Cooler but still well above normal this week

MPR News helps you turn down the noise and build shared understanding. Turn up your support for this public resource and keep trusted journalism accessible to all. 

Turn Up Your Support

The same-sex dating app Grindr says it will stop sharing its users' HIV status with other companies, after it was discovered the app was allowing third parties to access encrypted forms of the sensitive data.


Grindr acknowledged that information on users' HIV status, including the date they were last tested for the virus, was provided to two companies, 

 that were paid to monitor and analyze how the app was being used.
Grindr says its users had the option not to supply the sensitive information. When they did choose to, Grindr shared the data in encrypted form as part of "standard industry practice for rolling out and debugging software," the company said.


News that the app was sharing the data first appeared in 

BuzzFeed wrote: "Because the HIV information is sent together with users' GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the issue."

, Grindr said: "It's important to remember that Grindr is a public forum. We give users the option to post information about themselves including HIV status and last test date, and we make it clear in our 

 that if you choose to include this information in your profile, the information will also become public."


Grindr also said that the information provided to vendors was encrypted, and that the company "has never, nor will we ever sell personally identifiable user information — especially information regarding HIV status or last test date — to third parties or advertisers."

 that the company has changed its policy and will no longer provide that information to vendors.


Grindr confirmed the change to NPR in an emailed statement on Tuesday, writing, "As the testing of our feature has completed, any information related to HIV status has been removed from Apptimized and we are in the process of discussing removal of this data from Localytics."

 spoke to Alec Nygard, a user of the app, who said it allows the option of posting "negative," "negative, on 

," "positive," or "positive, undetectable."


"I actually find this very disturbing and possibly sinister," San Francisco Supervisor Jeff Sheehy was quoted by the TV station as saying.


The sharing of what many Grindr users view as private information follows a controversy over U.K.-based firm 

's use of information from tens of millions of Facebook profiles to micro-target political campaign messages.


Grindr, in the statement emailed to NPR, emphasized that there's a difference between "a company like Grindr sharing encrypted data with a software vendor to debug its app, and having it harvested from an outside third party like Cambridge Analytica."

 against CVS Health that alleges the pharmacy chain revealed the HIV status of thousands of people in Ohio.
Last August, CVS reportedly sent a letter to 6,000 participants in 

 about getting HIV treatment prescriptions through a program offered by the pharmacy chain. The 

 says only 4,000 people received that letter.


"Last year, as part of a CVS Caremark benefits mailing to members of an Ohio client, a reference code for an assistance program was visible within the envelope window," CVS said in a statement. "This reference code was intended to refer to the name of the program and not to the recipient's health status. As soon as we learned of this incident, we immediately took steps to eliminate the reference code to the plan name in any future mailings."


As Healthcare Finance News notes, the CVS suit "happened just after [insurance company] Aetna suffered a similar breach when it mailed to about 12,000 customers in 23 states information on HIV medications. The names and address of the recipients and some of the letter's contents were visible through the clear envelope window."  Copyright 2019 NPR. To see more, visit https://www.npr.org.

Science

Health

The same-sex dating app now says it will stop sharing the information after acknowledging two companies it hired to analyze usage had access to encrypted forms of the data.

Grindr admits it shared HIV status of users

Go Deeper.

Like this?

News you can use in your inbox