Tuesday, July 14, 2020

Data Collection And State Surveillance Put LGBTQ People At Risk Online And Off
Apps that harvest data, dark web marketplaces, and state surveillance are just some of the dangers LGBTQ people have to think about online.

Posted on July 14, 2020

Martin Bureau / Getty Images

A new report outlines the minefield of online threats LGBTQ people have to navigate online, from overt state surveillance to tracking via facial recognition to dating app information that gets shared with data brokers and advertisers.

Recorded Future, a cybersecurity company, released a detailed look at what queer communities outside North America have to grapple with. The idea, senior director Maggie McDaniel said, was to better understand where deeper security research is needed.

“It's kind of daunting,” said Evan Akin, associate intelligence consultant who spearheaded the report. “It just shows how difficult it is to navigate between all these different apps, these different states, different regions. There's not just security issues. There's data privacy issues. There are issues with traveling to these different regions. You don't know what the laws are, you don’t know how extensively they’re enforced.”

Based on existing and new research, the results of the report are grim. Even in the few places where LGBTQ people are under less of a threat of state surveillance, the dating apps they may be using still collect data and share it with data brokers or advertisers. This includes sensitive information like sexual orientation, location, drug use, and even HIV status.

Researchers looked at Tinder, OkCupid, Grindr, Scruff, and Her. Scruff was the only app that offered reasonable protections for its users by limiting the information the app collects and shares. The rest of the apps build data sharing into their business models. This creates an inherent threat even as apps introduce protections for their users, like notifications if they’re entering a country with anti-homosexuality laws, because that information can be passed on without users’ knowledge.

“What we're finding is that even if they don't use their name, even if they don't use their phone number, they're still having enough of that information being collected to be identified,” said Akin.

Log-in credentials for the dating apps are a hot commodity on dark web marketplaces, too, creating an additional risk for anyone who reuses passwords. Over the last year, OkCupid and Tinder were key targets for cybercriminals.

These issues have come up before and Grindr was briefly deemed a national security threat by the US when a Chinese company bought it. The company was forced to sell back to US ownership, but that still doesn’t mean it’s completely safe to use, due to the sensitive data it collects.

“If the US government is worried about the data being collected on Grindr, so should you,” Akin said.

The data that’s collected by advertisers across dating apps “can pretty much identify people's daily routines,” Akin said.

“It really facilitates the ability to target individuals and then potentially prosecute them under different laws or statutes,” said McDaniel.

She pointed to findings from cybersecurity firm FireEye that showed the Russian government targeting LGBTQ activists online. Earlier this month, a referendum that made same-sex marriage illegal passed in the country.

Other governments have also weaponized the internet to target LGBTQ people, the report shows. A February 2018 study by human rights organization Article 19 showed Egypt, Lebanon, and Iran have all used apps and social media to track and entrap users. In 2014, the Israeli army reportedly identified gay Palestinians in order to blackmail them, in part through surveillance.

“The capability and technology that powers a lot of the surveillance software companies is growing and getting more powerful every year,” Akin said.

These technologies include facial recognition companies and data analytics, which have become more powerful in the last few years and frequently partner with governments or sell their services to law enforcement.


“This highlights the need for a lot of the companies behind these apps and services geared towards the LGBTQ community to maybe step up their game and make it more of a public effort — to try harder — to protect and offer options to their users,” Akin said, “so that they feel a little bit more safe and protected.”


Jane Lytvynenko is a reporter for BuzzFeed News and is based in Toronto, Canada. PGP fingerprint: A088 89E6 2500 AD3C 8081 BAFB 23BA 21F3 81E0 101C.
Contact Jane Lytvynenko at jane.lytvynenko@buzzfeed.com.

No comments: