“This type of info exposure betrays our trust that the service can determine what fields of data should be public and private.”Holmes said unlike Twitter, which is more public and which is transparent about who has blocked whom, Grindr introduces the additional layer of sexual orientation, and the release of a user's personal information could lead to increased stalking and other forms of sex-based harassment.“LGBTQ folks have vastly different legal standing across countries and continents,” Holmes added.C*ckblocked — which was neither associated with Grindr nor the Chinese gaming company Beijing Kunlun Tech, which owns a majority stake in Grindr — first went live on Friday, March 16.
Two years after the location data was first revealed and addressed by Grindr, security researchers found they were still able to figure out users’ locations.
Location data for Grindr users is particularly sensitive.
Cooper Quintin, a security researcher at the Electronic Frontier Foundation, reviewed Faden’s findings and confirmed the flaw.“There are a million reasons why you might not want someone to find your location through Grindr, and Grindr is dealing with that as a non-issue,” Quintin said.
“They’re putting people’s lives at risk by doing that.”In addition to the new security flaw, Faden also demonstrated the ease and speed with which he could find users who had not opted out of sharing location data.
Grindr’s security issues first came to light in 2014, when security researchers at cybersecurity firm Synack found that Grindr let any user see the profiles and locations of people anywhere in the world.