Hacker News new | past | comments | ask | show | jobs | submit login

Grindr has the worst privacy protections of any social media app out there. For many years they were sending the private HIV status & sexual orientation information for millions of people to third party analytics in plain text – i.e. every router on the internet could read your HIV status.

These B-tier social networks deserve a lot more attention & scrutiny from security researchers.




I found a similar vulnerability in a very similar gay dating app…they were sending ALL information about every profile near you in plaintext including email address, current location (extremely precise, like able to know which room of your house you’re in), etc. I emailed the CEO explaining what I found and how to easily fix it…took about 9 months and a couple follow up emails from me before it was finally patched.


I've identified obvious bot networks, and the spawning of new bot networks on Grindr, and received absolutely zero responses back from the company.


>> For many years they were sending the private HIV status & sexual orientation information for millions of people to third party analytics in plain text

Are. You. Fucking. Kidding me?

Grindr must’ve been started by the gay community, yeah? Why the hell are we doing this to ourselves?!


I got really pissed both times Facebook leaked my phone and email. Imagine being HIV positive and having that leaked. God, I can't even imagine. And I assume, as usual, that there is no decent victim compensation or punishment for the perpetrators. Heck, they surely get to keep all the dirty money too.

The silver lining here is finally an argument for privacy that has very little risk of being shut down as "hypothetical", which is always a dead end for most low-key privacy debates.


I do some commercial dance and when I started I began getting targeted ads for managing HIV, which would be enough to identity one of the small group of men I dance with as having HIV.


They haven't been owned by a gay person in years, AFAIK


The information in apps like Grindr is more sensitive than other apps (e.g. Tinder) but it's probable that most apps are selling, or have sold in the past, most user information that they can garner. What's the incentive to do it securely, or to provide proper anonymisation?


Did you do any research before posting this knee-jerk?


It got sold to a Chinese company afaik.


> Grindr must’ve been started by the gay community, yeah? Why the hell are we doing this to ourselves?!

That question is harder to answer if you adhere to identity politics and easy to answer if you apply https://en.wikipedia.org/wiki/Classical_Marxism


Well I mean the sexual orientation of a Grindr user isn't exactly a secret.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: