Here’s what Grindr is doing to figure out how a right-wing site outed a priest with app data
Author: John Gallagher
When The Pillar published an article claiming that a high-ranking priest was active on Grindr, the right-wing Catholic website claimed it was based on “commercially available” data that was analyzed to pinpoint Monsignor Jeffrey Burrill’s activities. The Pillar didn’t provide any details about the nature of the data or how they obtained and de-anonymized it, which led many security analysts to wonder how the feat was accomplished.
Among those wondering: Jeff Bonforte, the CEO of Grindr.
Related: Anti-gay priest on trial for allegedly having sex with men to help “heal” their homosexual desires
“When I first read that story, I went through all the stages of sadness and anger,” Bonforte told LGBTQ Nation.
But when he started to think about how The Pillar did what it claimed to do, he realized he had a lot of questions.
To answer them, Bonforte has started an investigation aiming to replicate The Pillar’s results. Even in the earliest stages, it’s clear that the work is a lot more complicated than people might have been led to believe.
For one thing, Bonforte stresses, Grindr does not sell its data to anyone. “We’re hyper-aware of the risks of our users,” he says. “We not only have information about industry risks, but we’re also very aware of all the challenges the queer community faces around the world.”
In a blog post, Bonforte lays out three possible methods that led to The Pillar getting anonymous data and reverse engineering it to out the priest. None of them involve a breach by Grindr.
The first is that the data came from a network provider. Mobile phone services have sold data before. This scenario would explain The Pillar‘s repeated references to Burrill’s phone signal, which it placed within his residence and other locations.
By contrast, any data from Grindr lacks the specificity about the kind of phone signal that The Pillar outlines.
The second scenario involves data location brokers, which can build a map of your locations based on your phone data. Bonforte says that Grindr has never partnered with these firms.
The third is from ad networks. While agreements between the networks and Grindr offer multiple layers of protection against privacy violations, it’s always possible that a firm that the ad networks are working with could have provided the data.
Bonforte says that ad networks don’t have data on the level of specificity that The Pillar article describes. “In general, the signals that come through an ad system are not good,” he tells LGBTQ Nation. “The ad exchange lops off a lot of that detail.”
Bonforte also notes that the news organization where The Pillar founders JD Flynn and Ed Condon previously worked at, the Catholic News Agency (CNA), was offered suspiciously similar data in 2018. That data was said to cover Grindr and Tinder, both of which operate with largely separate ad networks.
What’s clear, says Bonforte, is that The Pillar had its sights set on Burill from the start. “You have to know the answer to the question to know what to look for,” he says. “Tracking an individual device is really hard.”
In essence, sorting through reams to data and stumbling upon Burrill is the tech equivalent of finding a single grain of sand on a miles-long beach. Finding and outing Burrill would certainly be in line with the Catholic right’s insistence on ridding the Church of all gay priests and equating them with pedophiles, as The Pillar did.
Ultimately, because of The Pillar’s lack of transparency, “it’s tough to know exactly what went on,” says Bonforte. “I personally think they are withholding data.”
Bonforte says that Grindr will share the results of its investigation publicly and within the industry. “If we can find the problem, we’ll publish it,” he says. That includes if it turns out a flaw in Grindr was the source of the de-anonymized data after all.
Meanwhile, Bonforte is cognizant of the criticism that Grindr has received over its privacy practices. When he bought the company last year, Bonforte said he took a deep dive into the app’s inner workings and was reassured that it had the right protections in place.
Still, the company has expanded its security and privacy team.
“We 100 percent take this issue seriously,” Bonforte says. “We want to make the whole thing better if we can.”
Actual Story on LGBTQ Nation
Author: John Gallagher