Grindr PSA

“Walk in the swamp.” “Replace the houseplants.” “Take a driving test.” “Go to the carwash.” “Rehome feral kittens.” “Take up tea-totalling.” “Ride in a Lamborghini.” “Install a Magic Keyboard.” Judging by the number of charming euphemisms for anonymous sexual encounters in my blogroll recently, it seems that the lot of you are done with pandemic isolation and revving up your libidos again. And since we are in the roaring 2020s, that means booting up your smartphones and hitting the apps.

Well, Old Stick-in-the-Mud Lurker is here to offer a note of caution about Grindr in particular. In my opinion this app has not had a good track record about caring about your privacy. Let’s ignore the fact that the company was owned by the Chinese for a few years before being sold to a mysterious group of “US” investors including a former executive of Baidu. That’s just geopolitics, and besides China has a commendable record of treating its minority populations with kindness and respect. Instead, let’s examine a few instances of how the company treated your data.

There was, of course, the infamous disclosures of HIV status to analytics companies (as documented by the security researchers). That feels unpleasant, but since we have drug cocktails now there is no more HIV stigma, so I guess this was no big deal. Also it is not surprising at all — pretty much every app on your phone makes use of a bunch of other surveillance companies and libraries, and it is exceedingly common to allow those apps to collect more data than you intend.

How about the incident with Norway, which got mad at Grindr for sharing potentially-identifying data with advertisers. Again, I guess this is no big deal, and probably Norway was just being a bully.

The incident that worries me the most happened last October, when noted computer security researcher Troy Hunt (oh behave! That’s his real name. This is not a “Lost Boys” post.) discovered that you could exploit the “forgot your password?” functionality of Grindr to log into someone else’s account.

Oh wait. Troy Hunt didn’t discover this bug. Another less famous security researcher named Wassime Bouimadaghene discovered the exploit, tried to tell Grindr about it, and was summarily ignored. It wasn’t until Hunt boosted the signal that Grindr bothered to respond.

Look. I’m not computer literate but even I know that bugs happen in computer programs. This was kind of a stupid bug to leave uncaught in your code (especially for a security-related function like password resets) but it does not surprise me that such a bad bug got through.

Having said that, this bug is really serious. You did not need a virus or a phishing email to exploit this. You just needed someone’s email address (is your email address floating around the Internet somewhere?). The unforgivable sin here is that Bouimadaghene reported a serious problem and Grindr ignored it. It does not matter than Bougimadaghene was not famous. It would not matter if it was reported by a completely anonymous source. When somebody tells you about a bug like this, you investigate and you act. Otherwise people get hurt. (I am tempted to make a Lindsey Graham joke here, but that would undermine the point. It might be nice schadenfreude if Miss Lindsey’s Lady G’s account got hacked, but being happy for security bugs because they hurt people we dislike is a bad security attitude that gets us into lots of trouble.)

Once Troy Hunted the company on Twitter, Grindr acted quickly to fix this particular bug. That’s great, but the fact that they needed to be publicly shamed before acting is reprehensible. That does not matter for me because nobody on Grindr would ever want to date chat with me, but my blogroll is full of beautiful charismatic people and I want you all to be safe.

So should you switch to another hookup app? This is not an easy question. On the surface it might seem like Bumble or Scruff or ChristianMingle might be a better choice, but on the other hand they all have bugs too. Some people might argue that Grindr is safer because (as the market leader) it is under so much scrutiny. Personally (and perhaps irrationally) the underlying values a company demonstrates matters a lot in my technology decisions. WordPress and Blogger are both big targets and have lots of security issues, but my values align more closely with WordPress, so I chose that platform for my regrettable blog. It might have been the wrong choice or it might have been the right one, but as a heuristic it has not been awful. In that sense, Grindr is right off the table for me.

Mind! Learning anything about the underlying values of a capitalist enterprise is no easy task, especially if you want to dig deeper than the marketing fluff. So most of us just use whatever everybody else is using and rest assured we will all go down on the ship together. Maybe that is not an awful strategy, but sometimes these ships do sink.

12 thoughts on “Grindr PSA

  1. Lurkie!
    So good to read you!
    Now, on to the meat and potatoes: first, I had no idea you could call fucking a stranger by so many names. Second, I can imagine that the horny and the restless were back at it the second they got their second shot of Moderna, or whatever it is that they got. Horniness knows no boundaries.
    Third, and most important: Grindr (and the apps like it) are really the most glaring example of consumerism (and capitalism) I have seen. Not only they reek of entitlement (no fats, no fems, no Asians) but also cater to the lowest common denominator. I blasted Grindr from my phone years ago. I know, there’s probably residuals (and I use other apps that also probably track my porn proclivities) but I did not like Grindr then and I don’t like it now.
    There’s nothing free. All those apps use our info to get us to buy shit. WE are the product. Maybe that’s why I try as much as I can to not buy anything online. I’m old fashioned.
    Oh, and I’d like to Install a Magic Keyboard while Riding on a Lamborghini. I can multi-task.

    XOXO

    Like

    1. At least the horny and the restless waited until their second doses, and were admirably chaste until then. I’m pretty sure I am the only person who had troubles keeping a lid on my lustful thoughts.

      Like

    1. Oh, I totally believe it. I’m not on Grindr or any app either. I like quality, not quantity, when it comes to dick. Only the best pulls up to this bumper.

      XOXO

      Like

    2. Well you and Sixpence are so hot that people trip over themselves propsitioning you as you walk down the street. But as the years pass I expect it will become more and more standard to use the apps and less and less standard to meet the love of your life in the bushes.

      Sooner or later not using the apps is going to seem freakish, as crazy-minded and futile as boycotting Amazon.

      Like

    1. I know!

      Well, there’s one joke that fell flat on its face. When it comes to comedy you win some and you lose some.

      Like

    1. Maybe we should bring back hanky codes? I think they are an easier language to learn than semaphore.

      Like

  2. I “went to the car wash” last week. All I can tell you is my car was washed; suddenly I’m feeling short changed by the experience.
    JP
    (Thank you for your earlier post. I was extremely touched by it.)

    Like

    1. Next time be sure to go to the full-service car wash.

      (I’m glad you weren’t offended. It’s been a tough year.)

      Like

Comments are closed.