HIV Data Protection and Breach at Grindr
Hornet is a gay social network that was created to better our community. Our company values guided us as we built a product for our LGBTQ community that can, and does, improve lives and protect people. Any company that purports to serve the LGBTQ community should be expected to maintain the values of that community and advance them.
Hornet goes above and beyond what is expected of a traditional company because we are part of the LGBTQ community. We understand the challenge of cultivating a sexuality and gender identity. Together, we have lived through 37 years of the HIV epidemic. People living with HIV have a fundamental right to privacy and that right to privacy does not end when they opt to disclose their status in a personal profile within a closed community. One of Hornet’s guiding principles is to find innovative ways to use technology to combat stigma and discrimination not use technology and data to do harm to people living with HIV.
Hornet values, unequivocally, the trust that our users place in our platform. We never share the sensitive information that our users disclose in their profiles, nor do we use any other identifying information about our users. We invented the Know Your Status (KYS) feature in 2011 to allow users to openly communicate about HIV status and to foster conversations around sexual health. This program, participated in by millions of users, is essential to reducing stigma and providing critical prevention and treatment information.
“Building a product for the gay community, should mean working to improve the lives of our community members and keep them protected. It should be a fundamental expectation that a company built to serve LGBTQ people would aim to advance our safety and security, not to simply profit off of us,” says Hornet Co-Founder and President Sean Howell.
The recent accusations leveled against gay hook-up app are all the more interesting now that the company in question is no longer owned by members of the LGBTQ community. Rather it is now owned and largely operated by KunLun based in China, an ostensibly heterosexual gaming company. Given this fact and recent developments, this company feels increasingly removed from the specific needs of our community.
“As someone who has been living with HIV for over 20 years, I know how critical privacy is, and I am appalled that any company would violate this basic trust, particularly a company that claims to serve the LGBTQ community. My experience with HIV informs all the work I do at Hornet, and the needs of people living with HIV are always front of mind,” said Alex Garner, Hornet’s Senior Health Innovation Strategist.
We respect the privacy and security of our users and are committed to creating a space for people of all HIV statuses. The online space we create is a community. It is not a resource for third-party profiteering. We cultivate an dynamic online community that is supportive and affirming so that people can grow and thrive. Our users put their trust in us, not just around building good technology, but also around doing the right thing and living by a set of values that reflect the community.
A Q&A Regarding Data Protection for Hornet Users:
Q: Does Hornet share HIV data with third-party companies?
A: Hornet does not share any HIV data with third-party companies, and further we do not share profile data with third-party companies.
Q: How does hornet safeguard data at Hornet?
A: Since our inception, the team at Hornet has taken the responsibility of being the custodians of sensitive data very seriously. Personal data, and any data kept on our infrastructure, is stored, processed and handled securely within a restricted environment. While security internally is key, we also run an external bug bounty program to work on finding critical vulnerabilities across our critical surfaces proactively. (We invite interested parties to join the program by sending an email to firstname.lastname@example.org.)
We have an internal incident response plan, and we will work on publicly publishing more information on Hornet Data Security to ensure we honor and maintain the trust of our users. Hornet is committed to respecting the privacy of all of our users and understand that one’s sexuality or HIV status can make them vulnerable to violence or persecution.
Q: Third parties are only one concern around data protection. What other topics are important here?
A: Hornet was founded by technologists who believe in security, and we have a continually updated plan to manage risks of security breaches. Keeping users safe is of the utmost concern for Hornet. In addition to the work we do with Hackerone, we work with experts to win external inputs on security strengthening.
Q: What other security risks are there?
A: Some of the biggest security risks are external. Hornet regularly works with advocates on the ground to communicate localized safety tips. Two recent examples have been our work in Chechnya and our work in Egypt, where our president and co-founder flew to investigate how to make users safer and advocate for their rights. Another important aspect of Hornet is its social responsibility program, called Hornet Impact. In this respect we partner with Outright Action International, the United Nations, the World Bank, ILGA and security experts to look at the ways technology and human rights interact and how we can improve community safeguards and information sharing.
Q: Can I still share my HIV status on Hornet?
A: Yes. Hornet is an online community for people of all HIV statuses. We strive to create a space where people can feel affirmed and supported if they choose to openly declare their HIV-positive status. Being out about your status can help begin important conversations about sexual health while combating stigma. HIV activists have worked to support this program, and we work with the community to maintain this powerful tool to make our community healthier.