?
In 2018, it was reported that Trever Faden, CEO of property management company Atlas Lane, had developed a website called C*ck-blocked, which allowed Grindr users to log in with their account credentials and see the (normally hidden) list of those who had blocked them on the platform.
Alarmingly, though, the same mechanism that allowed Faden’s tool to function, also allowed him to access a wealth of user data: from location and unread chat messages, to email addresses and even deleted photos. Although Faden brought his findings to Grindr, who have since patched the issue, the potential for misuse was enormous.
Another report from Queer Europe claimed that a similar third-party tool, Fuckr, had been developed which publicly exposed not only user’s locations but sensitive details including their body types, sexual preferences and HIV status.
These incidents are cause for concern enough, but when they are considered alongside the added danger of living in a country with a poor track record on LGBT rights (such Egypt, where authorities use dating apps on confiscated devices to entrap and prosecute more individuals) the physical safety of users could easily be placed at risk.
In response to the above incidents, Grindr have issued various statements in an attempt to assuage any concerns about data security and user privacy. However, in the case of location data, for example, their official privacy policy still notes: “Distance Information is public, and other users of the Grindr App can see your Distance Information… Sophisticated users who use the Grindr App in an unauthorized manner… may use this information to determine your exact location and may be able to determine your identity.”
As tech behemoths like Facebook and Google faced tough scrutiny last year over their handling of user data, is it time for the LGBT community to push our favourite platforms for greater privacy and security?
For example, at the time of writing, the Grindr app does not currently implement twofactor authentication, a log-in technique that is employed by some of the web’s biggest names such as Amazon and Google, as an added layer of defence against account hacking. Nor does it employ the use of end-to-end encryption within its chat feature – the same privacy safeguard that has seen messaging services such as WhatsApp, iMessage and Signal grow in popularity.
In fact, as outlined in their current privacy policy, all information sent via Grindr’s chat feature including “photos, location, audio, or video”, is collected and stored by the company.
We increasingly live our lives online and data breach scandals continue. As security patches are implemented, clever hackers find ways around them. Is this the new norm and are we prepared to live with that?
Grindr transfers and stores some extremely sensitive data… a lucrative target for potential wrongdoers.