When users shared their location, they did not expect that each of their steps would be known exactly, much less that this data, along with their profile information, could be obtained by anyone who had access to Grindr’s servers (REUTERS / Aly Song / Illustration)

The location of millions of worldwide dating app Grindr users, who use gay and bisexual people, was sold since at least 2017 and for approximately two years, after being collected through a digital advertising network, reported The Wall Street Journalciting sources linked to the case.

Already in 2018 it was known that, through a trilateration technique, it was possible to know the distance of the users taking into account three virtual points around them . The first step was to access the API and once the distance between the users and the three location points close to them was obtained, it could be calculated where the intersections of the three distances occurred. There are several applications that can do this calculation automatically and in real time. Through this technique, information could be extracted from all Grindr users in a city and know not only your location, but also your profile data, including name, age, photo and your HIV status, as reported then by the Queer Europe site.

When users shared their location They did not expect that each of their steps would be known exactly, much less that this information, along with their profile information, could be obtained by anyone who had access to the Grindr servers. .

Last December, the Norwegian Data Protection Authority (DPA) imposed on Grindr a fine of 65 million crowns (6.3 million euros) for the sale of the data of its users without their having expressed any consent . The regulator then warned that European laws prohibit personal information from being used as a payment method for a digital service. This is because the dating app used so-called behavioral advertising to finance itself and informed users that they were paying for that service with their personal data, but avoided indicating that this information was sold to third parties and there was also no way to opt out of having your data used in this way. In case of rejection by the user, a subscription fee was charged.

Customers of mobile advertising companies were for a few years able to buy bundles with lots of mobile phone motion data (Photo: Grindr)

In this way, the precise movements of millions of app users were collected from a digital advertising network and put up for sale. The information was available for sale since at least 2017, and historical data may still be obtainable, the sources cited by the WSJ said. Two years ago, Grindr cut off the flow of location data to any ad network, ending the possibility of such data collection today, the company said.

The American newspaper recalled as an example of the complexity of this situation, that last year a top US Catholic prelate was exposed as a Grindr user in a high-profile incident involving the analysis of similar data.

Also in the USA. national security officials raised concerns about the issue: Grindr data was used as part of a demo for various US government agencies about the intelligence risks of commercially available information, according to a person who participated in the presentation and was quoted by the same newspaper.

With this Grindr policy, customers of mobile advertising companies were for a few years able to purchase bundles with lots of mobile phone motion data. The data did not contain personal information such as names or phone numbers, but in some cases it was detailed enough to infer things like romantic encounters between specific users based on the proximity of their devices, as well as to identify clues about people’s identities, such as their workplaces and homes, based on their patterns, habits and routines.

“Since the beginning of 2020, Grindr has shared less information with ad partners than any of the big tech platforms and most of our competitors,” said a Grindr spokesperson it’s a statement. The company, he added, pays a price for reduced data sharing, including lower ad quality for users and lower revenue. The spokesperson added: “The activities that have been described would not be possible under Grindr’s current privacy practices, which we have had for two years.”

The idea was that through what are known as real-time ad exchanges, users would receive targeted messages about the nearest restaurants, bars or hotels (www.queereurope.com)

Location data can be very sensitive and have serious consequences, often difficult to predict. Earlier this year, for example, researchers spotted signs of the Russian invasion of Ukraine before it became public knowledge by looking at the functions of Google Maps they were designed to show traffic delays. Later, Google disabled those features to prevent them from being abused in a way that could affect the safety of people in the invaded country.

Grindr in 2019 said it was the world’s largest social media app for gay, bisexual, trans and queer people, with “millions of daily users using our location-based technology in almost every country in every corner of the planet.”

A former senior Grindr employee said that when the firm began sharing location data of its users with ad networks, company executives believed the data did not pose these types of privacy risks. According to that former employee, at that time the advertising companies assured the dating app that hyperlocal ads from stores located where their users moved were going to reshape marketing budgets.

The idea was that through what are known as real-time ad exchanges, users would receive targeted messages about the nearest restaurants, bars or hotels.

Information about the phone, such as location, is shared every time a user opens an app, allowing for highly targeted advertising. These data can be the location, if the user gave permission to an application, the data of the state of the phone. Most users choose to share location with Grindr to connect with other users nearby. That functionality is what made it attractive as an app when it was founded in 2009.

In countries where being gay is legal, the publication of data can also generate threats, for example of blackmailing those who do not live it openly (Photo: File)

In a computerized process that takes place in milliseconds, Advertisers bid to run an ad and the highest bidder wins. Consumers are largely unaware that the process occurs on their devices each time they load an app or web page or how much data is shared with third parties. Most apps participate in real-time ad exchanges that expose your details to hundreds or thousands of unknown people. However, Grindr and other apps created to encourage users to share their location generate particularly specific data sets that can be used to piece together data about individual users.

The dangers that it can mean

Grindr is an app used in many countries around the world, including some where homosexuality is still a crime that is why it states that it does not publish ads in these regions and keeps the information of its users outside of advertising networks. In those areas if this type of data were shared it could carry a risk of prosecution, imprisonment and sometimes even lead to a death sentence.

But in countries where being gay is legal, the publication of data can also generate threats, for example of blackmailing those who do not live it openly. . The US government stepped in to force a Chinese company to ditch Grindr on national security grounds in 2019, citing the risk of blackmail using the app’s data and the potential for the Chinese government to use the data from the app. the application for monitoring purposes.

Customers of the mobile advertising company SU they were able to buy bulk movement data from phones that included many Grindr users from at least 2017 and possibly earlier, people familiar with the matter said. Most location brokers remove the name of the apps they are getting the data from in the location datasets. In some of the UM data, the company included the name of the apps from which the location information was obtained.

Consumers are largely unaware that the process occurs on their devices each time they load an app or web page or how much data is shared with third parties (www.queereurope.com)

Um what was known as UberMedia before changing its name last year, was able to access Grindr data from the MoPub ad network. UM then put it up for sale to its customers. “All entities in the advertising ecosystem have access to the information shared by Grindr and any other application that uses the real-time bidding system. That means thousands of entities have that access,” said a spokesperson for UM’s new owner, Near. The company also questioned whether location data without personal information, such as names, emails or phone numbers, could be used to identify specific people.

Last year, a Catholic publication called Pilar said it obtained commercially available data that allowed it to track people’s use of Grindr. The US Conference of Catholic Bishops said one of its top officials has resigned from his position after being asked about findings that identify him as a user of the app.

KEEP READING

A vulnerability in the dating app Grindr allows users to be tracked in real time

They reveal that the dating app “Grindr” shares the HIV status of its users

Chinese Regime Removed Dating App Grindr From Download Sites