Tech Companies Have No Reason to Care About Your Privacy

In the latest horrifying revelation about the extent to which consumers have grown accustomed to sharing sensitive personal data with tech behemoths, unaware of the extent to which those entities are willing and/or able to keep that information private, BuzzFeed News reports that Grindr has been disclosing its users' self-reported HIV status to two companies that work behind the scenes to help optimize the company's location-based dating app. The prevailing theory as to why the site would commit such an astonishing breach of trust, according to the researchers who first identified the issue? The developers bundle users' information before shipping it off to these third parties, and never stopped to think about the consequences.

The potential dangers of having this information published beyond the Grindr community—remember, the company goes to great lengths to enable use of the app where local prejudices and/or anti-gay laws make homosexuality taboo or illegal—don't require further explanation. And as the Cambridge Analytica scandal revealed, even if an initial third-party disclosure is authorized and appears innocuous, tech companies can do precious little about subsequent transmissions or security breaches once data clears the company's four walls and escapes into the wild.

BuzzFeed is careful to note that Grindr's privacy policy warns users that anything they disclose in their public profiles, including HIV status and other "health characteristics," becomes "public." But in context, this is a clear reference to the disclosure of information to others on Grindr, and through the medium of the app. It is hard to believe that a prospective user would read this language and contemplate the possibility that the company might share that data with third-party geolocation companies without obtaining their consent. Of course, it also seems unlikely that many of those who installed the app on their phones and tapped quickly through its installation screens ever bothered to parse the fine print in the first place.

Part of the appeal of Grindr, or Tindr, or Facebook, or any other social networking service is that all of them appear to take place in what we think of as a very personal, private, insular world: the smartphone. And the more data points you choose to reveal about yourself, and the more honest you are about each of them—your name, your photo, your location, your occupation, your interests, your political leanings, your religious beliefs, your dating preferences, and your health characteristics—the more immersive and enjoyable the experience becomes. It's a "you get out what you put in" principle. As between users, social networking is an exercise in trust.

Service providers, though, see this relationship very differently. As MSNBC's Ari Melber noted after Cambridge Analytica, for tech companies, advertisers are the customers, and users are the product. The consumer-facing apps are mere conduits through which users willingly share their personal information. Here, in the process of trying to make its app run a little more smoothly, Grindr disclosed what is probably the most sensitive information it collects to third parties who have no stake in the underlying interpersonal relationships. It never stopped to consider the human implications of this decision because, right now, it has no motivation to do so. And until we find ways to ensure a closer alignment between business interests of tech companies and the privacy interests of their consumers, there will be more stories like this one.

Update: Grindr has announced that it will stop sharing users' HIV status with the companies in question, arguing in a statement that comparisons of its conduct to the Cambridge Analytica matter are inappropriate. "This is just something we use for internal tooling," Grindr chief security officer Bryce Case told Buzzfeed News. "I will not admit fault in the regard that the data was used."