Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno
Launched in 2009, Grindr says it's the largest social networking app for gay, bisexual, trans, and queer people. Though their marketing focuses mostly on men -- at least that's what we gathered when we visited their website and found it full of guys in their undies -- all genders can join. The app matches people based on location using the location tracking features on your phone. Grindr is free to sign up. Paying users can eliminate those third-party ads, unlock extra match filters, get read receipts, and even go incognito. Historically, Gindr has had a pretty awful track record on privacy, including coming under fire for its data breaches and sharing user data to advertisers without user consent. But how does their privacy hold up in 2024? Yup, we have to say they're still pretty awful. Spoiler alert: we warn that *Privacy Not Included comes with Grindr.
Co się może stać, jeśli coś pójdzie nie tak?
Holy privacy documents, Grindr! We haven't seen so many since we reviewed Toyota. And in case you're thinking "Hotdog! That must be a good sign for Grindr's privacy and security," we're sorry to say, it is not. It's privacy and security dings across the board for this app targeted at gay men. Grindr says they can share and even sell your personal information. They don't guarantee all users the same right to delete all the personal information they collect on you. They claim they require a strong password but we found we could log into the app with '11111111 as a password on Android phones). They are very icky about pushing users to agree to lots of data collection, sharing, and selling at sign-up. And Grindr has a pretty terrible track record at protecting and respecting their users' privacy. Uhg, Grindr, why must you be so bad?
Grindr's privacy policy says that aside from your email or phone number and your birthday, no other information is required to use Grindr. Then it goes ot to say that not providing some information "may impact the functionality of certain Grindr Services". Uhm...OK. In another privacy document they say, "Do not include information in your Grindr Profile that you want to keep private". Great advice! That seems really important for Grindr users to know since you're invited to share a lot of sensitive personal information in your Grindr profile. Things like your HIV status, weight, ethnicity, vaccination status, photos, videos, and your location, of course. Your location is a tricky one because that's what helps you find people near you to hook up with, which seems like a big part of Grindr's thing. But sharing that location information is also risky they say.That's because, as Grindr's privacy policy says, "even if you choose to hide your Distance Information, others may nevertheless be able to determine your Location". Yikes! That's not good. The only way to keep your precise location private is to turn off location services on your device or browser. But doing that means you won't be able to see nearby users. So, you don't technically have to share a lot of information with Grindr (and their privacy documents seem to suggest you probably shouldn't?) but if you don't, you probably won't be able to use the app like you want to. So if you share the information you're asked to, know that Grindr makes no promises about keeping it private. Dang...dating sure it hard.
Like most dating apps, Grindr uses a combination of automation and humans to spot messages or profiles that break the rules. That means your DMs aren't what we would call private. Grindr's help page does say that "team access to user chat messages and images is restricted" but then go on to add that it can still be looked at when there's "a specific need, such as chat messages being evidence of harassment or abuse."
And now we have to worry about Grindr entering the world of AI -- something we here at *Privacy Not Included see as a bit of a privacy nightmare. The media outlet Platformer reported on how Grindr is thinking about diving into the AI world, and it doesn't leave us feeling great. According to the report, Grindr's CEO said, "Number one, on the generative side, our users produce incredible amount[s] of content. We had 111 billion chats sent last year in the product. We have 5.5 million daily active users. So that's 600 messages per person per day … We can help them write those messages to save time and we can understand who they are better through all those messages.” Yes, Grindr seems to be eager to use all those sexy, kinky NSFW (and SFW too) DMs of yours to understand all their users better -- and, based on that article, probably to train their AI too.
Now, the question is how -- or if -- they get users' consent to do this. It's one thing if they very explicitly ask for it, don't force users to opt-out, rather clearly ask them to opt-in, and allow users to delete their content at any time. Call us skeptical Grindr will do this well. They don't exactly have the best track record of user privacy after all. And while that article linked above says, "Grindr is currently revising its terms of service to ask people explicitly if the company can train its AI models on their personal data, which could include direct messages," well, that revision doesn't exist yet, so we can't evaluate it. And we're guessing most Grindr users don't read those Terms of Service or privacy policies, so they might miss a notice or get opted-in if they don't pay close attention. Indeed, when we dug through Grindr's vast privacy documentation, we found this paragraph that might be hinting at their move to use users' DMs for business purposes like training their AI's, "Grindr is transitioning to the storage of chat messages on its servers to support the use of the Grindr Services including enhanced safety features and an improved user experience across multiple platforms and devices, which will result in a longer retention in compliance with our data retention policy." So, it seems your Grindr DMs aren't just stored locally, they are stored on Grindr's servers where you just have to trust them to secure them, protect and respect them, and not use them to train their AI models or "understand you better" without your explicit consent. Here's hoping Grindr does their users right with their impending generative AI data collection. We don't have a lot of confidence in them though, unfortunately.
Aside from what you share, Grindr collects some personal data automatically -- from your device and from third parties. Things like what you do on Grindr and information about your phone. Oh, and if you link social media to your Grindr profile, the apps can exchange some information about you, giving both access to more information. That's why we suggest not linking social media and dating apps.
Phew! As that old saying goes, with mountains of data about your sex life comes a mountain-sized responsibility to keep it safe. Sadly Grindr has not lived up to that, at all. They say they can use your personal information to show you ads. Worse, they can share or sell your personal information (like your IP address and online identifiers) with ad or marketing partners. They may also share your information with law enforcement or regulators when they request it, but say they'll "carefully validate these requests" before they do. We like to see stronger and more specific language around sharing users' personal information. We'll also point out that personal information (including sexual orientation and HIV status) can be used for "internal research for technological development".
Oh, and we've one more bone to pick with Grindr. We just outlined how their privacy documents clearly say they can share and even sell your personal information witch third parties. However, on their Data Safety page for the Grindr app in the Google Play Store, they state that they don't share data with third parties. This self-reported information from Grindr obviously not true, which is annoying. What's even more annoying is Google's Play Store Data Safety page rules allow this to happen. (Sidenote: We did some research into the Google Play Store Data Safety pages and found a whole host of problems. We talk more about those here.)
None of this is good, but our biggest concerns with Grindr aren't what they say they'll do with your data, but where that data ends up on their watch. Back in 2020, the app was called out for what a Norwegian consumer group called “out of control” data sharing with advertisers and third parties. Their research showed that besides IP address (information Grindr still says they can share) the app shared GPS location, gender, and user's age with third parties. The Norwegian Data Protection Authority's (NDPA) fined Grindr over $6M for breaking the law (GDPR). In November 2023, the Norwegian Privacy Appeals Board denied Grindr's appeal to the fine, agreeing with the Norwegian Data Protection Authority's decision. And in 2022, The Wall Street Journal reported that location information from Grindr "was available for sale [in the United States] since at least 2017, and historical data may still be obtainable." Yikes.
Sadly, we don't have to wonder what the worst thing that could happen when one of the biggest LGBTQ dating apps in the world plays fast and loose with users' sensitive information. It's already happening. A Catholic group reportedly spent millions to buy app data from Grindr and other gay dating apps to use as a "tool" to out members of their clergy. Ouff, not good. Not good at all. Be careful out there people.
Wskazówki, jak się chronić
- Visit the app's privacy preferences at the app and opt out from personalized advertising as well as all non-essential data collection.
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
- Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
- Do not share sensitive data through the app.
- Do not give access to your photos and video or camera.
- Do not log in using third-party accounts.
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
- Do not give consent for sharing of personal data for marketing and advertising.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc.
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- When starting a sign-up, do not agree to tracking of your data if possible.
Czy może mnie podsłuchiwać?
Aparat
Urządzenie: Nie dotyczy
Aplikacja: Tak
Mikrofon
Urządzenie: Nie dotyczy
Aplikacja: Tak
Śledzi położenie
Urządzenie: Nie dotyczy
Aplikacja: Tak
Czego można użyć do rejestracji?
Tak
Telefon
Tak
Konto firmy trzeciej
Tak
Google, Facebook and Apple log-in available.
Jakie dane zbiera ta firma?
Osobiste
"Email, phone number, date of birth; government-issued identification, postal address, signature; racial or ethnic origin; precise location; user activity, hardware and software information, cookies, and leverage other technologies such as web beacons, software development kits (SDKs), local storage, and log files; information from payment processors, app usage and website tracking information partners, authentication partners (e.g., Google and Facebook), machine learning partners, and our consent management platform provider. Optional: location, HIV status, vaccination status, photos and videos. "
Związane z ciałem
Photos and videos.
Społecznościowe
Jak ta firma wykorzystuje te dane?
Jak możesz kontrolować swoje dane?
Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?
In November 2023, Norwegian Privacy Appeals Board upheld its NOK 65 million ($6.12 million) fine over the app sharing user data with third parties. The decision to slap Grindr with a multi-million-dollar fine ended a three-year dispute between Grindr and the Norwegian Consumer Council (NCC). In 2020, the Council complained that Grindr collected and shared personal user data with thousands of companies that provide targeted advertising services.
In March 2023, it was revealed that a Catholic blog spent millions buying app data that tracked gay priests from gay-focused apps Grindr, Scruff, Growlr and Jack’d. In 2021, Grindr app data was then used to out at least one priest.
Grindr's user locations were collected and sold since at least 2017, according to WSJ investigation from 2022.
In 2018, it was revealed by BuzzFeed News Grindr allowed other companies access to user HIV status and location data.
Informacje o prywatności dziecka
Czy ten produkt może być używany bez połączenia z siecią?
Przyjazne dla użytkownika informacje o prywatności?
Relatively accessible though a lot of different tabs to read through all the different infos (see different tabs in Grinder's Privacy Policy). While the amount of info is meant to infom the user, it can be quite daunting to read, understand and retain all the info, especially determining which is the most crucial to know. Plus, subjetive evaluation but Grindr strikes me as quite aggressive in its lanaguge - their Privacy texts are incredibly long and intense, as though they will scare you and confuse you
Odnośniki do informacji o prywatności
- Privacy Policy
- Do Not Sell or Share My Personal Information
- Terms of Service
- Machine learning, profiling and automated decision-making at Grindr
- "How We Share Personal Information"
- "Behavioral Advertising"
- "Your U.S. State Privacy Rights"
- "Legal Bases for Processing"
- "Third-Parties"
- "Personal Information We Collect And Data Retention"
Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa?
Szyfrowanie
Grindr shared with us that they "use industry best standards for both encryption at rest and in transit. Examples are TLS 1.3 and AES-256 for in transit and at rest respectively."
Silne hasło
Grindr told us in an email they required a strong password, however we were able to log in to the app with '11111111' as a password on our Android phones.
Aktualizacje zabezpieczeń
Zajmuje się problemami z bezpieczeństwem
Grindr runs a bug bounty program.
Zasady ochrony prywatności
"To personalize your experience on Grindr.
We use some of the personal information that you provide us (such as portions of your Grindr profile) along with personal information we collect from your use of the service (e.g., when you start a chat with another user or when you login to Grindr) to power machine learning algorithms based on your interests, preferences, and behavior derived or inferred from your use of the Grindr App. Leveraging this information allows Grindr to potentially utilize automated decision-making to make your Grindr experience more personalized such as developing the ability to recommend other profiles to you.
Note that we do not share information about your HIV status or last tested date with machine learning partners, nor do we process all of the information in your Grindr profile (e.g., ethnicity) for personalization purposes.
To safeguard the Grindr platform.
We use automated decision-making and profiling to help protect Grindr from bad actors. For example, we may use machine learning to proactively flag profiles demonstrating the potential for engaging in behavior that is violative of our Community Guidelines and/or Terms of Service. This ultimately assists our efforts to prevent and respond to illegal, malicious, and unauthorized activity.
In addition, machine learning algorithms are used to enhance our manual moderation system to:
Continually scan profiles to prevent, block and/or remediate fraudulent activity
Review and automatically approve profile photos that adhere to our guidelines
Review profile text, media (uploaded and shared via chat), and messages for violative content
The processing activities described above may lead to banning profiles who engage in illegal or unauthorized activities. In addition, we have a robust, human-moderated appeal system in place which ensures the right of everyone on Grindr to have a human review of any automated decision related to safeguarding the platform."
"We use automated decision-making as a part of our platform moderation efforts (e.g., removing spammers and general platform safety) including to assist in our efforts to prevent and respond to illegal, malicious, and unauthorized activity. Grindr's moderation team has access to all information you share within the Services. This may result in the removal of content that you post or share."
Czy tej sztucznej inteligencji nie można ufać?
Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?
Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?
Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?
Dowiedz się więcej
-
Grindr is fined $11.7 million under European privacy law.NY Times
-
Norwegian DPA: Intention to issue € 10 million fine to Grindr LLCEuropean Data Protection Board en
-
Study says Grindr, OkCupid, and Tinder breach GDPRZDNet
-
Study: Tinder, Grindr And Other Apps Share Sensitive Personal Data With AdvertisersNPR
-
Grindr Admits It Shared HIV Status Of UsersNPR
-
Swiped: How dating apps harm marginalized communitiesMIT Media Lab
-
A security flaw in Grindr let anyone easily hijack user accountsTechCrunch
-
Twitter suspends Grindr from ad network after alleged privacy violationsCBS News
-
How Grindr became a national security issueThe Verge
-
Is it a threat to US security that China owns Grindr, a gay dating app?Brookings
-
Grindr pulls feature that lets users sort by race. It says it's supporting Black Lives MatterCNN
-
Grindr features failing to protect users from sexual predators, harassmentABC
-
How to protect yourself from dating app data breachesProtonVPN
-
Ads on Grindr: Setting the Record Str8Grindr
-
Grindr sold users’ location data for years, may have outed Catholic priest: reportNew York Post
-
Grindr’s record $6 million data-sharing fine upheldCybernews
-
Catholic group spent millions on app data that tracked gay priestsThe Washington Post
-
Inside Grindr's plan to squeeze its usersPlatformer
-
An Update on our Progress Building AI Features for Grindr UsersGrindr
-
This Shadowy Catholic Group Says It Buys Grindr Data to Trace Gay PriestsGizmodo
-
Grindr sold users’ location data for years, may have outed Catholic priest: reportNew York Post
-
Grindr’s HIV data problem began when it asked users to disclose their statusThe Conversation
Komentarze
Masz uwagi? Podziel się nimi z nami.