Grindr

Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno

Aplikacje randkowe Walentynki

Grindr

Grindr LLC
Wi-Fi

Data recenzji: 15 marca 2024

|
Mozilla badała przez 10 godzin
|

Według Mozilli:

|
Według użytkowników: Ogromnie przerażające

Launched in 2009, Grindr says it's the largest social networking app for gay, bisexual, trans, and queer people. Though their marketing focuses mostly on men -- at least that's what we gathered when we visited their website and found it full of guys in their undies -- all genders can join. The app matches people based on location using the location tracking features on your phone. Grindr is free to sign up. Paying users can eliminate those third-party ads, unlock extra match filters, get read receipts, and even go incognito. Historically, Gindr has had a pretty awful track record on privacy, including coming under fire for its data breaches and sharing user data to advertisers without user consent. But how does their privacy hold up in 2024? Yup, we have to say they're still pretty awful. Spoiler alert: we warn that *Privacy Not Included comes with Grindr.

Co się może stać, jeśli coś pójdzie nie tak?

Holy privacy documents, Grindr! We haven't seen so many since we reviewed Toyota. And in case you're thinking "Hotdog! That must be a good sign for Grindr's privacy and security," we're sorry to say, it is not. It's privacy and security dings across the board for this app targeted at gay men. Grindr says they can share and even sell your personal information. They don't guarantee all users the same right to delete all the personal information they collect on you. They claim they require a strong password but we found we could log into the app with '11111111 as a password on Android phones). They are very icky about pushing users to agree to lots of data collection, sharing, and selling at sign-up. And Grindr has a pretty terrible track record at protecting and respecting their users' privacy. Uhg, Grindr, why must you be so bad?

Grindr's privacy policy says that aside from your email or phone number and your birthday, no other information is required to use Grindr. Then it goes ot to say that not providing some information "may impact the functionality of certain Grindr Services". Uhm...OK. In another privacy document they say, "Do not include information in your Grindr Profile that you want to keep private". Great advice! That seems really important for Grindr users to know since you're invited to share a lot of sensitive personal information in your Grindr profile. Things like your HIV status, weight, ethnicity, vaccination status, photos, videos, and your location, of course. Your location is a tricky one because that's what helps you find people near you to hook up with, which seems like a big part of Grindr's thing. But sharing that location information is also risky they say.That's because, as Grindr's privacy policy says, "even if you choose to hide your Distance Information, others may nevertheless be able to determine your Location". Yikes! That's not good. The only way to keep your precise location private is to turn off location services on your device or browser. But doing that means you won't be able to see nearby users. So, you don't technically have to share a lot of information with Grindr (and their privacy documents seem to suggest you probably shouldn't?) but if you don't, you probably won't be able to use the app like you want to. So if you share the information you're asked to, know that Grindr makes no promises about keeping it private. Dang...dating sure it hard.

Like most dating apps, Grindr uses a combination of automation and humans to spot messages or profiles that break the rules. That means your DMs aren't what we would call private. Grindr's help page does say that "team access to user chat messages and images is restricted" but then go on to add that it can still be looked at when there's "a specific need, such as chat messages being evidence of harassment or abuse."

And now we have to worry about Grindr entering the world of AI -- something we here at *Privacy Not Included see as a bit of a privacy nightmare. The media outlet Platformer reported on how Grindr is thinking about diving into the AI world, and it doesn't leave us feeling great. According to the report, Grindr's CEO said, "Number one, on the generative side, our users produce incredible amount[s] of content. We had 111 billion chats sent last year in the product. We have 5.5 million daily active users. So that's 600 messages per person per day … We can help them write those messages to save time and we can understand who they are better through all those messages.” Yes, Grindr seems to be eager to use all those sexy, kinky NSFW (and SFW too) DMs of yours to understand all their users better -- and, based on that article, probably to train their AI too.

Now, the question is how -- or if -- they get users' consent to do this. It's one thing if they very explicitly ask for it, don't force users to opt-out, rather clearly ask them to opt-in, and allow users to delete their content at any time. Call us septical Grindr will do this well. They don't exactly have the best track record of user privacy after all. And while that article linked above says, "Grindr is currently revising its terms of service to ask people explicitly if the company can train its AI models on their personal data, which could include direct messages," well, that revision doesn't exist yet, so we can't evaluate it. And we're guessing most Grindr users don't read those Terms of Service or privacy policies, so they might miss a notice or get opted-in if they don't pay close attention. Indeed, when we dug through Grindr's vast privacy documentation, we found this paragraph that might be hinting at their move to use users' DMs for business purposes like training their AI's, "Grindr is transitioning to the storage of chat messages on its servers to support the use of the Grindr Services including enhanced safety features and an improved user experience across multiple platforms and devices, which will result in a longer retention in compliance with our data retention policy." So, it seems your Grindr DMs aren't just stored locally, they are stored on Grindr's servers where you just have to trust them to secure them, protect and respect them, and not use them to train their AI models or "understand you better" without your explicit consent. Here's hoping Grindr does their users right with their impending generative AI data collection. We don't have a lot of confidence in them though, unfortunately.

Aside from what you share, Grindr collects some personal data automatically -- from your device and from third parties. Things like what you do on Grindr and information about your phone. Oh, and if you link social media to your Grindr profile, the apps can exchange some information about you, giving both access to more information. That's why we suggest not linking social media and dating apps.

Phew! As that old saying goes, with mountains of data about your sex life comes a mountain-sized responsibility to keep it safe. Sadly Grindr has not lived up to that, at all. They say they can use your personal information to show you ads. Worse, they can share or sell your personal information (like your IP address and online identifiers) with ad or marketing partners. They may also share your information with law enforcement or regulators when they request it, but say they'll "carefully validate these requests" before they do. We like to see stronger and more specific language around sharing users' personal information. We'll also point out that personal information (including sexual orientation and HIV status) can be used for "internal research for technological development".

Oh, and we've one more bone to pick with Grindr. We just outlined how their privacy documents clearly say they can share and even sell your personal information witch third parties. However, on their Data Safety page for the Grindr app in the Google Play Store, they state that they don't share data with third parties. This self-reported information from Grindr obviously not true, which is annoying. What's even more annoying is Google's Play Store Data Safety page rules allow this to happen. (Sidenote: We did some research into the Google Play Store Data Safety pages and found a whole host of problems. We talk more about those here.)

None of this is good, but our biggest concerns with Grindr aren't what they say they'll do with your data, but where that data ends up on their watch. Back in 2020, the app was called out for what a Norwegian consumer group called “out of control” data sharing with advertisers and third parties. Their research showed that besides IP address (information Grindr still says they can share) the app shared GPS location, gender, and user's age with third parties. The Norwegian Data Protection Authority's (NDPA) fined Grindr over $6M for breaking the law (GDPR). In November 2023, the Norwegian Privacy Appeals Board denied Grindr's appeal to the fine, agreeing with the Norwegian Data Protection Authority's decision. And in 2022, The Wall Street Journal reported that location information from Grindr "was available for sale [in the United States] since at least 2017, and historical data may still be obtainable." Yikes.

Sadly, we don't have to wonder what the worst thing that could happen when one of the biggest LGBTQ dating apps in the world plays fast and loose with users' sensitive information. It's already happening. A Catholic group reportedly spent millions to buy app data from Grindr and other gay dating apps to use as a "tool" to out members of their clergy. Ouff, not good. Not good at all. Be careful out there people.

Wskazówki, jak się chronić

  • Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
  • Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
  • Do not share sensitive data through the app.
  • Do not give access to your photos and video or camera.
  • Do not log in using third-party accounts.
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
  • Do not give consent for sharing of personal data for marketing and advertising.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc.
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
  • Keep your app regularly updated.
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Czy może mnie podsłuchiwać? informacje

Aparat

Urządzenie: Nie dotyczy

Aplikacja: Tak

Mikrofon

Urządzenie: Nie dotyczy

Aplikacja: Tak

Śledzi położenie

Urządzenie: Nie dotyczy

Aplikacja: Tak

Czego można użyć do rejestracji?

Google, Facebook and Apple log-in available.

Jakie dane zbiera ta firma?

Jak ta firma wykorzystuje te dane?

We ding this product as it can 'sells/share' personal data, for targeted advertising purposes.

Privacy policy

"Grindr collects limited information from third-parties. For example, we may collect Personal Information from payment processors, app usage and website tracking information partners, authentication partners (e.g., Google and Facebook), machine learning partners, and our consent management platform provider."

"In general, we use your Personal Information to:
Provide you with the Services associated with your Grindr account.
Answer your inquiries and provide you with support.
Improve our Properties and support user safety within the Services (including machine learning and automated decision-making).
Protect our interests as a company.
Allow you to enjoy certain Service and Property features (including machine learning and automated decision making - click here for more information).
Allow third-party ad / marketing partners to use cookies and other technologies for the purposes of serving ads to free users of the Services.
Conduct surveys or obtain your voluntary feedback about our Properties.
Respond to legal requests from law enforcement agencies, regulators, and other third-parties to comply with "Legal Obligations" (as defined below)."

"In general, we share your Personal Information in the following ways:

The Grindr Community. The Grindr Services are intended to be a safe space where you can discover, navigate, and interact with others in the Grindr Community. As part of the Services, Grindr enables you to share your Profile Information, location, and other information with the Grindr Community.
Third-Party Partners. Grindr shares Personal Information with a number of third-party partners to bring you the Grindr Properties, such as Service Providers (e.g., Sift for fraud prevention and PartnerHero for customer support), Ad / Marketing Partners help facilitate advertising experiences (e.g., AppLovin), and Other Partners that support the Grindr Properties and with whom you may provide Personal Information to directly (e.g., Apple for chat back up and Stripe for payment processing). For the avoidance of doubt, Grindr only shares HIV status, Last Tested Date, and vaccination status with necessary Service Providers such as companies that host data on our behalf (i.e., Amazon Web Services) or help in processing data access requests you initiate ( i.e., PartnerHero) - we do not share this information with any advertising companies.
<...>
Legal Obligations. We may access, preserve and disclose Personal Information to investigate, prevent, or take action in connection with: (i) enforcement of the Grindr Terms and Conditions of Service; (ii) claims that any content or behavior violates our policies or the rights of third-parties; (iii) requests for customer service; (iv) technical issues; (v) protecting the rights, property or personal safety of Grindr, its users or the public; (vi) lawful legal requests including subpoenas, warrants, or court orders or in connection with any legal process; (vii) establishing or exercising our legal rights or defending against legal claims; (viii) tax and accounting purposes; or (ix) as otherwise required by law, collectively "Legal Obligations"

Personal Information We Collect And Data Retention

"Do not include information in your Grindr Profile that you want to keep private."

How We Share Personal Information

"We share only limited Personal Information with our Ad / Marketing Partners to facilitate ads on Grindr, including your device identifiers (e.g., Identifier For Vendor ("IDFV") and Android ID), device advertising identifiers (e.g., Identifier for Advertiser ("IDFA") and Google Ad ID ("GAID")), and additional Hardware and Software Information (e.g., IP address). These third-parties may also collect information directly from you as described in this Privacy and Cookie Policy through tracking technologies such as cookies or SDKs. Our Ad / Marketing Partners are aware that such data is being transmitted from Grindr. The privacy policies of the third-party companies apply to their collection, use and disclosure of your Personal Information."

Third-Parties

"Ad / Marketing Partners

Our Ad / Marketing Partners help facilitate the advertising experience within Grindr’s Services which may include everything from ad selection (including interest-based advertising), brand safety, impression and click measurement, frequency capping, conversion and other forms of reporting, to fraud detection and defense. Such partners include:

AppLovin
Digital Turbine
Google AdMob
Ironsource
Pubmatic
Unity
Verve Group
Vungle

We may also promote programs and events with marketing partners to offer discounts, contests and sweepstakes, early access, or other information or incentives to our users. If you decide to enter a contest, sweepstake, or promotion that is sponsored by a marketing partner, the information that you provide will be shared with us and with them. Their use of your information is not governed by this Policy."

"Grindr is transitioning to the storage of chat messages on its servers to support the use of the Grindr Services including enhanced safety features and an improved user experience across multiple platforms and devices, which will result in a longer retention in compliance with our data retention policy. However, chat messages, including images and recordings, may still be retained locally on user devices and may still be retained on the recipient's device even after the information is no longer available on Grindr's servers."

Your U.S. State Privacy Rights

Grindr "sold/shared" in the preceding 12 months for business purposes the following personal data categories: "Identifiers and contact information, such as email, phone number, online identifiers (e.g., IDFA, GAID, IDFV) and IP address"

Behavioral Advertising

"Before creating your Grindr account, you will be presented with a consent preference screen where you can control if your Personal Information can be used by our Ad / Marketing Partners."

"You will be presented with a consent preference screen where you can control if your Personal Information can be used by Grindr to perform advertising campaigns for the Grindr Services on third-party platforms (e.g., Meta, Snap, etc.). See "Behavioral Advertising Within The Grindr Services" section for further details on the CMP and opting out of behavioral targeting at the device level."

Machine learning, profiling and automated decision-making at Grindr

"Note that we do not share information about your HIV status or last tested date with machine learning partners, nor do we process all of the information in your Grindr profile (e.g., ethnicity) for personalization purposes."

Data Trackers Found
We discovered 1024 trackers within 2 minutes of use, including sending data to Amplitude, Siftscience, Crashlytics, Google, etc.

Jak możesz kontrolować swoje dane?

We cannot confirm if all users, regardless of location, can get their data deleted or can opt out from the 'sale' of personal information. Also, Grindr applies the consent withdrawal to the future processing only, and not to the data which has been collected already.

Privacy policy

"You may choose to hide your Distance Information; however, the Grindr Services will continue to sort and display your profile based on your relative distance from other users. Accordingly, even if you choose to hide your Distance Information, others may nevertheless be able to determine your Location."

"We retain your Personal Information for no longer than is necessary to fulfill the purposes for which the information was collected or as otherwise permitted or pursuant to Legal Obligations or pursuant to the Grindr Terms and Conditions of Service and/or the Grindr Community Guidelines. We also retain a device identifier (i.e., IDFV and Android ID) and limited log information for up to a period of two years following account deletion to support internal reporting, metrics and statistics. Personal Information may be retained for longer periods of time if required for legal or security purposes. For example, Grindr may retain some account information, a device identifier (i.e., IDFV and Android ID), and limited log information for accounts that have been banned or that violate the Grindr Terms and Conditions of Service and/or Grindr Community Guidelines. In some circumstances, Grindr may also retain chat messages used for reporting violative behavior resulting in an account's ban."

"Where your jurisdiction's law allows, you can make the following choices and exercise your rights regarding your Personal Information held by Grindr:

Access & Portability. <...>
Delete Account and Related Information. You may delete your account and related Profile Information at any time. After deletion, your Personal Information will be deleted from Grindr's systems in accordance with this Policy. There are circumstances where some or all of your information may be retained after your request (such as for Legal Obligations, moderation review, dispute resolution, and other matters in accordance with this Policy). <...>
<...>
Behavioral Advertising On Websites, Third-Party Platforms, and the Grindr Services. You can opt-out of the sharing of your Personal Information (or the "sale" of your Personal Information as the practice may be referred to in some jurisdictions) with our Ad / Marketing Partners for behavioral advertising purposes. Please note that opting-out of behavioral advertising does not mean that you will not receive advertising while using the free version of Grindr Services. It will, however, exclude you from interest-based advertising as provided by the applicable choice mechanisms. [LEARN MORE] For more information on how to opt out of behavioral advertising on the various Grindr Properties, click here.
Promotional Emails. <...>
Third-Party Tracking. You may opt-out of Google Analytics' collection and use of your Personal Information on the Grindr Site by following the instructions here to download an opt-out browser add-on.
<...>
Withdraw Consent. You may withdraw consent that you have previously given us at any time. Revocation of your consent will only apply to future processing activities and will not apply retroactively. <...>"

Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?

Zła

In November 2023, Norwegian Privacy Appeals Board upheld its NOK 65 million ($6.12 million) fine over the app sharing user data with third parties. The decision to slap Grindr with a multi-million-dollar fine ended a three-year dispute between Grindr and the Norwegian Consumer Council (NCC). In 2020, the Council complained that Grindr collected and shared personal user data with thousands of companies that provide targeted advertising services.

In March 2023, it was revealed that a Catholic blog spent millions buying app data that tracked gay priests from gay-focused apps Grindr, Scruff, Growlr and Jack’d. In 2021, Grindr app data was then used to out at least one priest.

Grindr's user locations were collected and sold since at least 2017, according to WSJ investigation from 2022.

In 2018, it was revealed by BuzzFeed News Grindr allowed other companies access to user HIV status and location data.

Informacje o prywatności dziecka

"The Grindr Properties are intended only for users who are legal adults, generally eighteen (18) years of age and older. If you are aware that a child or minor has submitted Personal Information on the Grindr Properties, please contact us by either using the in-app reporting tool (click here for more information) or by submitting a request outside of your Grindr account by clicking here, so that we can take appropriate action."

Czy ten produkt może być używany bez połączenia z siecią?

Nie

Przyjazne dla użytkownika informacje o prywatności?

Nie

Relatively accessible though a lot of different tabs to read through all the different infos (see different tabs in Grinder's Privacy Policy). While the amount of info is meant to infom the user, it can be quite daunting to read, understand and retain all the info, especially determining which is the most crucial to know. Plus, subjetive evaluation but Grindr strikes me as quite aggressive in its lanaguge - their Privacy texts are incredibly long and intense, as though they will scare you and confuse you

Odnośniki do informacji o prywatności

Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa? informacje

Nie

Szyfrowanie

Tak

Grindr shared with us that they "use industry best standards for both encryption at rest and in transit. Examples are TLS 1.3 and AES-256 for in transit and at rest respectively."

Silne hasło

Nie

Grindr told us in an email they required a strong password, however we were able to log in to the app with '11111111' as a password on our Android phones.

Aktualizacje zabezpieczeń

Tak

Zajmuje się problemami z bezpieczeństwem

Tak

Grindr runs a bug bounty program.

Zasady ochrony prywatności

Tak

Czy produkt wykorzystuje sztuczną inteligencję? informacje

Tak

"To personalize your experience on Grindr.

We use some of the personal information that you provide us (such as portions of your Grindr profile) along with personal information we collect from your use of the service (e.g., when you start a chat with another user or when you login to Grindr) to power machine learning algorithms based on your interests, preferences, and behavior derived or inferred from your use of the Grindr App. Leveraging this information allows Grindr to potentially utilize automated decision-making to make your Grindr experience more personalized such as developing the ability to recommend other profiles to you.

Note that we do not share information about your HIV status or last tested date with machine learning partners, nor do we process all of the information in your Grindr profile (e.g., ethnicity) for personalization purposes.

To safeguard the Grindr platform.

We use automated decision-making and profiling to help protect Grindr from bad actors. For example, we may use machine learning to proactively flag profiles demonstrating the potential for engaging in behavior that is violative of our Community Guidelines and/or Terms of Service. This ultimately assists our efforts to prevent and respond to illegal, malicious, and unauthorized activity.
In addition, machine learning algorithms are used to enhance our manual moderation system to:

Continually scan profiles to prevent, block and/or remediate fraudulent activity
Review and automatically approve profile photos that adhere to our guidelines
Review profile text, media (uploaded and shared via chat), and messages for violative content

The processing activities described above may lead to banning profiles who engage in illegal or unauthorized activities. In addition, we have a robust, human-moderated appeal system in place which ensures the right of everyone on Grindr to have a human review of any automated decision related to safeguarding the platform."

"We use automated decision-making as a part of our platform moderation efforts (e.g., removing spammers and general platform safety) including to assist in our efforts to prevent and respond to illegal, malicious, and unauthorized activity. Grindr's moderation team has access to all information you share within the Services. This may result in the removal of content that you post or share."

Czy tej sztucznej inteligencji nie można ufać?

Nie

Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?

Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?

Tak

"Grindr provides Help Center articles: https://help.grindr.com/hc/en-us/articles/1500009296922-How-Grindr-moderates-conten t-and-profiles- and https://help.grindr.com/hc/en-us/articles/7169085929491-Machine-learning-profiling-and -automated-decision-making-at-Grindr"

Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?

Tak

"If you are notified that your account has been banned and you believe this is an error, click here for more information on ban reasons and fill out a ban appeal form."
*Prywatność do nabycia osobno

Dowiedz się więcej

  • Grindr is fined $11.7 million under European privacy law.
    NY Times Odnośnik otwiera się w nowej karcie
  • Norwegian DPA: Intention to issue € 10 million fine to Grindr LLC
    European Data Protection Board en Odnośnik otwiera się w nowej karcie
  • Study says Grindr, OkCupid, and Tinder breach GDPR
    ZDNet Odnośnik otwiera się w nowej karcie
  • Study: Tinder, Grindr And Other Apps Share Sensitive Personal Data With Advertisers
    NPR Odnośnik otwiera się w nowej karcie
  • Grindr Admits It Shared HIV Status Of Users
    NPR Odnośnik otwiera się w nowej karcie
  • Swiped: How dating apps harm marginalized communities
    MIT Media Lab Odnośnik otwiera się w nowej karcie
  • A security flaw in Grindr let anyone easily hijack user accounts
    TechCrunch Odnośnik otwiera się w nowej karcie
  • Twitter suspends Grindr from ad network after alleged privacy violations
    CBS News Odnośnik otwiera się w nowej karcie
  • How Grindr became a national security issue
    The Verge Odnośnik otwiera się w nowej karcie
  • Is it a threat to US security that China owns Grindr, a gay dating app?
    Brookings Odnośnik otwiera się w nowej karcie
  • Grindr pulls feature that lets users sort by race. It says it's supporting Black Lives Matter
    CNN Odnośnik otwiera się w nowej karcie
  • Grindr features failing to protect users from sexual predators, harassment
    ABC Odnośnik otwiera się w nowej karcie
  • How to protect yourself from dating app data breaches
    ProtonVPN Odnośnik otwiera się w nowej karcie
  • Ads on Grindr: Setting the Record Str8
    Grindr Odnośnik otwiera się w nowej karcie
  • Grindr sold users’ location data for years, may have outed Catholic priest: report
    New York Post Odnośnik otwiera się w nowej karcie
  • Grindr’s record $6 million data-sharing fine upheld
    Cybernews Odnośnik otwiera się w nowej karcie
  • Catholic group spent millions on app data that tracked gay priests
    The Washington Post Odnośnik otwiera się w nowej karcie
  • Inside Grindr's plan to squeeze its users
    Platformer Odnośnik otwiera się w nowej karcie
  • An Update on our Progress Building AI Features for Grindr Users
    Grindr Odnośnik otwiera się w nowej karcie
  • This Shadowy Catholic Group Says It Buys Grindr Data to Trace Gay Priests
    Gizmodo Odnośnik otwiera się w nowej karcie
  • Grindr sold users’ location data for years, may have outed Catholic priest: report
    New York Post Odnośnik otwiera się w nowej karcie
  • Grindr’s HIV data problem began when it asked users to disclose their status
    The Conversation Odnośnik otwiera się w nowej karcie

Komentarze

Masz uwagi? Podziel się nimi z nami.