A new report from The Wall Street Journal claims that the movements of users of the gay dating app Grindr were collected from an advertising network and made available for sale.
The report says the information has been for sale since at least 2017 and that historical data may still be obtainable. However, Grindr cut off the location data available to ad networks two years ago.
The data did not contain personal information such as names or phone numbers but is said in some cases to be detailed enough to infer hookups between users based on device proximity and provide clues to identities such as workplaces and home addresses.
This is not the first time Grindr has been accused of sharing data. In 2018, it was alleged that Grindr had been sharing the HIV status of users with other companies, while in 2020 it was alleged that Grindr, along with dating apps including Tinder and OK Cupid, were selling user data to third parties for advertising information.
Grindr’s issues with selling potentially identifiable information gained particular attention in July when a senior Catholic priest who used the app was forced to resign after being outed based on Grindr data. In that case, it was alleged that data from Grindr regarding Reverend Monsignor Jeffrey Burrill was obtained by a broker and then passed on to a Catholic news website.
The Journal claims that national security officials have also indicated concerns about the issue. Grindr data was allegedly used as part of a demonstration for various U.S. government agencies about the intelligence risk from commercially available information.
For its part, Grindr claims that the Journal report is nothing more than a sensationalized story about historical vulnerabilities in the ad tech ecosystem that were improperly exploited to allegedly obtain data from Grindr’s former ad partners.
Grindr claims that what the Journal describes is not possible with current privacy practices, noting that changes were implemented two years ago, lining up with the Journal report. Grindr said that since early 2020 it shares less information with ad partners than any big tech platform and most of its competitors, restricting information to IP address, advertising ID and basic information to support ad delivery.
“Privacy is a proactive first step for security, as threat avoidance is much easier and less costly than mitigation and remediation,” Rajiv Pimplaskar, chief executive of multipath virtual private networking company Dispersive Holdings Inc., told SiliconANGLE. “Most sensitive information has a ‘long tail’ and Grindr user data exchanging hands across third parties can be subject to misuse and be dangerous.”