Phone tracking is having a moment, but gay dating app Scruff wants no part of it

Location data is big business, and is now at the center of efforts to study the spread of COVID-19. But who's in control?

Scruff CEO Eric Silverberg

Eric Silverberg, CEO of gay dating app Scruff, decided not to sell his users' location data. It wasn't easy.

Photo: Courtesy of Scruff

A few years ago, a particular type of email began showing up in the inbox of Eric Silverberg, whose gay dating app, Scruff, allows members to search for potential matches who are nearby. They were pitches from location-data brokers, telling the CEO he was sitting on a lucrative trove of user information.

"I wanted to reach out because I noticed that Scruff currently has location feature installed into their app and thought it would be beneficial for us to connect," a salesman from one of the brokers, X-Mode, wrote in a September 2018 email, in which he offered to pay Scruff up to $100,000 for its users' location data.

X-Mode sent five more pitch emails in the five months that followed. And in the past 18 months, at least half a dozen other brokers have reached out with at least 33 separate solicitations.

"It's like (zero calorie) icing on the cake," wrote a salesman from the Canadian mobile data company Tutela Technologies last July, touting the effortless revenue that selling users' location data could yield.

Silverberg wasn't interested. He says he never replied to the emails, copies of which Protocol reviewed.

"Our community is very sensitive to this topic of data sharing," Silverberg said. "There are countries around the world that criminalize same-sex acts."

The dilemma he faced has been brought into sharp relief by the coronavirus pandemic, which has shined a bright light on the power of location data culled from cell phones, a process consumers enable when they use apps and which allows those apps to deliver targeted services and ads. Israel, China, Singapore and South Korea are using location data to track those sick with COVID-19. In Europe, mobile carriers are sharing data with health authorities in Italy, Germany and Austria to help fight the virus.

So, too, in the U.S., both private companies and the government are exploring how to tap into the movement of cell phones to track and study the spread. Google put its vast repository of location data on display last week when it released Community Mobility Reports, showing adherence to COVID-19 movement advisories and restrictions in 131 countries, and in every county in America.

At the same time, federal officials, police investigators and immigration agents are quietly ramping up use of individuals' location data to enforce laws and detect threats, sometimes with warrants and sometimes not. Protocol reported last month that a Virginia company, Babel Street, sold access to vast caches of data to Immigration and Customs Enforcement, Customs and Border Protection and the Secret Service — and perhaps others.

What this means is that, in some respects, app developers like Silverberg are on the front lines of advances in technology that could revolutionize crime-fighting, disease-tracking and other fields, though with huge implications for personal privacy. The same location data that allows consumers to find nearby restaurants and dates can underpin a study of whether people are social distancing or an investigation into a kidnapping.

Moreover, many of the companies that repeatedly pitched Silverberg are providing the data that is being used to map coronavirus' spread. The pitches he received offer a window into how this data moves.

Beach parties and heat maps

X-Mode, for example, provides location data to the data analysis company Tectonix, which on March 24 released a widely viewed map showing how spring breakers who controversially partied on Florida beaches returned to their homes all around the country in the days that followed. X-Mode and Tectonix, which has contracts with the Pentagon, have released similar heat maps showing the virus' spread in China, Italy and Washington state, demonstrating its global reach.

X-Mode is also the source of location data that defense contractor Culmen International is using to map the virus' spread for federal agencies, according to Culmen. Another data broker that pitched Silverberg 16 times in an 18-month period, Cuebiq, provided location data used by The New York Times to map adherence to shelter-in-place orders around the country.

X-Mode says it complies with laws including the California Consumer Privacy Act, which went into effect this year, and the European Union's 2-year-old privacy law. Both require companies to obtain users' consent to share their data and require varying degrees of transparency about how they use that data.

A spokesperson for X-Mode said the company helps app developers "monetize their apps without ads" and "continue to invest in the success and growth of their apps."

Tectonix, Culmen and other companies that work with location data say the information is anonymized, with users marked by codes rather than names. However, academic studies have challenged whether efforts to guarantee privacy hold up in certain applications. Researchers at Imperial College London, for example, found they were able to uniquely identify 95% of individuals in a data set with just four time-and-place data points.

Silverberg's decision was influenced by the fact that privacy issues may be particularly sensitive for Scruff users. In at least 68 countries, homosexuality is a crime, and in some, the mere presence of a gay dating app on a phone is illegal. Silverberg knew that for many of his customers, identification by a government agency could mean prison or worse.

So in 2018, he cut ties with the data and digital advertising industries, two of the biggest revenue drivers in the app economy. He rebuffed dozens of pitches from companies like X-Mode offering to buy his users' data outright. And he stopped doing business with third-party ad brokers, who similarly demand reams of user data in exchange for ad dollars.

It's worked out, he said. Thanks to subscription revenue, and Scruff's newly built in-house advertising division and data analytics operations, Scruff has seen ad revenue grow fivefold. Silverberg's path might offer lessons for some of the thousands of app developers struggling to monetize their products while navigating the fast-evolving privacy landscape.

"You don't need to go through third-party ad brokers," he said. "That's the message for app creators all over the world. Don't be afraid to sell ads. You can do it. You don't need Google or a third party to do it for you."

Big money, little effort

Silverberg launched Scruff in the summer of 2010 out of his apartment in the West Village. The mobile app boom was just taking off, fueled by the proliferation of smartphones, and what began as a side project quickly became a full-time job as Scruff established itself as a popular competitor to Grindr.

The rapid growth, though, meant rapidly growing costs as well, mostly to buy server space to run the app, from a few dollars per month to $100 a day. "We scrambled to find any revenue source we could," Silverberg said.

He turned to several third-party ad firms, but frustrations mounted. The ads hurt users' experience, he felt, frequently serving as a vector for spam. And the revenue the ads generated was less than promised.

"They all had big promises of how much money you could make that they never came close to meeting," Silverberg said. "Our traffic would go up, and our revenue would go down. It just made no sense."

Privacy concerns weren't as prominent in the industry then. Smartphones weren't yet widespread enough to provide enough location data to make it useful, and the analytical tools weren't nearly as advanced. But about three years ago, this began to change. That's when the data brokers started showing up in Silverberg's inbox.

Companies he had never heard of offered him hundreds of thousands of dollars just to embed a few lines of software code in Scruff's app that would hoover up users' movements and other data. Salespeople dangled effortless revenue, with little impact on users' experience, mobile speeds, data-usage costs or battery life, as well as useful analytics on how users interacted with the app.

The data was anonymized, the companies assured Silverberg, but he had his doubts. In many cases, he said, the information taken came with other details about Scruff users, such as email addresses and mobile device IDs, which could potentially be used to identify individual users.

X-Mode was one of the most aggressive in pursuing Scruff's business. From September 2018 to February 2019, its sales reps sent six pitch emails to Silverberg. Three weeks after its offer to pay $100,000 for Scruff users' location data went unanswered, X-Mode reached out again.

"This quarter we are offering good rates for an SDK integration," the salesman said, referring to the embedding of software code. Three weeks after that later came a third pitch, this one with a spreadsheet of projected revenue.

The big spread

X-Mode traces its roots to 2013, when founder and CEO Joshua Anton created Drunk Mode, which prevented users from drunk-dialing, making phone calls they might later regret. The app was popular on college campuses and soon added new features such as Find My Drunk, which allowed friends to keep track of each other. In 2015, X-Mode began selling its location data.

Today, the company is one of the largest vendors of unprocessed location data. It lists 140 companies that buy its data, then process and analyze it to fit their needs. While Silverberg rebuffed X-Mode's offers, the developers of more than 400 other mobile apps used by more than 60 million people have signed on to sell the company their users' location data, according to X-Mode's website.

"You have so many apps on the app store who are all desperately in need to somehow monetize their apps," said Christoph Tavan, who used to run an ad tech firm and is now CTO for Contentpass, a German company building an ad-free, subscription-based internet model.

Though it's often difficult to know which apps are selling location data and which are not, careful readings of app privacy policies in some cases offer a clue. One of the developers X-Mode has partnered with is Kelly Technology, which has 16 mobile apps, including fitness apps like HIT Log, weather apps such as Earth++ and WeatherMatch, and a space exploration app called NASA Now. Kelly Technology did not respond to requests for comment.

Many of the companies that buy location data from X-Mode share data, in turn, with their own partner and client lists, meaning that sharing data with X-Mode can be the first step in the spread of that data to an untold number of other companies.

One of X-Mode's partners, German company AdSquare, which claims a data bank of 450 million user profiles from over 120 data providers, lists 45 partners it could share data with in 11 countries. One of those partners, Criteo, shares data with 99 partners and is under investigation by the French privacy regulator CNIL. Criteo said it was cooperating and had done nothing wrong.

Other dating apps, including Scruff's chief competitor, have come under fire for sharing users' data. A Jan. 14 report by European privacy researchers Wolfie Christl and Zach Edwards said Grindr shared detailed user data, including IP addresses, GPS locations, ages and genders, with many third-party ad companies, mostly via Twitter's ad tech subsidiary MoPub. The same study found that dating app OkCupid "shared highly personal data about sexuality, drug use, political views, and more with the analytics company Braze."

'That's our data'

These were the ripples, which seemed out of an app developers' control, that concerned Silverberg. "We took a look at all our partners, down the stack," he said, "and it became clear that if we continued to integrate with these ad networks, we would need to ask our customers to consent to sharing their data with all sorts of companies whose practices we knew nothing about."

Determined to work outside the third-party advertising and data broker networks, Silverberg built an in-house ad team in 2018. He hired designers who built a custom ad platform for Scruff based on React Native, a platform developed by Facebook. He hired a sales team that pitched directly to brands. They found takers who appreciated the approach, he said, and the app now has more than 50 advertisers.

But forgoing partnerships with data brokers brought challenges, such as the loss of potentially useful analytics. The alternative is to pay for those same services, but that can be expensive. Scruff users generate roughly a billion "events" per day: clicks, taps, scrolls, messages and everything else. That equates to about 500 GB of data, requiring a massive storage and a powerful processing capability to translate that data into something usable. One company quoted Silverberg a price of $30,000 a month.

So just as he did with ads, Silverberg set out to create an in-house analytics operation. "We wrote our own code to collect the data," he said. "But that wasn't the hard part. The hard part was ingesting and analyzing the data." He turned to Amazon Web Services for storage of the data and the company's Kinesis platform to interrogate it.

Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.

Silverberg said he saved money as a result, while enabling Scruff's data engineers to work with the app's raw data in more powerful and customizable ways, yielding insights into how customers use the app. Had he not taken control, he said, the privacy issues would have persisted.

"Every day you have to hand over to them a complete copy of all your user data, profile updates, time stamps, usage data," he said. "And then they're taking that data, repackaging it and reselling it. That's our data. Not yours."


Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories