More than three million of Grindr’s daily users were temporarily put at risk because of a major security flaw in the app that was exposed by a third-party site.
C*ckblocked, a now-defunct site that allowed Grindr users to view who blocked them by entering a Grindr user name and password, was able to access user information from Grindr’s Application programming interface (API). The information included email addresses, deleted photos, personal messages and the location of users.
Trever Faden, founder of C*ckblocked, told NBC that it would be easy for anyone to access a user’s private information.
“One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user’s exact location,” Faden told NBC.
In a separate security issue, Faden claimed that Grindr users’ location, which must be inputed directly into the app and not via a third-party site, was not encoded and could be accessed by anyone monitoring public online traffic.
Faden emphasized that the ability to find a user’s location was “a feature, not a bug.”
NBC reports that two independent cybersecurity researchers confirmed the security flaw.
After Faden informed Grindr of the security issues, Grindr blocked the flaw that allowed third-party sites like C*ckblocked to receive data.
Grindr released a statement advising users not to use their username and password for other sites.
“Grindr moved quickly to make changes to its platform to resolve this issue. Grindr reminds all users that they should never give away their username and password to any third parties claiming to provide a benefit, as they are not authorized by Grindr and could potentially have malicious intent,” the statement reads.
However, Grindr denied that user location isn’t encoded.
“Grindr is a location-based app. Location is a critical element of our social network platform. This allows our users to feel connected to our community in a world that would seek to isolate us. That said, all information transmitted between a user’s device and our servers is encrypted and communicated in a way that does not reveal your specific location to unknown third parties,” Grindr’s Chief Technology Officer Scott Chen told the Huffington Post.
The company also released a statement on Twitter to inform users that the problems have been addressed and to be safe using their service.
As a company that serves the LGBTQ community, we understand the delicate nature of our users’ privacy. Ensuring safety and security of our users is of paramount importance to us and will continue to be our top priority. pic.twitter.com/vD2zXqxSr0
— Grindr (@Grindr) March 29, 2018
The flaw is similar to the one in the Facebook/Cambridge Analytica scandal, which allegedly exposed the personal data of 50 million users.
Featured Local Savings
LGBTQ rights group sues Kenya police chief over anti-gay protests
Mombasa demonstrations began after ruling allowed NGO to register
An advocacy group in Kenya has sued Police Inspector General Japhet Koome for allowing religious leaders and lobby organizations to hold homophobic protests whenever court rulings favor the LGBTQ community.
Two petitioners — Mr. JM and the Center for Minority Rights and Strategic Litigation — have sued Koome in the High Court in Mombasa, the country’s second largest city, and demanded a “ban on anti-LGBTQ protests in the country.”
The petitioners’ move is in response to recent anti-LGBTQ protests, particularly in Mombasa after last month’s Supreme Court ruling that affirmed its February decision in support of the National Gay and Lesbian Rights Commission and its ability to register as an NGO.
The controversial ruling sparked criticism from clerics, politicians and the general public. Demonstrations the two petitioners have described as gross human rights violations against the LGBTQ community followed.
An MP from the ruling party and Mohamed Ali — a celebrated investigative journalist whose anti-gay motion for the government to ban public discussion, reporting and distribution of LGBTQ content in the country passed overwhelmingly in Parliament — are among those behind the homophobic Mombasa protests.
Six LGBTQ lobby groups applauded the rulings as a “crucial shot in the arm towards LGBTQ rights” and condemned protest organizers for “mobilizing towards hatred and marginalizing others.”
Mr. JM and CMRSL have also sued two anti-LGBTQ activists and a national lobby group dubbed the “Anti-LGBTQ Movement” that organized the demonstrations, in addition to the police official whose office authorizes street marches by issuing permits to protesters.
“The petitioners have sought to include new amendments to the petition filed last week via the court’s online filing system and they have until Oct. 11 when the court will give directions to the hearing of the case,” a source familiar with the petition told the Washington Blade.
To stop any future homophobic protests, the petitioners want the court to declare the LGBTQ community is also entitled to constitutional rights and freedoms without hate or discrimination just like their opposite-sex counterparts.
They argue the anti-LGBTQ protests, characterized by incitement to violence in March and last month in response to the Supreme Court’s rulings, have led to increased cases of homophobia and threats to the lives of the queer community across the country.
The petitioners claim the “Anti-LGBTQ Movement” group has been propagating “violence, elimination and expulsion” of the queer community from the country in its relentless homophobic campaign. They further allege that organizations working with LGBTQ people have recorded “more than 100 cases of violence, forced evictions and denial of services” by landlords, employers and the public as a result of these protests.
The petitioners also claim the protests have led to the shutting down of “more than 20 organizations and medical facilities” that provide essential HIV and STI treatment services to LGBTQ people because of security concerns.
Mr. MJ and CMRSL in their case have included the Kenya National Commission on Human Rights, a state-funded watchdog organization, as an interested party, although it always distances itself from defending LGBTQ rights.
The Kenyan Constitution, which only recognizes consensual opposite-sex relations, directs the KNCHR. Section 162 of the penal code criminalizes consensual same-sex sexual relations.
This sidelining has forced the LGBTQ community to demand a representative to the KNCHR to represent their interests, such as intersex people who are represented after a landmark law that recognizes them as Kenya’s third sex, took effect in July 2022. The petitioners did not engage KNCHR before listing it as an interested party.
The state-funded National Cohesion and Integration Commission, Amnesty International Kenya and the Kenya Human Rights Commission are among the other institutions the two petitioners have included in the case as interested parties.
Amnesty International Kenya with Irungu Houghton as its executive director on Sept. 30 held the “State of Freedoms and Rights in 2023” conference in partnership with United States International University Africa in Nairobi, the Kenyan capital. Participants demanded respect for the rights of every person, including members of the LGBTQ community.
The rights organization vowed to fight any infringement of the rights of any person or group, regardless of their gender or sexual orientation, in line with its newly launched 4-year strategic framework for 2024-2028 that will guide its human rights advocacy.
Meanwhile, some parents in one of Kenya’s all female high schools are angry after administrators suspended 18 students who allegedly engaged in what they described as lesbianism.
The students’ suspension from Cardinal Otunga Girls’ High School in the western part of the country last week has caused fury among their parents, because they are set to start taking their final high school national exams on Oct. 10. This action comes amid the government’s plans to consider a recommendation from a presidential task force on education reforms to hire imams and chaplains in schools to guide students against what they feel is the infiltration of LGBTQ practices.
Kevin McCarthy ousted as House speaker
Matt Gaetz led effort against Calif. Republican
A motion to declare the chair vacant submitted by U.S. Rep. Matt Gaetz (R-Fla.) to oust House Speaker Kevin McCarthy (R-Calif.) succeeded on a 216-210 vote Tuesday after an at times contentious debate between House Republicans on the floor.
The last to vote in the full order of the roll call was McCarthy, who voted against the motion to remove him from his post. U.S. Rep. Steve Womack (R-Ark.), who chaired the proceedings, declared the speaker vacant after the House chamber went silent, after it had asked if anyone wishes to change their vote, then read off the tally submitted by the clerk.
U.S. Rep. Patrick McHenry (R-N.C.), a close McCarthy ally, will serve as speaker pro tem, or as temporary acting speaker.
With a sharp bang of the gavel, he declared the chamber in recess.
This is a historic action by the House as never before has a House speaker successfully been voted out of the chair. The last time the House had a vote to oust the speaker was in 1910.
The vote that year stemmed from angst among progressive Republicans that the speaker at the time, Joseph Cannon, a conservative known as “Uncle Joe,” refused to bring progressive legislation to the floor for a vote.
The House Cannon Office Building, which was completed in 1908 and is the oldest congressional office building — a significant example of the Beaux Arts style of architecture is named for Cannon, who had served as House speaker.
Earlier Tuesday afternoon the chamber voted 208-218 with Democrats supporting a motion to table Gaetz’s resolution to oust McCarthy, setting the stage for a vote on whether McCarthy should remain in the top spot. Democratic leadership had told reporters earlier that their conference would be united in an effort to remove the House speaker.
Laphonza Butler sworn in as California’s newest senator
Former vice president advisor will succeed Dianne Feinstein
Vice President Kamala Harris on Tuesday swore in Democrat Laphonza Butler as California’s newest U.S. senator during a ceremony at the U.S. Capitol.
The first Black lesbian to serve in the Senate, Butler was president of the nation’s largest organization dedicated to electing women to public office, EMILY’s List, and previously was a senior advisor to the vice president during her 2020 bid for the Oval Office.
Harris, the country’s first woman vice president as well as the first Black and South Asian person to serve in that role, also made history with her tenure as attorney general and then senator for California.
Democratic California Gov. Gavin Newsom appointed Butler to fill the vacancy caused by the death, on Friday, of U.S. Sen. Dianne Feinstein, who had represented the state in the upper chamber since 1992.
Per the terms of her appointment, Butler will be eligible to run for the seat during next year’s elections, in which case she would face competition from three high profile Democrats now representing California in the House: U.S. Reps. Barbara Lee, Katie Porter and Adam Schiff.
Newsom in 2021 pledged that he would appoint a Black woman to Feinstein’s seat. Lee, so far the only Black woman among the declared candidates, congratulated Butler in a statement in which the congresswoman said she is “singularly focused on winning” her Senate campaign.
California “deserves an experienced senator who will deliver on progressive priorities,” she said. “That’s exactly what I’m running to do.”
Consistent with her work in progressive politics, Butler was previously a labor leader with Service Employees International Union, SEIU, the powerful union where her wife, Neneki Lee, serves as director of the Public Services division.
Human Rights Campaign President Kelley Robinson and Claire Lucas and Judy Dlugacz were among those who attended the swearing in alongside Butler’s wife.
Senate Majority Leader Chuck Schumer (D-N.Y.) and U.S. Sen. Alex Padilla (D-Calif.) escorted Butler into the chamber. Lee and Schiff were among those who attended the ceremony.
“It’s a good day,” Lucas told the Washington Blade as she left the chamber.
Michael K. Lavers contributed to this story.