The decision to increase privacy protection for all its users comes in direct response to recent allegations that a bug in the app’s system allows tech-savvy users to pinpoint the exact location of users nearby.
The security loophole had been exposed as early as June, when users around the world started noticing messages from anonymous “bot” users informing them of their compromised privacy. Though Grindr doesn’t specifically mention the allegations, the company acknowledges a problem in a statement released to America Blog:
“In light of recent security allegations surrounding a user’s specific location, Grindr has made modifications to no longer show distance information for users. Grindr will continue to make ongoing changes to keep all users secure, as necessary.”
For the average user, turning on the app’s “distance” option wasn’t a major privacy concern. Although it calculated the estimated distance between users, the distance wasn’t guaranteed to be exact and did not indicate which direction users were in relation to each other.
The option to disclose specific distance appealed to many users who used the app to find others in specific areas. As a user in New York City, I personally found that displaying specific distance often inadvertently exposed what neighborhood other guys were in.
But the distance option has become increasingly dangerous for users in countries where being gay may be illegal or a prompt for violence. AB notes that the “European user” who discovered the security flaw also found that the distance option didn’t even need to be turned on for him to find the exact location of other users by manipulating Grindr’s servers.
Editor John Aravosis explains:
The European Grindr user was able to spoof his location to Grindr’s servers, and by doing so three times in three different virtual locations, he was able to triangulate the near-exact location of every Grindr customer who was online at that moment.
In response to the disclosure of the location of 600,000 users, Grindr has turned off its “distance” function. Grindr initially released a statement claiming that the security breach was not a glitch, but rather a feature that Grindr stood behind: “We do not view this as a security flaw.”
But as the exact location of more gay men were exposed, including one at the Republican National Committee headquarters in Washington, DC, a second at the British House of Commons, and a third inside the Russian Kremlin, Grindr finally relented.
You can check out some incriminating maps over at AB, which the anonymous European privacy advocate submitted to show the exact location where some gay men are using Grindr in Russia, and even one lone gay inside the Republican National Committee headquarters in D.C.
Grindr hadn’t mentioned when the new changes will take effect, but at time of posting, my account still displays distance. An update for the app that was released yesterday morning doesn’t indicate any update or patch to the security loophole:
The major security breach is only the most recent complaint brought against the app by disgruntled users.
Previously, at least two lawsuits involving sexual misconduct with minors have dirtied Grindr’s hands — security aside, some users believe the app doesn’t do a good enough job at vetting its users and making sure all are of age to use it.
This year alone, we’ve reported two cases in which Grindr users were murdered (and one attempted murder) after meeting men on the app. Obviously Grindr is not directly responsible for the actions and intent of its users once they meet, but Grindr’s complaint history clearly shows that privacy and protection should be their primary concern moving forward.
Do you feel safe using Grindr?