So another forum had a post mentioninig this article. https://www.nbcnews.com/news/us-news...phone-n1274596
Setting aside the schadenfreude and hypocrisy etc this is a good example of why GDPR and privacy matters.
This was apparently derived by someone tracing the device identifier (apparently easy to do if you know the number and are able to make a call to their phone) and then cross referencing that against aggregated data obtained from Grindr which logged device ID.
Just because something doesn't personally identify users in the data they collect doesn't mean that data can't be extrapolated or interpreted using cross references to other data sources to make it personally identifiable!!
A lot of websites, even those with cookie opt outs, etc list a non-opt-outable consent for "identifying and linking devices". This seems to be a shortfall in the GDPR and allows just this kind of data aggregation from pooled sources. It's not just priests hooking up on grindr who need to worry about this kind of thing.
What's the answer for users to protect themselves? VPN, random MAC addressing?