2

Yesterday, Msgr. Jeffrey Burrill of the U.S Council of Catholic Bishops resigned because an investigation by Pillar, a Catholic newsletter, alleged that he had used Grindr to find hookups. Fairly standard stuff, but the truly perplexing part was the investigation method:

According to commercially available records of app signal data obtained by The Pillar,
a mobile device correlated to Burrill emitted app data signals from the location-based
hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 — at both 
his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and 
events in other cities.

To me, this scenario sounds extremely unlikely. An article in the Washington Post cites a few experts who say that they don't know of any other cases where commercially available advertiser data was deanonymized succesfully. A Grindr spokesperson rejects the possibility, stating that 'the alleged activities listed in that unattributed blog post are infeasible from a technical standpoint and incredibly unlikely to occur'.

I can think of a number of possible scenarios:

  • The folks from Pillar (who are pretty conservative) found Burrill's account manually, but don't want to admit they used Grindr themselves. This seems unlikely, because it wouldn't explain the source of a lot of other information contained in the article.
  • The data was obtained through a Grindr data breach. I don't know of any, so this seems unlikely.
  • Pillar was somehow able to extract advertising ID's from Burrill's device, which would have given the proverbial needle a bright red color and flashing lights. This seems possible, but I don't know how difficult this is (e.g. would this require Pillar to have breached his phone).
  • The data was procured illegally in another way. This article called to mind the investigation by Bellingcat that was able to track Navalny's killers using hacked geolocation data available on Telegram. Could something similar have happened here?

Is the story put forth by Pillar in any way feasible? If so, how could they have obtained this data?

Benthlin
  • 21
  • 2

2 Answers2

5

Apps like Grindr use third-party advertising companies to serve ads in their apps. According to a 2020 report by the Electronic Frontier Foundation, Grindr uses a company called MoPub (which is owned by Twitter) to serve its ads. To make the ads highly relevant to the user (and thus, to maximize advertising revenue), the EFF explains how MoPub collects as much information as it can from the user’s device, including information that the user has entered in Grindr, the device’s unique device ID, the user’s location, and much more. All of this information gets sent back to MoPub’s servers, where it is combined with other information that MoPub knows about the user from other apps on the user’s device. Then, MoPub serves an ad that the user sees in the Grindr app, specifically selected for them. All of this happens in a fraction of a second, and happens continuously as the user uses the app.

At this point, what happens to the data that MoPub collects gets fuzzy, as we enter into the murky world of data collection, data brokers, and data monetization. MoPub openly states in its privacy policy that they share the information that they collect, in anonymized form, with its ‘partners’. This page on MoPub's site lists over 100 of these partners. It’s possible that Pillar may have obtained the data from one of these partners, or any number of other ‘data brokers’ that trade such information.

For example, a company called Datarade advertises anonymized location data on 275 million monthly active users, and 59 billion monthly location pings, updated daily, with two years of history. The data is available to anyone willing to pay the asking price of $4500/month. Each data record contains a timestamp, the unique device id of the device that the data was collected from, the GPS location of the device at the time the data was collected, and much more.

But, if the data is anonymized, then how was The Pillar able to use it to identify Msgr. Burrill?

Presumably, the data that The Pillar obtained did not contain personally identifying information (PII) such as names, email addresses, or phone numbers. But, The Pillar reports that they correlated a unique mobile device to Burrill - implying that the location data from Grindr that The Pillar was working with must have contained device id’s (as is the case with Datarade’s offering). In that case, it would have been fairly easy for a competent coder to pinpoint Burrill’s records in the data, and track his movements over time. The Pillar explained in its report that they zeroed-in on records in the data that contained a few known locations that Msgr. Burrill frequented, such as the USCCB staff residence and headquarters, Burrill’s family vacation house, residences of Burrill’s family members, Burrill’s apartment, and locations of meetings that Burrill attended. The Pillar simply had to look for a device id that showed up in records for all of these locations. That device id could only have been Burrill’s – it’s virtually impossible that anyone else in the world would have visited all of these of locations, particularly at the same times that Burrill was known to have visited all of these locations. Now, with Burrill’s device id known, The Pillar could simply pull all of the records from the data set containing Burrill’s device id, and get a detailed list of Burrill’s whereabouts spanning the course of several years, enabling them to conclude that a mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020.

mti2935
  • 19,868
  • 2
  • 45
  • 64
3

The article at Ars Technica is more informative:

The Pillar says it obtained 24 months' worth of “commercially available records of app signal data” covering portions of 2018, 2019, and 2020, which included records of Grindr usage and locations where the app was used. The publication zeroed in on addresses where Burrill was known to frequent and singled out a device identifier that appeared at those locations. Key locations included Burrill's office at the USCCB, his USCCB-owned residence, and USCCB meetings and events in other cities where he was in attendance. The analysis also looked at other locations farther afield, including his family lake house, his family members’ residences, and an apartment in his Wisconsin hometown where he reportedly has lived.

The de-anonymized data revealed that a mobile device that appeared at those locations—likely Burrill’s phone, The Pillar says—used Grindr almost daily. It also says that data “correlated” with the priest’s phone suggests that he visited gay bars, including while traveling for work. The Pillar presented this information to the USCCB in advance of publication, and yesterday, the conference announced Burrill’s resignation.

My personal guess is they had a tip that started them looking, rather than a blind data troll.

user10216038
  • 7,552
  • 2
  • 16
  • 19