They can verify what has been reported on sf-86 vs what might be found from this service. Any affairs or issues not reported are ripe for blackmail. Possibilities are endless as they say.
If so, I consider all those that had their Grindr info stolen or even just acquired by individuals that may have less moral qualms about selling it to those that would use it for ill patriots who suffered for us all.
Depending on how many influential people they can black mail already, it could be too late. A would be blackmailer isn't going to give up their method of control.
When you look at some of the common methods intelligence adversaries use to ensnare assets (extortion, money, exploiting sympathies, stroking egos, revenge, etc.) the information in these hacks are a treasure trove the likes of which may never have been seen before. I can't imagine the various powers that be in the US Gov't are ready for the espionage threat posed by this..
I'm willing to bet that the devastating compromises thanks to the OPM hack have already happened, and that they're either classified, or, even scarier, the USG doesn't even know about them yet (e.g. people blackmailed into being spies who haven't yet been caught).
And even then, our counter-espionage resources in all likelihood are not enough to address a massive increase in the threat.
Absolutely when cross-referenced with information from OPM database. Employee with TS/SCI clearance working on a <military project X> hasn't reported reported his gay affairs (that his wife might not know about even). The Chinese find out, approach him and make him an offer "Look buddy, how 'bout we become friends. You just tell us what you know and we'll give you some money and most importantly keep quiet about your meeting with your secret partner on such and such dates or places?"
Or, "Lets not become friends. You can tell my wife. She thought it'd be fun to do that!" aaaaand so much for that blackmail. And just don't forget to tell the security officer that someone tried funny shit.
And I'd suspect that there are more than a few married (nominally heterosexual) men seeking out extramarital affairs on Grindr.
The same goes for situations like bankruptcies and 'bad leavers', there is absolutely no way short of airtight procedures and implementations to guard your privacy over the length the data resides with some company. And for most companies that means 'forever' so even the smallest chances tend to sooner or later materialize. In almost every company that I've looked at over the last couple of years (including medical, fintech and so on) there was always at least one person and usually more that had unfettered access to all the data, either in bulk or through some convenient interface.
I'm not even sure this can be fixed anymore, but I am also not going to give up.
The standard example is how the Netherlands were rather religiously tolerant, but used to keep track of Jews for tax collection purposes before WW2. Then when the Nazis arrived, they had all the records they needed to achieve their goals.
Who knows what will happen in the future, and how currently harmless data could be used by new actors then.
I wrote about that exact example:
It used to be common to tax different religions in a different way in some countries of Europe. Even today in Germany you are legally required to pay taxes to your church, and I have read multiple accounts of French expatriates who have discovered this only after a year of working in Germany, and getting significant amounts of back taxes to pay, as well as being required to be debaptised, etc, if they wanted to stop paying for that.
In France that would be unthinkable, but every country has its customs.
1. If it bothers the Germans, why don't they change it? Is there some concordat that makes it difficult?
2. Do I really have a right to comment given that I'm not German? Does it really makes sense for you to apply what are presumably post-revolution, secular French standards to Germany?
3. "co-opted by the church to act as their debt collectors " -- sounds conspiratorial. You think the Church is all-powerful and able to do that? Tithing isn't new.
4. "disgusting and no longer of this day and age" -- appeals to time period are rather silly. We're not talking about fashion, and it's important not to fall prey to the Idol of Progress.
5. Interesting that more religious countries, like Germany's neighbor Poland, have no such tax.
The church is still very powerful in Germany.
> Do I really have a right to comment given that I'm not German?
You have a right to your opinion about what is happening in a country even if you are not living there.
> Does it really makes sense for you to apply what are presumably post-revolution, secular French standards to Germany?
It is fairly exceptional to see the state harnessed to do a private institution's bidding like this.
> "co-opted by the church to act as their debt collectors " -- sounds conspiratorial. You think the Church is all-powerful and able to do that? Tithing isn't new.
That it isn't new doesn't mean there is a place for it today. The state and the church should be firmly separated. In Germany this is - not yet - the case.
> "disgusting and no longer of this day and age" -- appeals to time period are rather silly. We're not talking about fashion, and it's important not to fall prey to the Idol of Progress.
It's not the 15th century any more.
> Interesting that more religious countries, like Germany's neighbor Poland, have no such tax.
My point exactly.
To be clear, this is public profile information displayed to any user of the Grindr app.
There's a very strong chance that this is illegal in many states in the US as well (not sure about federal law).
Source? Curious to read more about this.
I had never heard this before, but it is easy enough to find it. There are at least a couple of other articles that readily came up.
Blackmail probably existed but it was just a great opportunity to sell drugs and booze in illegal bars.
When you hit the nadir of NYC in the 70s, it was difficult to make sales tax payments with all of the leeches attached to the business.
Someone’s HIV status, for example, could definitely expose them to social stigma. Is that a problem? Yeah; but it doesn’t change human behavior — there are some things we would prefer to keep private.
If that's the case I agree with them. How many people with secret and top secret clearance have exploitable (or compromised by design) 'smart' devices in their home or could be blackmailed using data in possession of these services? Then there's the whole mass election manipulation angle which just adds to the problem.
The social and 'smart device' panopticon opens the potential for a completely remote cyber-invasion and takeover of the country by a foreign actor. It would be the first full-scale invasion with not only no shots fired but no actual physical army on the ground. I don't think this is really all that sci-fi.
Maybe we are getting close to this point?
Seems like situations that result in direct pressure on the legislators would be more productive than ones involving us, their “employers”...
In general, most people would say that the short-term financial outcome is not the only important factor.
-Seducing and blackmailing a hot female enemy agent.
I love the honey pot.
Seems like blackmail works just fine!
I would link to others, but most of the ones that I've found include clear views of users' faces, sometimes clothed and sometimes shirtless. In some cases it looks like the photos were taken in their homes. It's ironic that in exposing Grindr's mishandling of users' personal data, this party appears to have mishandled personal data themselves.
Just another data-point explaining why in 10 years you got pulled off that Emirates plane in a layover in Dubai and were never seen from again.
Sure, someone else could have done it already, or could be doing it right now. But SINTEF is supposed to be reputable research organization, and I think it's more than acceptable to expect them to properly handle any data they gather.
Grindr faces significant hurdles in improving security and complying with GDPR, and we do need to hold them to account, but that does not absolve SINTEF of their responsibilities either.
NetGuard is an open source local VPN that allows you to block DNS lookups to prevent calls to 3rd parties, and it does not require root access.
Calls to all of the 3rd parties mentioned are blockable. Grindr does not need many domains to be operational to work, just their own domains (.grindr.com on 443, grindr.mobi on 443) and a couple of Google static domains like csi.gstatic.com on 443 .
Of course this does not prevent Grindr from rolling up the data and sharing that with 3rd parties, but the linked analysis suggests that this is all via the app making calls rather than the company selling it in bulk.
I have netflix installed (after rooting) without issue, and I use Android/Google pay practically every day along with another app that requires safetyNet without any issue at all.
For example, AirDroid - it is very useful occasionally but I don't use it 99% of the time, but it is still there running and killing my battery life. Perhaps I can better configure it, but that's not the point - I'd love to have a solution that puts me as the device owner back in control, I'd like to see what's running, I'd like to auto-kill things I don't want.
That's 250k per violation fine, and leaking status positive or negative is a violation. And every person, and every time they pass that information to every "partner" is a distinct violation.
If the vendor is a HIPAA covered entity, which Grindr isn't.
> it doesn't matter what your business is,
Yes, it does.
> health information is covered by HIPAA.
PHI held by HIPAA covered entity or by a business associate on behalf of such an entity, sure. Health information shared by the subject outside of a healthcare context, OTOH...
"The Security Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”) and to their business associates."
"The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically."
in what circumstances has HIPAA been found to apply to businesses other than those?
Declaring your HIV status on Grindr is voluntarily and knowingly sharing your own health information into the public domain. It is much closer to tweeting it out than telling a medical professional imo.
HIPAA has nothing to do with Grindr unless it starts an acute care clinic.
The data that we share with our third-party ad providers is:
- Your location (so you can get those local car dealer ads)
- Your gender
- Your age
- The targeting keyword "gay"
We currently use AdMob and MoPub to provide our network advertising.
More broadly, this kind of information is never something we would share. We know the sensitivity of HIV status, and know that it has been used to discriminate against our community in the past. When we do take money from direct advertisers (full-screen ads shown at launch), we make sure that they are promoting relevant and beneficial products for our community, and the ads they place are serviced 100% in-app and come with no extra data nor api calls.
Ultimately, our business model is based on subscriptions, which means we are successful when we make software that people love to use. We don't spend our days trying to squeeze a marginal penny out of some remainder-bin ad unit by trading personal data of our users. Instead, we spend our time focused on how to make an excellent product, that works reliably, is free of spambots and harassment, and connects gay guys with each other and the global gay community.
That said, upon further reflection, a local advertiser could surely get enough targeting information with a much, much less precise value...we'll look into making this change in a future release.
There are other third party services we use that may see various pieces of information from free and paid members. Stripe, for example, manages some payment processing and collects some user data; ZenDesk manages support tickets for us and also collects various pieces of user data.
In the coming months we will be sharing more information about the third parties with whom we work and on whom our service is built, and how data is shared between them. When it comes to ad networks, however, our integration is limited to what I mentioned above.
No, HIPAA binds only covered entities, which are (basically) care providers, insurers, and certain other parties in certain business relationships with care providers and insurers.
If you give out your health information to a dating service, it's not protected by HIPAA.
This is correct, though it's worth noting that HIV status is actually protected under more strict terms than just HIPAA, and that may in fact apply to Grindr.
There are a lot of laws at the state-level which restrict the ability to collect, record, or pass on information related to an individual's HIV status even when none of the parties involved are covered entities (or business associates of covered entities).
Covered entities are specifically defined as: "(1) A health plan";
"(2) A health care clearinghouse"; or "(3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter" .
The whole thing seems pretty bad (privacy-wise) https://www.scruff.com/privacy/
Its also available to anyone who sees the profile in their search results. As far as I can tell you cant have a profile that is active, use it and not show up in search results.
Grindr has never been exactly a bastion of good programming... Their app has always been subpar at best with infrequent updates, months/year long bugs, terrible UI/Navigation, lack of features that could be coded up in a weeks time that would GREATLY improve the experience (Message archival/hiding), and I could go on. It would be one thing if they features were relegated to the paid version (Grindr Xtra) but the only really big feature for Xtra is push notifications for when you get a new message.
All of this is to say the fact they are using HTTP to talk to these analytics/ad companies doesn't shock me at all. My bet is they haven't updated the libraries for these services in forever (which wouldn't be too hard to investigate).
As for HIV status getting sent it really depends on the service. They are not subject to HIPAA (even if you wish they were) so they can do this and I'm sure for targeting ads it makes sense. No need to waste ad dollars on "Get tested for HIV" for people who already know they are positive. As someone in this community and knows the orgs that pay for some of these ads are severely underfunded I have hard time saying this isn't important to make sure your ad dollars go as far as they can.
Lastly for people saying "just don't enter your status" you clearly don't understand this community, I'm sorry. But people who are positive face a HUGE stigma. Chatting on Grindr/Scruff is already an emotionally draining experience in a lot of cases, I don't you all want the details but let's just say failed conversations (for most people at least) don't exactly fill you with confidence/self-worth (yes there is a whole other discussion to be had there I'm sure). So waiting until you start a conversation to tell someone you are positive (instead of it being in your profile) is going to lead to even more failed conversations. If I were positive I think I'd trade my status away to analytics/ad companies in exchange for not having to talk to people who aren't interested in the first place. I'm saying that as a white male living in the US so depending on your situation you may disagree.
But I agree with pretty much everything you say, except for wanting to emphasis that getting people to enter their status is crucial in helping to normalize regular testing, safe sex practices, and allowing HIV+ individuals to be open members of the community.
However, your answers to a different Facebook quiz in 2014 were scrutinized by Cambridge Analytica, who were looking for the “dark triad” of personality traits, scouting for sociopaths:
This isn't physics; the laws of user behaviour are mutable, and legislation is completely possible.
The outcome of the erosion of privacy is the end of our ability to adapt as a society; there will be no new ways of doing things or dealing with change. This will be bad, we have some very very nasty societal problems coming and we need lots of new ways of dealing.
Yep -- I'm willing to pay $5/mo to host stuff. That's roughly 10% of an average cell phone bill, or less than 1% of rent (even outside the cool places).
Wasn't the social network of last week, vero, supposed to be like that ?
This sorry legal situation has completely obliterated meaningful competition in the online space, and we are letting them get away with it when we just hand-wave that it's because of "network effects". There's no reason that YoungSiteA shouldn't be able to act as a user agent on my behalf to access and reskin OldSiteB. If it could, the negative impact of switching providers would be small.
Maybe it will take another 10 years, but this gives me some hope that as consumers become more sophisticated (and jaded towards new trends), there's a chance society at large will be willing to pay real money to sidestep the worst side effects of ad-driven products.
This only leaves the 3rd party option. But someone like that will always want something in return, and the only thing that you have to offer is access to your users and their data.
Monetize photo services, music, sell access to the audience for applications or monetize the marketplace.
Pillaging users is easy. But if regulators prevented it, Facebook is still a viable business -- maybe even a better one.
I believe the reason that extreme ideologies on both sides of the spectrum have gained a foothold in recent years is because their ideas lend themselves to the hyperbolic, binary patterns of online discussion.
We should put "social media" to pasture and try to come up with something better.
do you have any reason to believe that this will be "a thing" beyond highly obscure internet subcultures like HN and reddit?
This sort of deal isn't the same as sharing the HIV status to Google or Facebook so that advertisers can target or exclude that user information for the purposes of advertising.
For people who think this is still wrong, I'm curious what their pragmatic alternative is. How else are app developers supposed to analyze their app performance? The open source, self-hosted pickings are slim. (I can only think of Piwik, which in my experience has a dated feature set and severe performance issues.) Not everyone can afford to perform their own product analysis. Using a third-party analytics saas is kind of the only way to go and seems like a reasonable tradeoff of security for product visibility.
”For people who think this is still wrong, I'm curious what their pragmatic alternative is. How else are app developers supposed to analyze their app performance?”
Remember, customers first, your “needs” come second. That goes double when they are placing their trust in you by allowing you to be a custodian of their data.
Not long ago, desktop software phoning home would have been a scandal. Not long before that, it was offline and couldn’t phone home. Yet, we still had software. Unfortunately, developers have taken the slipperly slope all the way to outright abuse of their privileges in order to collect information that customers don’t know about or understand. This has led us to things like GDPR. It doesn’t matter if your intentions are good or your usage is benign. It isn’t yours to begin with, those aren’t your decisions to make, and developers need to learn to seriously respect that.
2) Just don't fucking send it to a third party. Every single time you do that you yield control over the data, introduce another party to the mechanics thus doubling the risk of disclosure and they you cry 'breach of trust'.
> Not everyone can afford to perform their own product analysis.
Then don't do it and don't store sensitive information. You're taking on a risk and if you don't have the money to roll your own analytics then you probably don't belong on the market. This is no longer a playground, this is the real world, especially for this kind of information. People can get killed based on Grindr leaks. It's the big boys game and if you don't have the backing, you shouldn't play in the first place. And this app specifically should not have any problems with funding, give me a break.
So not used for performance, but instead "A people-centered and personalized approach to app marketing and analytics". I am not sure if this is better or worse.
Honest question, are you in the SAAS analytics industry or is anyone else that can comment on this? I am not (though I do do data work) and I would actually be surprised if the SAAS company _didn't_ have access to the data.
That would require some kind of dedicated setup so that Grindr's data was not at rest with other company's data which is a) super expensive, b) no reason to expect that the SAAS company would not have access for maintenance/troubleshooting and c) kind of defeats the purpose of using SAAS.
“But the plans were on display…”
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
Amazon neither receives nor requires access to the raw underlying data (in this case: data in your database indicating HIV status, or decrypted bodies of requests sent over TLS indicating same) when you host your web services on AWS. While, yes, it's possible for a dedicated attacker to intercept and snoop on this data, it's (a) not easy, and (b) very much outside the bounds of the scope of the relationship you have with them.
Contrast to the setup described here, where the third parties in question both received and required access to the raw underlying data in order to perform the services they were explicitly contracted for.
You may not think this is an important distinction, but legally, it is, and it makes a world of difference.
The legal distinction you're making doesn't sound right to me. Contractors for companies that access your data aren't usually about whether or not an attacker can get at it, but about what kind of access an employee of the service itself has.
Amazon _technically_ has complete access to your data when you run on AWS, but they're contractually limited in how they can use it. The same goes for third party SaaS services. The major difference is "who writes the logic".
But I'm not a lawyer and won't ever have to argue that somewhere it matters.
It's like the difference between putting your papers in a storage locker versus your friends garage. The storage company ultimately has access to the locker, but is less likely to snoop (either consciously or accidentally) than any of the folks with access to that garage.
AWS does not care about the data, does not want to see the data and goes out of its way to make it damn hard for it to see the data. The data is a black box to them and this is by design. You are not sending them the raw data in a format that they require for analyses. You are just sending them bits and bytes that they store for you.
The analyses third-parties in this case are the exact opposite. They explicitly require access to their data in a certain format for analysis. In fact, their business fails if they don't have access to this data.
They are both technically third parties but the way they handle the data is completely different.
One has every incentive to avoid reading the data, the other has every incentive to hoover everything it can.
AWS even has analytics products that require access to your data. I generally trust those more than sketchy analytics companies, but it's entirely because of the contractual protections AWS has in place, not because they're inherently different.
Remember that Russian intelligence got a spy hired by Microsoft: https://www.theguardian.com/technology/2010/jul/14/russian-s... Will your interview questions find a foreign spy, or someone who isn't even a spy but is interested in looking at private data for personal amusement?
So that would be the main difference. Virtually all of a company's employees shouldn't have access to user data at all, and those that do would only have access to parts of it.
This is precisely the sort of thing Microsoft takes incredibly seriously internally. Tim Cook may be a more vocal spokesman for treating user data with care but Microsoft is fanatical about it internally. They recognize the risk they face in the event of compromise and have made just enough mistakes in the past to appreciate how hard it is to actually protect their customers’ information.
"Avoid third parties" is an occasional effect of conscientious care of data, not a cause of it.
How about "lets just not spend medically sensitive information to third party services"
Just because ethical behavior is expensive doesn't mean you have a license to do whatever you want.
It seems like you're arguing that sharing data is wrong because, in the wrong hands, the data could be used to personally identify someone. In my mind, these are the ways that can happen:
1. The data is sent to an advertiser who can target based on that data. Seems possible, so it's relevant that this data isn't being shared with an ad firm.
2. The data is sent to a third party, whose employees can access and leak the data.
3. The data is sent to a third party, whose data gets compromised.
So the trade-off is, what is the value of having user information in a tool for analytics purposes, versus the chance that (2) or (3) (or any unknowns happen)? My argument is that analytics firms are not in the business of leaking or selling data; their business hinges on their client's data privacy. So to me, this seems like a reasonable trade-off for certain types of data.
As for whether HIV status is the type of data that's unreasonable... I can buy that argument either way. I've never used Grindr but I can imagine it being extremely relevant to its users. And any data that has product impact is useful in an analytics setting. For example, if Grindr has some features that make it easier for HIV-positive or negative people to filter, then they'd be interested in understanding whether it's being used in the product. Then again, I can equally see them deciding it's not worth the risk, and removing it.
If you think sharing sensitive data is wrong under all circumstances, on principle, then you're entitled to your beliefs, but that would seem to me awfully close to religion.
There is Countly Enterprise Edition for this purpose (both mobile and web). Privacy focusing and on-prem installation.
I think that adoption of privacy preserving data aggregation/analysis will become the norm. The most immediate applications are 1) telemetry data that is used for monitoring (for example, Google Chrome uses differential privacy for collecting this data), and, 2) services like Google Maps and Tinder-like dating apps. In these applications, essential user information can be represented as integer/boolean values (is user present in location X? True or False. how old is the user? device CPU usage right now? ...)
Based on my limited understanding* of differential privacy, it falls short on exactness (of aggregate values) and robustness (against malicious clients). I've lately been studying the literature on function secret sharing and I think it is a better alternative to DP. Take this paper: https://www.henrycg.com/files/academic/pres/nsdi17prio-slide....
Prio: Private, Robust and Scalable Computation of Aggregate Statistics
Data collection and aggregation is performed by multiple servers. Every user splits up her response into multiple shares and sends one share to each server. I've understood how private sums can be computed. Let me explain it with a straw-man scheme.
Example (slide 26):
x_1 (user 1 is on Bay Bridge):- true == 1 == 15 + (-12) + (-2)
x_2 (user 2 is on Bay Bridge):- false == 1 == (-10) + 7 + 3 ...
If all users send shares of their data to the servers in this manner AND as long as at least one server doesn't reveal the identities of the people who sent it responses, the servers can exchange the sum of the shares they've received. Adding the three responses will allow the servers to infer that there are _ number of users on Bay Bridge without revealing their identities.
This system can be made robust by using Secret-shared non-interactive proofs (SNIPs). This allows servers to test if Valid(X) holds without leaking X.
The authors also bring up the literature on computing interesting aggregates using private sums: average, variance, most popular (approx.), min and max (approx.), quality of regression model R^2, least-squares regression, stochastic gradient descent.
Bottom line: I found the discussion on deployment scenarios very interesting. Data servers with jurisdictional/geographical diversity, app store-app developer collaborations for eliminating risk in telemetry data analysis, enterprises contracting with external auditors for analyzing customer data, etc.
* - I understand the randomized response and, to some extent, the RAPPOR technique (used for collecting Chrome telemetry data) but the other literature in that community goes over my head.
* * - This technique is a black box to me at the moment.
Use the services you mentioned but DO NOT SEND HIV DATA TO THE ANALYTICS COMPANIES. Holy hell, how hard is that? Just omit that part.
This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html.
That can be a hard enough conversation to have even if they know. Being straight up rejected by some high percentage of people who started to chat you up and are done the minute you mention HIV would be a dreadful experience. It's possible they are on the app precisely for the ability to pre-screen people for their willingness to hook up with someone HIV positive.
A) Mark yourself as HIV positive in your profile, which Grindr will share with third parties.
B) Directly declare yourself as HIV-positive at some point in a conversation.
I’m not suggesting there are options without drawbacks.
Its not even clear if whats being sent to the analytical companies is whats displayed in the profile or all fields even if they are not displayed.
Especially social networks are considered most lucrative in terms of targeted marketing and data mining, and it's obvious why. Social networking remains a big deal, it's almost mandatory to have some social networking footprint online, or else you miss out on social life. Why is it still OK to trade data distilled from social media accounts? It's not! One of the many reasons and implications are in that article.
Is independent social media possible? How to fund basic service infrastructure if not by running online ads, or trading user data? Is decentralized social media feasible, and who maintains a decentralized service if it is?
EDIT: If an app developer wants to analyze how the app performs, why share most intimate user data with third parties, Facebook being one of them?
Subscriptions, combined with community awareness advertisements showing where users' money is going to (and where it is not going to) and why it benefits them.
Suppose you pay a subscription for one social network, you'll need to pay also for the other one, to get connected to people on that other social network! It needs to be one big single social network and everyone pays for one subscription. Anything else doesn't make sense, but a single social platform as a network is unthinkable. So, basically, subscription doesn't make sense for social networking.
A social network is not a content provider, just a different kind of social network. If you cannot afford a subscription of some social network, you miss out. And that's not acceptable in terms of social life of a human being. Rich folks would be able to roam all networks, poor people wouldn't. So, if you only can afford some "cheap" networks, the whole thing ceases to make sense, as soon as you are barred from accessing other networks. Exclusiveness in social media is an oxymoron. See where this is going?
Based on my limited understanding* of differential privacy, it falls short on exactness (of aggregate values) and robustness (against malicious clients). I've lately been studying the literature on function secret sharing and I think it is a better alternative to DP.
Take this paper: https://www.henrycg.com/files/academic/pres/nsdi17prio-slide....
You might imagine having servers in different countries so that the whole system can't be subpoenaed by any one country, but I believe this is a legal gray area that becomes illegal if you say you're doing this to be intentionally subpoena-proof (in the US).
I didn't know that. Hmm...
Can’t tell the worst, but I can tell that users should completely delete their Grindr account, now.
I know it's not possible to set the hostname of your phone on most android phones but it's unique.
Of course with Android making build versions and etc. Available to devs and in the case of chrome to your user agent.
You're pretty much identifible.
Although on my LG devices it defaults to the series name, for example G3 for an LG G3.
"Your ethnicity preference is white? You goddamn racist".
This gets worse when those interpreters are in a position of power.
2) it's not going anywhere. Its the gay Facebook. It has monopolized the market of an already vulnerable demographic so they can do whatever they want and still charge an extraordinary amount (almost $20 per month??) and provide no customer service.
The app doesn't even function as advertised (at least on Android). Push notifications and read receipts have been broken for years. Btw if you restrict the permissions of the app they permanently change your status to offline.
If they're this sloppy when the client device is on one end of the connection, how sloppy are they once the data is on their end and we can't see what they're doing?
Here is a thought. Do we think that the data is more secure with Grindr itself or with Localytics? I feel the answer might be the latter given data security means a lot to Localytics (as they provide analytics as a service to thousands of apps) vs. Grindr itself who may not go to the extent of Localytics to safefuard user info.