I hate that all of these apps (Grindr and similar) appear to take security and privacy secondary... which is just insane given the market they are serving.
Sex is still considered taboo in many parts of the world and some parts of the US.
Now this, we have them using the Facebook API and them knowing every time I open the app (or did).
I have made every choice I can to reduce the privacy invasion that these companies engage in, but there are simply no alternatives for this one. I would be very surprised to find out that Scruff is actually any better.
It's extremely sad how homosexuality is criminalised in such a large part of the world and it makes leaks of Grindr even more dangerous than just for the prospect of blackmail or just exposure.
I think there's nothing more profound than love in the human condition to be honest. I don't think it's not real at all. It is probably the strongest driving force in human behaviour. I didn't mean to downplay the significance.
But I changed my comment as it was not my intention to offend. On the contrary. Just saying "homosexuality" sounds distant and clinical so I said love to make it feel more real. Because really that's what it's about isn't it? For me love is what makes a relationship real. One based on just sex isn't, at least not to me.
Why would something emotional not be real? Sexual attraction is a big part of love but I think the term goes much further than that.
I wasn't intending for you to change anything in your comment at all! It was very thoughtful and well-articulated and I really didn't have anything else to offer. I just always zoom in on the "love" keyword when talking about gays. It's just not a keyword term to use anymore.
I've heard that some American religions try to 'fit' gay feelings into their principles by telling members it's ok to feel but not to act. Perhaps this is the reason for this sentiment? That by saying "love" I subscribe to the idea that only the physical act makes it 'real'? I find that concept very strange. As if the act is more real than the feeling of love or attraction for someone. For me it's the opposite.
In any case I changed it because I was clearly expressing a sentiment I didn't want to convey. Thanks for pointing it out.
If you are a startup, you cannot create a popular app in a crowded marketplace by being scrupulous about best practices.
Match owns almost all of the dating-app market, and they have extremely deep pockets to buy/extinguish competition with.
Because of the consolidated nature of the market, and the winner-takes-all nature of the industry, I really believe that it is impossible for a new entry to gain popularity and focus on hard problems like security.
This is fundamentally a problem with capital allocation and incentives. There's not much that a small team can do about it.
I'm pretty sure it's just an observation about the situation that any player in that market would find itself in, so therefore when you look at apps in that market they're shitty about privacy.
It's a comment about dating apps, not about people who decided not to go into dating apps i.e. found "a market you can address without doing that."
There's a difference between understanding why people behave dishonestly, and making excuses for dishonest behavior. You're doing the second one under the color of the first.
No one has to make a dating app. I don't see how "no one else could do it without betraying their users either!" as you argue - and, again, even granting this is true, which you've done nothing thus far to show - excuses the actual betrayal that actually has occurred. If you'd like to make an argument that it does, I'd be interested to hear that.
Maybe so. It's easy to get your blood up when you're addressing flagrantly careless behavior that substantially helps make possible the systematization of the same kind of targeted, but back then still by necessity only interpersonal and mostly opportunistic, violence that was a daily feature of your life throughout most of its first couple decades.
So, sure, the one comment to which you've directly responded here, I'll call that out of line on my part. Everything else I've said throughout these comments stands.
He's saying that in the end, all that will be available to customers will be the unscrupulous ones - because if someone tries the other approach, they'll fail.
And there always will be someone trying the unscrupulous approach, no matter how many people decide not to.
Fine! Don't try, then. "Someone is going to do this shameful thing, therefore there is no reason why I should not do this shameful thing" isn't quite the logic of a sociopath, but only because a sociopath sees no need in the first place to excuse to himself his own immoral behavior.
If your attitude is "if you can't do it right, don't do it at all", that's fine. But a predictable consequence of that attitude is that, when the cost of "doing it right" is high enough, the only people who do it at all are the people who don't do it right.
The incentives are broken, and telling the people who point out that the incentives are broken that they're just making excuses for bad behavior doesn't actually fix the incentives.
I’m pretty sure no one in this thread is saying that but you?
It’s an observation that market conditions seem to disadvantage anyone who DOESN’T do that, so unless you like spending a bunch of effort and time (and being less competitive overall because of it, and likely go nowhere), maybe spend your effort somewhere else if you don’t like to be that way.
There are a ton of markets like this. If you wanted to open a ‘good’ check cashing place for instance, go right ahead. Just don’t be surprised if you lose your shirt trying it by not being like the other, less scrupulous players.
You appear to be taking a very uncharitable interpretation.
This thread reads to me as there may be perverse incentives due to nature of dating and capital markets that make it nearly impossible to compete while valuing security.
u/firephonestival is stating the obvious and much repeated: any conscientious effort will be buried by the horde of amoral and immoral players. They are not defending, excusing, or in any way minimizing the excreble outcomes of our winner-takes-all economic regime.
How much of that is because they have been conditioned that things should be free though?
We have 10+ years of Google, Facebook, and others handing out major tools and functionality for free because of the privacy invasion.
I have to wonder how things would have looked had that not become the norm.
As far as being purposefully made worse, yeah both apps do that. Grindr charges $100, Scruff charges $120 a year. Considering how popular both apps are I have to assume they are pulling in quite a bit of money.
That's quite a claim when, until Grindr's practice of selling PII was disclosed, no one had any reason to imagine that by using the app they would be disclosing their sexual orientation and behavior. In light of that I have no idea what preference you imagine to have been meaningfully revealed here.
My claim is that for a large number of Americans, it's probably worse to be outed for seeking extra-relationship (I'm not sure of the proper term) casual sex than for being gay/bi/queer. Of course, both of those could be revealed at the same time which would be quite the double-whammy to an unsuspecting partner.
I'm not sure I agree, though. In an open relationship it'd be no surprise to my partner if I were using Grindr (he probably would be too, in that case!) and I think therefore that'd be more or less orthogonal to the concern around the risk of forcible outing posed by Grindr's misuse of data. Both are certainly of concern, but I think independently so.
> If you are a startup, you cannot create a popular app in a crowded marketplace by being scrupulous about best practices.
> Match owns almost all of the dating-app market, and they have extremely deep pockets to buy/extinguish competition with.
understood. the only practical response to the banal corporate indifference of modern markets is ultraviolence. establish a rival dating app and send ninjas to the bedrooms of match owners to threaten their lives
hn says "there's not much a small team can do about it" but they are clearly considering only a small team of technologists and a few salespeople/growth marketers. hn has drastically discounted the impact a small team of (kunai-wielding, not mid-2010s startup recruiter speak) ninjas can have
>If you are a startup, you cannot create a popular app in a crowded marketplace by being scrupulous about best practices.
>Match owns almost all of the dating-app market, and they have extremely deep pockets to buy/extinguish competition with.
Match owns almost all of the dating app market because they've acquired who? Startups who created popular apps in a crowded marketplace that they don't already own.
Now, if you want to argue that you cannot create a popular app in a crowded marketplace without accepting a buyout offer from the dominant player, now that's a topic I think is worth quite a bit of discussion.
Dating apps likely face a lot of churn because those customers who succeed cancel permanently. So for young apps burning out trying to compete it may be very hard to resist a big buyout from larger players with deeper pockets and fewer moral constraints.
On the other hand, programmingwise dating apps are simple as heck and require almost no staff (source: Match's presumptive development priorities across their apps). Wasn't Plenty of Fish famously one guy for years and years? Heck, nowadays you can even seed a new app with fake accounts even easier with thispersondoesnotexist.com. Couple that with Facebook's GPT-3'ish release today[1] and you can probably create some pretty convincing activity, including messaging.
>I really believe that it is impossible for a new entry to gain popularity and focus on hard problems like security.
Well, they can. New entrants to the dating app market always start out this way. They gain loads of initial trust and word of mouth growth by putting users first. But they inevitably fall victim to the same market forces as their competition, and slowly become the same thing. It happened to Tinder, it happened to Bumble, and it will happen to Hinge.
Ok sure but the point nerdjon and GekkePrutser are making (which I agree with 1,000%) is that it's super selfish to prioritize "creating a popular app" at all costs over protecting people's actual lives. Creating a popular app is great but don't risk the lives of your users!! That should go without saying!
That’s now what they’re saying . They’re saying if customer data security won’t be a deciding factor, you’ll lose by focusing on that instead of what IS the deciding factor.
People still use Grindr a ton even though these security issues have been well known for years and in most areas users have real concerns for their safety and lives if they’re caught using it, so I can’t say they’re wrong.
Little known fact: Facebook Dating doesn't sell any subscriptions, there are no limitations behind a paywall. They probably have the best security but I guess you could argue that Facbebook sells your data in other ways.
It is actually what I would expect from a dating site. Match group apps look more like a vehicle that only exists to transfer money from your pocket into theirs.
I really hope so. Maybe this will yield better privacy-preserving schemes for data analysis and recommendation engines. Necessity is the mother of invention (or whatever the equivalent idiom is in English).
I think I'm hardly making an original argument, but a big problem is binding Compute and Data, so companies have an incentive to hoard as much data as possible and keep it hostage. Feels like deep down that's the whole valuation of Silicon Valley
Didn't know Prio, seems like an interesting approach. I also would like to work with these problems someday. As a layman, I'd love to see something like fully homomorphic encryption taking over.
But in the end, IMHO what really needs to happen is to enable full data ownership. The semantic web, there was also another project by Tim Berners Lee...
Because most of that kind of industry is US based, and they earn money from EU users, so on one hand, you seem to be working "for the people", on the other hand, you fuck the americans :)
Probably because they're the jurisdiction that's taking user privacy rights the most seriously so far, with enough market share to leverage their demands.
The EU doesn't everything right in the digital sphere but at least some parts of it understand the importance of privacy.
Of course there is an opposition that believes this hinders digital development in Europe, which is quite slow or nonexistent, but that is also often caused by said opposition itself instead of privacy laws. Because the few digital experts need all their energy in fighting their ideas and corruption.
> I hate that all of these apps (Grindr and similar) appear to take security and privacy secondary.... I would be very surprised to find out that Scruff is actually any better.
The average case is quite bad, but I wouldnt generalize it to quite every app. Scruff, for example, does take privacy seriously - both in rhetoric and in their user-visible design decisions.
That's not to say there might not be vulnerabilities (which could be said about any company or service), but they don't treat it as a secondary priority.
Grindr, on the other hand, is actively malicious with how aggressively it sells and/or exposes user data willfully.
Maybe I am just jaded by Grindr (and even non hookup apps) at this point.
But I just take Scruff's words with a grain of salt at this point. There is so much that they can do server side that we can't block.
A big part of me thinks it is just inevitable until something like this comes out about Scruff. I don't want to think that... but we have been burned way too many times by apps. Look at what came out about several mental health apps a few days ago.
I don't imagine sniffies, a4a, MH, bbrts (for anyone reading, please don't look these up while at work... or at least not on a work computer... these are all Gay hookup sites) is any better. Particularly the first one when it comes to location data considering it just legit shows a map if people.
I really don't trust any of them (App or Website), enough so I have seriously contemplated getting an iPod touch or something and tethering anytime I want to use them. But I have not quite gone that far yet.
There's less data tying you to your identity with the web apps, and you can use an adblocker to reduce your profile even further. The location data is troubling but I've seen at least one of those randomize the pin slightly each time it updates your location, though in a circle radius so I guess you could triangulate it by staring at the pin a bunch.
I am not entirely sure I by there being less data. I don't allow Grindr or Scruff access to anything on my phone. Even for photos I use the iOS feature to limit what photos they can see. The only real difference between the... accepted profile structure. Grindr and Scruff tend to be face...ish pictures vs Sniffles that is... not.
Facebook and Google have become very good at tracking you across the web. Sniffles has ads (admittedly all of them are to sign up for premium but I don't know how those ads are served... I have not looked).
So add in google fonts or some other tracking mechanism and suddenly you have a ton of data to tie someone too a website that is meant to be anon. (more or less, I know its not quite that simple but I don't think being on the web makes it necessarily any better)
Grindr has the worst privacy protections of any social media app out there. For many years they were sending the private HIV status & sexual orientation information for millions of people to third party analytics in plain text – i.e. every router on the internet could read your HIV status.
These B-tier social networks deserve a lot more attention & scrutiny from security researchers.
I found a similar vulnerability in a very similar gay dating app…they were sending ALL information about every profile near you in plaintext including email address, current location (extremely precise, like able to know which room of your house you’re in), etc. I emailed the CEO explaining what I found and how to easily fix it…took about 9 months and a couple follow up emails from me before it was finally patched.
>> For many years they were sending the private HIV status & sexual orientation information for millions of people to third party analytics in plain text
Are. You. Fucking. Kidding me?
Grindr must’ve been started by the gay community, yeah? Why the hell are we doing this to ourselves?!
I got really pissed both times Facebook leaked my phone and email. Imagine being HIV positive and having that leaked. God, I can't even imagine. And I assume, as usual, that there is no decent victim compensation or punishment for the perpetrators. Heck, they surely get to keep all the dirty money too.
The silver lining here is finally an argument for privacy that has very little risk of being shut down as "hypothetical", which is always a dead end for most low-key privacy debates.
I do some commercial dance and when I started I began getting targeted ads for managing HIV, which would be enough to identity one of the small group of men I dance with as having HIV.
The information in apps like Grindr is more sensitive than other apps (e.g. Tinder) but it's probable that most apps are selling, or have sold in the past, most user information that they can garner. What's the incentive to do it securely, or to provide proper anonymisation?
At this point we need to be able to set our reported location manually on our phones natively. I don't want any number of apps to be able to sneakily collect such data. Android sort of allows it through 3rd party apps, but Google has all incentives in not making this trivial.
A long time ago, when I lived within dating distance of the default coordinate (maybe City Hall?) of a global-destination city, a dating site I used introduced a feature that let users set their locations manually. Within hours of rollout, the site was completely unusable due to being full of people from around the world saying "I wonder what the dating scene in $city is like?".
That is still the case on some big apps like OKCupid. There are green-card hunters from poor countries that fill up the swipe queue and all have the same giveaway line:
"I'm not based in [your city], I just change the location to talk to new people". It's frequent enough that I stopped using the app altogether. OKC was already going downhill well before this.
It takes a few seconds and they are really upfront about it. I can imagine OkCupid charging for such a filtering feature, but I've never paid for it just didn't seem "worth it". Especially since Match.com owns it, and I'm not really helping the underdog.
( I understand that I might not have been making a sensible economical decision, as I have many examples of not doing that in the past )
I would go further. At this point, the "sneaky snacky smartphone" approach to data collection (in which everything that can be collected is being collected, and probably used for things you can't imagine it would be useful for) starts to press heavily on the "And I therefore shouldn't carry a smartphone" side of the scales.
I've seen some fun papers of "Well, you could do this awful thing..." (comparison of accelerometer data to deconflict which nearby phones are in the same vehicle vs separate ones to better refine social graphs), in addition to all the stuff we know is being done (ultrasonic signals in various ads, tracking shoppers by their wifi/bt beacon MACs, etc). I assume the state of what's actually being done is far worse than what's in the papers, because someone, somewhere, though they could get a signal out of something.
Trying to "de-evil" this sort of system is, first and foremost, fiddling around the edges of what's possible (I expect various people are reading and thinking, "Oh, you think spoofing GPS will matter, cute!), but it's also remaining in the ecosystem that has, repeatedly, demonstrated that they're going to get their paws on everything they think they can justify, and then expand that over time.
There's no reason that a TV needs to be doing automatic content recognition on various inputs, but they're all doing it these days.
I've given up and I no longer carry a smartphone. I'd encourage those who can get away with it to do the same thing. You can't go hoovering up all my data from a dumber KaiOS device because it doesn't run all the apps, and if a company makes their desktop/laptop interface so painful to use to drive people to the phone interface, well, they're probably doing things I don't want to support anymore.
Trying to "reduce the harm" of smartphones, more and more, feels like trying to figure out how to mitigate the impact of a world class meth addiction by focusing on the symptoms - "Oh, you need to hydrate better!" "Here's some skin moisturizer and a toothbrush!" and so on - without ever stating that the problem is the meth and that you need to stop using that, not try to figure out how to avoid losing your teeth while doing it.
I sure hope so. And I hope that future is an awful lot closer. The past decade or so of teenagers can speak to just how nasty smartphone addictions can be, in terms of mental health, suicides, etc. I grew up with the internet, but we didn't have profit-driven advertising empires pretending to "connect people together" back then, either.
Part of my reason for not carrying a smartphone anymore is to be a better example to my kids, and I certainly point out couples staring at his-n-hers smartphones at a restaurant instead of actually enjoying each other's company.
Odds are good that instead of a smartphone, my daughter will just end up with her HAM license and a VHF handset instead. It'll cover the common cases direct simplex if I put a base station on the house, and my wife isn't opposed to getting her license either. :)
Someone wake me up when I don't have to pay for a PO box to avoid having to announce my address to everyone within listening range - maybe my own license will still be active by then.
Probably worse. After all, smoking mainly just gives people more health issues. Smartphones have far more insidious sociological effects on the very fabric of society.
I think a comparison that does it more justice is to the use of leaded gasoline and its downstream effects on crime rates.
This is really tough because the only purpose of Grindr is to give it your location to see who is around you. There also needs to be much stronger requirements for end user transparency about where their data is going.
It would still serve its purpose even if you spoofed your location to be somewhere nearby or elsewhere. Nobody needs to be able to figure out exactly where specific users are/live/work via the platform.
Removing that ability removes one of the key functionality of these apps and why they are popular.
Seeing that someone is 100 ft away is a common start of a conversation. Maybe they live in the same apartment, at a local coffee shop, work in the same building. Which leads to... well...
Plenty of people already spoof their locations on the app and the app itself offers location changing functionality, I'd hardly say that is removing functionality or defeating the purpose of the app.
It's a shame that LineageOS doesn't let you spoof apps with bogus data anymore. It's much easier to let them think they're getting permissions than try to play whack-a-mole with opt out settings that could get reset at any time by bad actors.
my understanding was that the first instance of that was way back in cyanogenmod back in the late 00s and that it was quashed when google basically said "we'll let you bootleg the play store, but only if you don't screw up revenue streams by feeding app developers garbage data"
They have come even closer to Google now, I'm sure they'd love to be an official distribution with play apps included out of the box if they could. Fair enough though, most of their userbase sideload Google services.
I use it with microg myself but I have to use a special fork. I wish microg had this option too, it would be great to be able to feed garbage.
Even if you use 3rd party apps, Google location services will side step your mocked location. Apps can detect mocked locations, as well.
Pretty sure SafetyNet, or something like it, from Google will also tattle on you if you spoof your location in apps that don't want you using mock locations, preventing you from using mock locations at all with apps.
Android 12 finally has a feature to select approximate location per-app. iOS has supported this for a bit longer, since version 14. The accuracy of the "approximate" location is also much bigger for Android 12 than it is for iOS, but it's a good start.
There's a funny thing about cellphone modulation: makes it hard to locate a device. Cell phones need GPS so they can give their location to the eNBs (towers) so that the best tower can be selected, the towers can't do it on their own.
GPS isn't required to schedule handovers in a mobile network.
Handovers can be signalled by the network or the handset, but they use the received signal quality and strength (and handsets can send their signal quality and strength to the network to facilitate better handover scheduling) to arrange handovers.
You can also triangulate devices effectively using just the cellular signal to them, if you are the mobile network operator, using signal strength, or other techniques like time difference of arrival, if you have good clock sync across your base stations.
> What the WSJ describes would not be possible with our privacy practices today, practices we proactively implemented two years ago
> Grindr takes the privacy of its users extremely seriously, and we have put privacy before profit
> Grindr does not share users’ precise location, we do not share user profile information, and we do not share even industry standard data like age or gender
I don't really trust them tbh they've never cared that much about user safety or privacy. You can still triangulate people's location, in Egypt this was used to imprison LGBT people.
I'm sure there's navigators who discovered California-sized lands (from the perspective of Europeans not of those who already lived there), that called it "triangulización" in Spanish. They triangulized, or triangulated.
And it was cool the first time, with mountain peaks, and a very accurate compass, going on a hike and figuring out where you were on a map, without the whole satellite cakewalk.
But all of that's a nitpick of a nitpick, you and the parent post are totally right. But like totally. You should all have read the last paragraph in this post first, what I said doesn't change things, it's trivial to get our positions.
Not for myself - because I’m out - but because the fact that I am out would potentially be for sale, and - for instance - my primary partner - isn’t.
She comes from such a traditional family, and her home country is so anti-queer - that if they somehow found out her parents would literally likely commit suicide - the exact same thing happened to a friend of hers, and it’s unfortunately a very real concern.
This marks the official crossing of the line from any potential ‘if you don’t have anything to hide, why do you care’ bullshit excuse that fucking idiots use to push privacy issues aside.
If you are not out - it is not okay for ANYONE you don’t know to know you’re gay/lesbian/bi/whatever.
This is a brutal fucking outrage. I’m frankly fuming, like - on the verge of an anxiety attack - over this.
Lawsuits had better fucking ensue.
Frankly, this makes me want to preemptively leave HER (the lesbian equivalent of Grindr) - before I find out the same shit is happening.
Die, Grindr. Fucking die.
As a queer person this may be the single greatest abomination I’ve seen a corporation claiming to support the LGTBQ+ community commit.
> She comes from such a traditional family, that if they somehow found out they’d literally likely commit suicide.
"they" in this case is the family finding out and the family committing suicide? or did "they" change mid-sentence. Sounds bad for any party finding out, just trying to understand the threat model here. If your primary partner found out about the widely reported data leak existing and becoming suicide sounds now extremely probable. The other possible readings of that sentence are, extreme, but less extreme in probability.
I think GP is saying there are countries with stigma against homosexuality that family members would kill themselves to find out that their children were gay. That’s what I understood.
You are fortunate to have grown up in a culture where that is mostly true. However, in some cultures, the "shame" of that disclosure about their child is considered worse than death. Horrifically sad, but true.
> ...the single greatest abomination I’ve seen a corporation claiming to support the LGTBQ+ community commit.
Just wait a few months, something else will probably show up. Remember that "claiming to support the LGBTQ+ community" is, in almost every case, just a calculated way to increase their profits. Change a few logos, let the PR department fund a float, and wait for the additional dollars to roll in!
> Frankly, this makes me want to preemptively leave HER (the lesbian equivalent of Grindr) - before I find out the same shit is happening.
Good. Do it. The entire core of our modern consumer tech ecosystem is based around this sort of deception and lying. If it's a popular app, it's making the money on the backend somewhere. Robinhood (the stock trading app) was literally just selling off order flows to the high frequency traders who would pay them rather obscenely large sums of money for the "Heyo, I've got someone ready to buy 15 shares of GME, I'm going to buy 15 shares of GME now, and... buy!" data. They existed to sell out an audience who didn't know better for fractions of a cent per trade, but in volume.
If you don't mind some dense reading, Zuboff's book on Surveillance Capitalism is well worth the read. The author is just in love with high scoring Scrabble words for no good reason, unless she finds a reason to invent a new word instead. But the outcome of it is that you'll want to regularly frisbee your smartphone across the room into the nearest wall without a case.
"Modern consumer tech" is absolutely, 150%, at odds with any concept of personal privacy. And the more people start opting out, the sooner we can go back to "My personal habits are not your profits."
It’s unfortunate that majority of the gay community uses this app despite knowing privacy risks.
But there are some precautions one could take to reduce the risks. Like turning off precise location for specific apps is possible in iOS. I assume similar feature is available in android too. This might not help much in a big densely populated city but in a small city this is good enough to find people on Grindr. I also turn off the location access for Grindr once I favorite some people I like to keep in touch with.
I'm pretty sure that lots and lots of companies are collecting and selling data.
What I really wonder is whether disclosure of these sorts of leaks is selective. I suspect it is. The point being that in showing one or 2 cases, and then showing the system taking a retrospective action, gives the impression that we are being protected. I suspect that grindr has been selected as a sacrificial lamb (of little consequence - eg its not tinder) - and will possible be put through some legal process and appear to be made an example of.
If so, the news will have some headlines, and it will appear that the governance process is doing its job.
I don't think we are being protected though - it would be easy to pass legislation that made these sorts of actions illegal. What is being protected is the reputation of those businesses undertaking the collection. The cost is that we are kept in ignorance of how bad and systemic the situation really is.
there's another system i saw on here that uses the VPN api to monitor for saas adware connections in apps. i think it was developed in europe or was part of a research project.
the future of firewalls will be keeping your data in is my bet...
worth noting that this doesn't catch instances where the app developer collects the data itself and then sells it (as opposed to just linking in a collection library from the third party).
i suspect that there will probably be some cool research projects that try to embed identifiable watermarks in behavioral data and then attempt to detect them in purchasable data or data products and/or realtime behavior of ad companies.
I posted this in another comment - but - here’s the worse thing.
It’s not just niche, like a Christian dating app.
If I am a Christian - frankly - living in North America - I’ve got nothing to hide to anyone, mostly.
I probably came from a Christian family, and - if I didn’t - being Christian isn’t something that frankly carries the stigma that being gay/trans/lesbian/bi/etc, does.
I would know, because I happen to be Christian, transgender, and lesbian. :P
There’s an argument that with privacy ‘if you have nothing to hide, why do you care?’ - and being on the LGTBQ+ spectrum nukes that argument, just as being a stoner in a weed-hating state might.
Selling the orientation of individuals for profit is an abomination of capitalism, such a risk to the queer community, and such a fundamental and brutal rape or privacy, that I frankly hope to see a class action lawsuit over this.
Grindr shutting down completely would not be good enough; here. This is beyond felonious. This is a human rights violation of the utmost degree.
I am appalled by this and I hope they have to pay for it as much as others in this thread but, I'm sorry, categorizing hypothetically selling your data which could hypothetically be used for harm as a "human rights violation of the utmost degree" really dilutes the severity of real human violations that have actually happened (see I don't know, child rape, forced sterilization etc). That's an interesting choice of framing.
Why openly disclose your sexual preference/orientation so eagerly on hacker news comments, then?
What do you think would happen to an LGBT person in, say, Saudi Arabia? The answer is, "capital punishment, fines, public whipping, beatings, vigilante attacks, vigilante executions, torture, chemical castrations, imprisonment up to life and deportation." Those seem like they're well into the category of "real human violations."
This is also not a hypothetical situation -- something quite similar happened in Egypt a few years ago [1]. And that was using good old fashioned entrapment. The damage could have been far more significant with large-scale data analysis.
While I can't speak for OP: they likely feel comfortable posting about their gender/sexuality on here because they live in a place where that won't happen. And while HN is often less than progressive on LGBT issues, users here generally aren't calling for public executions. But not everyone lives in the US or Western Europe, and these people live under a genuine threat of death.
If I decide to tell you, or everyone who reads HN comments, that I'm gay, then that's up to me. I can choose whether and how to disclose, or not to disclose, depending on my evaluation of risk, which will be fairly accurate because I have a lifetime of experience in making such risk assessments and seeing how they play out. (In this case I'm not too worried, because I've been out for a long time, so if it gets broadly fashionable again to discriminate against us queers then I already have the same problems in either case.)
If I use a dating app that promises it will maintain its data about my orientation as confidential, and that app turns out to have been lying all along, then I'm forced to run the risk no matter whether I would have chosen to do so. Because I can't know who is accessing that data or what they're doing with it, I don't even have a way to know how much risk I've been forced to take on. And because I have no way to remove my information from the dataset, I don't have any control over how long that risk continues to be present; I have to assume it's forever, or at least as long as a copy still exists.
It's a good example in microcosm of all the issues around handling sensitive data that this industry has had ever since anyone began trusting us with such data in the first place.
This is exactly it, and it's also why it's so frustrating when straight friends introduce you to others as "gay". It's like, hey that's my business to say so and not yours.
I agree with all that you and lostgame have posted, but I think it's irrelevant in modern times. There are so many ways to track us (that are probably being stored indefinitely) that your sexual orientation, private religious or political beliefs, or anything else that can be gleaned from your movements and associations will be available for any future administration that decides a certain class of people should be rounded up.
The Holocaust, through computerized processing of census data (via IBM), found "Jews" who didn't even know that their maternal grandmothers were Jewish. Comparing those primitive records and tech to today is like comparing Hiroshima to the nukes of today. If some US administration 20 years from now decided that they wanted to round up all of the communists, homosexuals, and Jews with a 90% certainty, even assuming technology hasn't advanced an inch in the interim, they could get the list within days. I think it would be easy even if we turned off the data spigots today and 20 years from now they only had access to data collected between the dawn of web 2.0 and now.
I've never been all that favorably inclined to the counsel of despair.
That goes double when we're discussing an issue that goes to the heart of how we as an industry conduct ourselves - to what standard we hold
ourselves and one another.
Granted, right now no such standard exists. I don't think that will always be true; if we don't regulate our own behavior then someone will certainly do so for us. I think it'd be a good idea if we had a say in how it happens, and when we have people apparently arguing that no one should expect anyone to hold us to any standard, it's very hard for me even to imagine an argument in support of the idea that we deserve one.
I'd also like to think that, by being in this industry, we're not all in the position of an RJR or Philip Morris employee trying to believe we aren't really peddling addiction and cancer. Whether that sort of thing bothers anyone else, it's not up to me to decide, though I think it should. It does bother me.
>> Why openly disclose your sexual preference/orientation so eagerly on hacker news comments, then?
Really? I shouldn't have to explain this, but that it's my choice makes all the difference?
Furthermore, if you'd read my comment - it said that I myself am not concerned with disclosing my orientation/gender online - but I am deathly concerned for my fellow queer folk for whom that is not the case.
If I say stealing a car is "criminal to the utmost degree" would you say "I'm sorry, but categorizing theft of property as criminal really dilutes the severity of real criminal violations that have actually happened"?
I ask this because "human rights" is a wide and varied collection of thoughts and ideas ranging from the right to not be sexually assaulted to the right to not have businesses you interact with sell data about your sexual behaviors.
My point is, the whole conversation is subjective. You're both wrong in the eyes of some people and completely reasonable and correct in the eyes of others. Just some helpful framing you might want to use before "whatabouting" when people's lives may literally be on the line for this information being disseminated in their home countries.
From the safety of my home in an exceedingly liberal state in the US, working for an employer with a decent track record for inclusivity, I would be Big Mad if my grindr data was sold. From Chechnya, I would be terrified for my safety, physically as well as at a job, in the same situation.
TL;dr- When people stop being hate-crimed or state-santioned-murdered for being gay, the community will stop "overreacting" to people outing us against our wishes.
> If I say stealing a car is "criminal to the utmost degree" would you say "I'm sorry, but categorizing theft of property as criminal really dilutes the severity of real criminal violations that have actually happened"?
And I'm pretty sure that if we follow the argument to absurdity, all of us should only be talking about a single incident at a time. The worst one, that renders the rest not only irrelevant but disrespectful and insulting to the real victim.
A number of these proximity apps you can locate a target by basic triangulation:
(1) Draw a circle of distance-radius around your location. (2) Go north that distance and repeat the process. (3) Return to origin, go east and repeat. If you are lucky, the three circles intersect at your target location. (4) If there is abuity (two answers) or imprecision, perform a south and west measurement too.
And if you don't like getting off your ass, just spoof your GPS location.
Some dude did exactly this with tinder and got precise location. Iirc they mitigated by using grids after that, and precision is only accurate to a specific tile. However, a fixed tile size will anonymize you only as much as population density allows. If you're in a rural area, you'll likely be pinpointed.
Somewhat relevant that Grinder was purchased in 2018 by PRC company and forced to sell via CFIUS because data could be used to potentially blackmail military/gov officials. Which is both commentary on PRC aquisition strategies and US morality.
At least the last time I checked it out, which was the day before I interviewed there. Were I working there, and found this out, I would no longer be working there.
Any large company that doesn't explicitly say "we aren't selling your data" is definitely selling your data. You can't really trust what they say, but you can trust what they don't say.
How is this worse? I'd much rather companies do this instead of selling the actual data. In fact, I don't think this is much of a privacy issue at all.
The irony is what you wrote is categorically false. Selling user personal data to a third party, which users have no idea how that data will be used, is not better than companies showing users targeted ads. Not everything on earth has to be a hot take.
> Selling user personal data to a third party, which users have no idea how that data will be used, is not better than companies showing users targeted ads.
This isn't what was said. What was being said is that the people who claim that they don't sell your data have such complex ways of still selling your data while being literally truthful that there's no way to confidently evaluate risks no matter what they say.
edit: I mean, do you know for certain that a determined attacker can't bulk unmask Google or Facebook users through skillful monitoring of ad auctions and specific ad placements?
If I purchase your location data I can use that to hire a hitman and whack you at home. If I purchase an ad for everybody that lives in NYC they get to see an ad.
---
Regarding if somebody can accumulate ads to derive user data. I mean anything is technically possible but an ad provider doesn't want user data to leak because it lowers the value proposition of their ad exchange
> Regarding if somebody can accumulate ads to derive user data. I mean anything is technically possible but an ad provider doesn't want user data to leak because it lowers the value proposition of their ad exchange
Is that true? Being able to deanonymize targeted individuals or small groups doesn't really cut into a platform business, it's only a concern if you can do it at scale to meaningfully reconstruct their dataset. Sure, they'll work prevent the latter, but does it justify the costs of ensuring the former can't be done? Better targeting sells ads, privacy/security is a cost center.
I'm also not sure how you're going to develop a process to deanonymize an individual that can't just be generalized to create large groups. Like just buy a dataset on people in the US and then run your process using all of them and you can make a large group then.
There doesn't seem to be much information out there though but there are efforts to prevent the site from learning what ad is being displayed and the ad buyer from learning where and who is watching. I think most of this is just done via the iframe that an ad is displayed within.
I would say the ad exchanges could just double dip and serve ads and sell user data if it wasn't an issue but FB did that and ended up with a big hassle from it. So it may be a marketing advantage for Google & Apple to be able to claim they don't sell user data.
Just read anything from a privacy policy in a Nixon-intonation "I am not a crook!" style and you'll get what you need from it. A touch of Futurama-Nixon jowl-flapping adds much to the imagined statements.
They're all written in the, "Well, technically, our lawyers claim we're not lying..." style. But they're sure not end-user friendly, which is the exact point.
And any time they claim they're not doing something explicitly, look for ways they might have navigated around it carefully. Roku's "you agree to let us do anything we want" policy, for instance, includes a dutiful agreement to not do anything prohibited by the laws of the country your data is stored in. Of course, they then later state that they can move your data to any country they want.
