New report exposes security risks of LGBT+ dating apps

Repressive regimes are using apps to lure & arrest LGBTs


London, UK – 15 July 2020

“A new study by cyber security specialists has found that police in countries where homosexuality is illegal are increasingly using LGBT+ dating apps to spy on, entrap and arrest LGBT+ people, including in Russia, Egypt, Saudi Arabia, Iran, Lebanon and Ghana. This is being made possible by the apps lack of privacy safeguards and vulnerability to exploitation,” said human rights campaigner Peter Tatchell, Director of the Peter Tatchell Foundation.

“It is the responsibility of app operators to respect and protect their user’s privacy. Repressive regimes will continue to target, monitor and repress the LGBT+ community for as long as these apps allow them to get away with it. Data protection is the new frontier in human rights,” added Mr Tatchell.”

Read the full report here

The report by Recorded Future’s Insikt Group compared the data practices of the apps Grindr, Scruff, Tinder, OKCupid and HER. All collect user data, including user’s exact location, sexual orientation, religion, political beliefs, drug use and much more. They share that data with at least 135 different third-party entities and this can be used by repressive regimes to track and trace LGBT+ people in order to prosecute them.

Of those five dating apps, only one, Scruff, was mentioned as having taken extra steps to protect user data.

Grindr’s website says that users who agree to its privacy policy are “directing us to disclose” personal information to advertising partners.

“This report shows that companies providing apps need to tighten their security and privacy protections. They need to follow Scruff’s example by randomizing location data, issuing alerts when users travel to countries that criminalise homosexuality, cutting ties to location-data brokers, and by avoiding third-party sharing,” added Mr Tatchell.

The report documents instances of government surveillance and prosecution across the globe in recent years that relied on exploiting LGBT+ dating apps or monitoring online forums.

Police in Russia, Egypt, Saudi Arabia, Iran, Lebanon, Ghana and other countries have identified and lured LGBT+ people to arrest them by posing as potential romantic partners on dating apps.

The Insikt Group note that LGBT-targeted cyber intrusions or attacks were also instigated by the state for censorship or surveillance purposes, or by individual actors motivated by financial interests or social stigma, in Azerbaijan, China, Georgia, India, Indonesia, Malaysia, Myanmar, Pakistan, Singapore, South Korea, and Sri Lanka.