
Behind Grindr's Doomed Hookup in China - johnny313
https://www.reuters.com/article/us-usa-china-grindr-exclusive/exclusive-behind-grindrs-doomed-hookup-in-china-a-data-misstep-and-scramble-to-make-up-idUSKCN1SS10H
======
kristopolous
The most amazing part of this acquisition was discovering there's a gay dating
app called "blue" that I bet most americans, even those in the space, have
never heard of with 10 times the traffic of grindr.

And grindr isn't obscure or known only among gays, I've heard it joked about
on late night television and light-hearted NPR shows. It's part of the
zietgiest whether you're in the target demo or not.

I guess the domain space is inherently regional since it's about meeting
locals but I'm still continually amazed at how unknown some of the largest
players are outside their market.

It's like the regional scooter/rideshare/delivery competitors. I listen to UK
podcasts and they act like everyone on the planet has heard of and constantly
uses a company named "Deliveroo", which I, even in the startup world had only
maybe tangentially heard of, but not in any significant way. It serves in 14
countries and has 13,000 employees and 20,000 deliverers.

~~~
calf
I have Blued, but I barely use it as loading pics and messages on it is so
sluggish. There's literally a spinning cursor that comes up for actions that
should be quite trivial for the user.

~~~
novok
The servers are probably only in the great firewall, so any outside of china
connection will be make horrible on purpose by the chinese government.

------
avocado4
I know a number of Tencent engineers through college and past tech job.
There's this game among employees on certain teams - find compromising pics
your ex has sent through WeChat messaging, and put them side by side with the
screenshot of your ex breaking up with you (as in "who's laughing now").

I don't think this is a political / trade issue, but rather a difference in
cultural norms. It strikes me when people outside of China willingly send
their most private info (including nudes & PII) to WeChat, Grindr, Tiktok, or
any other Chinese apps.

~~~
stochastic_monk
That’s profoundly horrifying.

In America, unauthorized dissemination of nude photos is both criminalized and
widely reviled. What I don’t know is if it’s that difference or end to end
encryption platforms that makes the difference.

~~~
sneak
There are entire websites dedicated to it, and the photographers/subjects
willingly provide the data to companies like Facebook and Snapchat under
permissive licenses (read the TOS!) in the US.

I am not sure the contrast between the US and China is quite as stark as you
imagine.

------
hn_throwaway_99
This data set will be a blackmail goldmine. I'd be shocked if the Chinese
government hasn't already mined it for "discreet" users.

~~~
Redoubts
There’s so much throwaway data in there I’d be hard pressed to believe there’s
much of value. They don’t even validate the users email beyond “contains @“.

~~~
zeta0134
I wouldn't be so sure. Grindr tracks users locations pretty precisely, and
although many users hide their faces in profile pictures, many more demand a
face be sent through direct messages, etc. If you have location and a face,
and your target is even remotely popular, some internet sleuthing can put the
rest together pretty easily.

How much of this can be _validated_ and proven to not be a masquerade (fake
pictures / profiles are ridiculously common, as are bot accounts on the
platform) is anyone's guess, but for blackmail purposes, that doesn't really
matter.

Given how the app is marketed, and how pervasive it is throughout gay culture
in the US (pretty much everyone in that community at least knows about it,
whether they use it or not) just being shown to have an account on the service
carries a _pretty strong_ implication that the user is seeking a hookup of
some kind. Now imagine if the target is married, or they're a closeted
politician... it's pretty easy to see how dangerous the dataset can be from
there.

~~~
cptskippy
There's also the matter of device finger printing. If a malicious actor can
get you to install a less illicit app that can personally identify you, they
can finger print the device and then do the same in Grindr and compare prints
to find targets.

------
ycombonator
The Chinese hacked the entire OPM database and siphoned of the data of all
government employees. Hacked Marriot. It’s anyone’s guess how will they mine
and use this information.

~~~
kissickas
They didn't exactly hack Marriott. They hacked Starwood, which had been bought
by Marriott. I don't mean to nitpick but there are far more Marriott guests
than Starwood guests.

~~~
verst
The Marriott system is still riddled with vulnerabilities. Had someone
transfer 200,000 points out of my account recently. No way they stole my
session cookie, and the password was very complex, unique to Marriott and
generated / stored by LastPass. There was no attempt to change my password.
Now what's interesting is that the points to airline infrastructure likely is
a SPG legacy backend that is still running.

~~~
sneak
Most people who have workstation malware are unaware of the fact that they
have workstation malware.

~~~
zrobotics
So assuming that his machine is compromised, the first method of attack was
Marriott points? Sounds shockingly similar to the responses I got in a similar
situation with my Bethesda.net account getting hacked. Again, complex PW from
a manager. How likely is it that if someone gained access to that vault or my
PC the first thing they would attack would be an account which only lets them
gain access to a garbage fallout game and not my email/social media/bank
account?

Considering the large amount of points in OP's Marriott account, I highly
doubt that was the highest-value target available. Considering it's already
known that parts of their network were compromised, Occam's razor points to
this being a vuln on the hotel's end.

~~~
bouncycastle
Sounds like they would be specifically targeted. It could be mailware that's
delivered over the hotel's wifi or perhaps the maids dropping mailware on
unattended laptops? If Marriott investigates this, they should look if similar
incidents happened and correlate them with recent stays.

------
onetimemanytime
Cat has left the bag. Database is probably already being matched with OPM hack
etc to find the targets.

------
rajacombinator
So some high profile US govt officials were at risk of exposure. Yet they’re
happy to collect and use data of and against everyone in the world including
their own so called citizens. (Subjects really.) Privacy for me, not for thee.

