Homosexuality is illegal in more than 70 nations, and 13 of them implement the death penalty for homosexual acts, according to a 2016 report by the International Lesbian, Gay, Bisexual, Trans and Intersex Association (ILGA). Grindr has users in 234 countries and territories around the world. Location data for Grindr users is particularly sensitive. Two years after the location data was first revealed and addressed by Grindr, security researchers found they were still able to figure out users’ locations. Grindr did make some changes, allowing users to turn off its pinpoint location function and turning off the default location option in countries where gay people face violence and persecution.
Grindr’s security issues first came to light in 2014, when security researchers at cybersecurity firm Synack found that Grindr let any user see the profiles and locations of people anywhere in the world. This is not the first time that issues with Grindr’s security around location data has been reported. Two independent cybersecurity researchers, neither affiliated with Faden nor Grindr, backed up Faden's claim.įaden said that he did not share or collect any user data to which he was given access other than telling Grindr users that accessed his website who had blocked them on the app. “One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user's exact location," Faden explained. Faden found that he could find the location of users who had opted out if they connected their Grindr profiles through his third-party website. Grindr makes public the location of many of its users, but allows for users to opt out of this feature. Once they did so, Faden was able to gain access to a trove of user data that is not publicly available on user profiles, including unread messages, email addresses, deleted photos, and the location data of users, some of whom have opted to not share their locations publicly.įaden’s website exploited a similar security loophole to the one that leaked the information of 50 million Facebook users through a quiz connected to the social network, highlighting the risk that people face in using existing social media accounts to log in to other services. His website allowed users to see who blocked them on Grindr after they entered their Grindr username and password. The security flaw was identified by Trever Faden, CEO of the property management startup Atlas Lane, after he created a website called C*ckblocked (the asterisk is part of the name of the service).