Just after civil liberties groups unveiled a new "Security Pledge", urging tech companies to do more to protect users' personal information, reports surfaced on Monday that the popular app Grindr has been supplying companies with data on its users' HIV status.
Antoine Pultier, a researcher with Norwegian independent research company SINTEF, warns data on users' HIV testing date and status are sent together alongside other identifying information, such as a user's Global Positioning System location and email.
Grindr, in the statement emailed to NPR, emphasized that there's a difference between "a company like Grindr sharing encrypted data with a software vendor to debug its app, and having it harvested from an outside third party like Cambridge Analytica". Pultier specified that the HIV data on Grindr is linked with other information and it may be due to incompetence from some developers that happened to send along all information including private and personal data.
The company made a decision to stop sharing the information with Localytics "based on the reaction - a misunderstanding of technology - to allay people's fears", chief security officer Bryce Case told BuzzFeed News.
"Thousands of companies use these highly-regarded platforms. We assure everyone that we are always examining our processes around privacy, security and data sharing with third parties, and always looking for additional measures that go above and beyond industry best practices to help maintain our users' right to privacy".
Grindr says Localytics and Apptimize were paid to test and monitor how the app is used. It says its users should carefully consider what information they list in their profiles.
The Tumblr post also specifies that: "Grindr has never, nor will we ever sell personally identifiable user information - especially information regarding HIV status or last test date - to third parties or advertisers".
The data sharing and privacy spotlight has shifted away from Facebook this week and onto the gay dating app Grindr.
Norwegian nonprofit research group SINTEF uncovered the data sharing, and concern spread in the United States after Buzzfeed reported the findings.
LGBTQ activists, meanwhile, are outraged by Grindr's handle on users' profile information. Update, 10:14 p.m.: Adds Grindr's announcement it is no longer sharing HIV status data and comments from Grindr Head of Security Bryce Case. Alarmingly, this data is "shared unencrypted, allowing people, companies, or governments to listen on a network to discover who is using Grindr, where they are precisely located during a day, how do they look, what do they like, what do they browse", the report noted. C*ckblocked was then able to access users' personal data, including private messages, identifying info and Global Positioning System location data, even for users who had switched off location services.