In the last 24 hours, LGBTQ social networking app Grindr has found itself with the uncomfortable job of explaining why it has quietly been sharing the HIV status of its users with third parties.
According to research by Norwegian non-profit SINTEF, originally published in the Swedish media two weeks ago, Grindr sends analytics companies Apptimize and Localytics a swathe of user data.
This includes not only HIV status and the time since the last test, but GPS location data, phone ID and email address, more than enough to identify individual users.
Apptimize and Localytics are services used to monitor apps as they are being developed, to optimise how they work for users.
Although their use is not unusual in the industry, it begs the question of whether data transfers that happen during this process pose a privacy risk, especially when that data is as sensitive as someone’s HIV status.
The answer seems to be part technical, part operational and – to the growing unease of app developers everywhere – uncomfortably philosophical.
Interviewed in Buzzfeed, SINTEF researcher Antoine Pultier suggested this was more a case of app makers not thinking through what they were doing:
The HIV status is linked to all the other information. That’s the main issue. I think this is the incompetence of some developers that just send everything, including HIV status.
In response, Grindr has reportedly decided to stop working with both Apptimize and Localytics.
Sensitive data such as HIV status was always encrypted during transfer, and no personally identifiable data was shared with advertisers, the company announced.
But in other comments, its CEO Bryce Case struck a more defiant tone, saying what had happened was “unfair” to Grindr and that the company had been “singled out.”
In his mind there is a distinction to be drawn between Grindr’s data transfers and the sort of relationship that exists between, say, Facebook and Cambridge Analytica:
It’s conflating an issue and trying to put us in the same camp where we really don’t belong.
In a limited but important sense, Case has a point: users are not compelled to share their HIV status on their Grindr profiles and when they do so this information becomes accessible in public to anyone viewing it.
As for advertisers, while they have access to some user data, this would not include HIV status.
However, it is not entirely true to say that Grindr is not like Facebook because in an important way it is.
Both are based on the idea that fuels much of the internet economy: users are invited to hand over commercially-valuable personal data without there being many rules governing how it might be processed, analysed or sold on.
Users are told they are in control, that they choose what gets shared and what doesn’t. But when things go wrong, it tends to be whistleblowing, accident, or research effort that pulls back the cover to reveal another unexpected grey area. This is why people are shocked by Cambridge Analytica.
Users have numerous choices about their data but little visibility or understanding of its value or the risk it poses. Until that changes, Grindr’s bad week is unlikely to be the last one we hear about.