As if Facebook's data privacy problem wasn't enough. With all due recognition that an inept apology cannot possibly undo the damage the company and its CEO Mark Zuckerberg have created. There are even worse things companies can do with personal information. Like what gay dating app Grindr did on Monday.
On Monday, BuzzFeed reported on research that the company gave users' HIV status to two other companies. And Grindr did so in a way that make it personally identifiable.
The two companies -- Apptimize and Localytics, which help optimize apps -- receive some of the information that Grindr users choose to include in their profiles, including their HIV status and "last tested date."
Because the HIV information is sent together with users' GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF. (SINTEF was commissioned to produce the report by Swedish public broadcaster SVT, which first publicized the findings.)
Forget for a moment the question of whether this is a breach of federal law protecting health information. It should have been unthinkable for any company to pass along this level of detail on people's lives and to shatter a bond of trust that it apparently had with consumers.
As a sentient human being, there are things you simply refrain from. They are wrong and you avoid indulging. If you slip and do what should be unthinkable, you stop yourself and change your behavior before it becomes an act of self-preservation.
Once discovered, Grindr said that it would stop sharing HIV status, according to an Axios report. The company said that there was misunderstanding of the situation. Grindr's security chief Bryce Case said that the most sensitive information was encrypted and not shared with advertisers.
Because, if a company encrypts sensitive data and then shares it, clearly no one will ever have the key to decrypt it. That's why it had to be shared in the first place, right? Just to see that it was possible.
Case said the information being shared was with platforms used "for debugging and optimizing purposes." One of the two firms that received the data, Localytics, provides services for marketing apps. The optimization is for marketing the app. And the other, Apptimize, is used to improve app retention and engagement as well as to personalize experiences for different users. Yes, debugging and optimization in a sense, much as marketing uses debugging and optimization to get people to buy more. In this case, the product was the app.
Is the person naïve? Too much Silicon Valley brew? Or just trying to keep the pitchforks and torches from surrounding the castle?
After the stories of Facebook and the tech industries general comfort with gathering as much information on people as possible, there seems no good reason to believe any corporation's sincerity. The data that Cambridge Analytica received was never supposed to pass the researcher who collected it in the first place.
With the number of recriminating statements about the dangers of social media from people who made their personal wealth in the business, maybe wondering about personal sincerity is also wise.
Oh, and according to a CNN story, even if some data was encrypted, not all was, and not all stayed with the two companies that received it.
The two companies were also receiving other, less-sensitive data -- including location, gender, age and physical type -- though that data was not always encrypted, according to SINTEF. Third-party advertisers were receiving some of that data, too, the nonprofit said.
Grindr did defend its practices on a blog post.
- Grindr has never, nor will we ever sell personally identifiable user information - especially information regarding HIV status or last test date - to third parties or advertisers.
- As an industry standard practice, Grindr does work with highly-regarded vendors to test and optimize how we roll out our platform. These vendors are under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.
- When working with these platforms we restrict information shared except as necessary or appropriate. Sometimes this data may include location data or data from HIV status fields as these are features within Grindr, however, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users' privacy from disclosure.
Yes, telling others that they truly mustn't share data or papa will be cross worked so well for Facebook. And of course people should realize that public, as in appearing on the app for other users, should naturally mean that the information will be available to other companies.
Too many in the tech industry live in a wishful fantasy world. They want to encourage data sharing, bury the consequences in documents people must agree to -- and which they almost never read -- before using a service, and then say it's the users' faults. They hide behind "industry standard" practices, which only means many companies use them, not that they are wise or right or ethical.
Many tech companies (and others as tech gets embedded into almost everything these days) will continue to do as they like. The money is too good. And maybe people will continue to finally give in and give up. But there's the maybe growing chance that one day they won't.
In any case, what good is money when the fancy mansion needs coverings for all the mirrors because what looks back is so distasteful?