I wrote this morning about the disturbing security glitch in the popular gay smartphone app “Grindr,” which permits anyone with an Internet connection — including people who are not registered with Grindr, and who are not even logged into the service — to determine the precise location of any Grindr user.
Moments ago I was able to find three Grindr users in one of the most homophobic countries in the world, Uganda, and 3 more inside the Russian parliament and the Kremlin itself.
Here are the Grindr users, blacked out by me so they’re exact location isn’t disclosed.
And a colleague of mine was also able to find two Grindr users inside the Russian state Duma (parliament), and one inside the Kremlin itself (the Kremlin is the lower red circle, the Duma the top). And as my colleague notes: “It might be worth mentioning that the Duma is completely closed to the public. The Kremlin has open hours are 10am-5pm, but that image was taken at 9:22pm Local Moscow Time, well after the Kremlin was closed to the public.” In other words, these gay people likely work there.
As I noted in my earlier story, while apps like Grindr routinely show the distance one user is from another user, they do not show the users’ precise locations. Here is an example of what Grindr actually shows.
In this case, it shows this person as being 2 miles away from me, which really doesn’t give me any actionable information were I wanting to harm this individual.
What Grindr’s security glitch provides, however, is the person’s exact location to anyone — not just to Grindr users, but to anyone with an Internet connection. That might be a problem for the three Grindr users I just found in Uganda’s capital, let alone the three Grindr users in Russia’s homophobic Duma and Kremlin.
To give you a sense of the breadth of the problem, here’s an earlier example of a popular neighborhood in Paris (note: the map zooms in much closer than this, but I didn’t want to make it too obvious where these guys lived):
The thing is, while Grindr claims that this is a necessary and expected part of its service, it is nothing of the kind. I use Grindr, and have for years. Grindr users are not aware that by going on Grindr they are divuling their exact location to anyone with an Internet connection. They think they’re simply telling people how far away they are, without indicating the direction. There’s a big difference in telling a total stranger that you’re two miles away, and telling them that you live in the second house from the corner on Maple Street in Peoria, Illinois. And the problem is especially grave when Grindr users have no idea that this information is in fact being divuled publicly.
When Grindr users choose to turn their location data on (you can turn it on or off in the settings), they are not making an informed decision about their privacy, as they simply do not realize that their precise location is so readily available. This is a serious privacy violation that Grindr can no longer afford to ignore.
The risks are serious enough for any typical Grindr user, let alone gay men (and teens) in places like Uganda, or the Kremlin.