How Uganda’s anti-LGBTQ+ laws entrap people online

Jaimee Kokonya

Access Now

Published on 5/15/2025

Digital innovation can make it easier for governments to spy on and control queer people’s intimacies, expressions, and existence — violating their human rights. In countries across Sub-Saharan Africa, entrapment is one of the main tactics that authorities use to target LGBTQ+ people online, and the companies behind popular digital apps and services aren’t doing enough to protect them. As we mark the International Day Against Homophobia, Biphobia and Transphobia (IDAHOBIT) 2025, we’re sharing research into cases of digital entrapment in Uganda to show how LGBTQ+ people are being harmed under current laws and policies, and offering recommendations to help keep them safe.

In legal terms, entrapment is defined as a process in which law enforcement officers coerce a person into committing a crime, and then later use this as evidence to prosecute the person. In the context of LGBTQ+ persecution in Uganda, an example of digital entrapment would be a state agent or secret informant creating a fake profile on social media or a dating app — otherwise known as “catfishing” — in order to trick an LGBTQ+ person into sharing romantic messages, videos, or sexually explicit images.

Uganda’s Anti-Homosexuality Act of 2023 (AHA) expanded the already oppressive criminalization of queerness codified in the Penal Code. In our analysis of documented human rights violations that took place under the AHA from May 2023 and March 2025, we found that the digital evidence law enforcement has obtained through entrapment has played an influential role in the charging of people suspected of homosexuality. The result: digital spaces are becoming increasingly unsafe, and people’s rights are being trampled.

The following is a look at the roots of anti-LGBTQ+ laws in Uganda, details on nine specific cases of digital entrapment, an explanation of how current laws and policies enable entrapment and human rights violations, and what governments and companies should do to prevent further rights violations.

A history of criminalizing same-sex relations

Cases: how LGBTQ+ people are trapped online

How current laws and policies hurt human rights

Recommendations

A history of criminalizing same-sex relations

Historically, law enforcement authorities around the world have used surveillance and undercover operations to surveil queer expressions, assemblies and intimacies, in order to enforce colonial moral sexual codes of behavior codified in laws that prohibited such things as “acts against the order of nature” or “gross indecency.”

Before the rise of the internet, authorities relied on surveillance tactics such as raids in queer spaces of assembly such as bars and clubs, where they would arrest people they found kissing or dancing. In South Africa, authorities outlawed sodomy via the 1977 Criminal Procedure Act, and invoked the Interception and Monitoring Prohibition Act to intercept letters and private communications necessary for investigating sodomy.

Today, the same dynamic is playing out, in digital as well as physical spaces. Laws that criminalize same-sex relations have provided a legal basis for law enforcement authorities to subject LGBTQ+ people to unacceptable privacy violations, and to pursue unethical modes of investigation that have enabled abuses of power such as doxxing, extortion, arbitrary detention, and inhumane and degrading treatment.

cases: how lgbtq+ people are trapped online

Between May 2023 and March 2025, Uganda’s Human Rights Awareness and Promotion Forum (HRAPF) documented over 1,000 cases of violations against people based on their real or perceived sexual orientation or gender identity. We reviewed 17 cases of catfishing and digital entrapment that have led to people facing criminal charges or being arbitrarily detained by the police. We summarize nine of the cases below.

Documented catfishing and entrapment cases on social media from May 2023 – March 2025 that led to arbitrary arrests and criminal charges

NO.

CASE NUMBER

CHARGE

CASE DETAILS

UG11

Section 2 (1)of the AHA: “the offense of homosexuality.”

UG11 was arrested after a person they met on a dating app turned against them and demanded money from them in exchange for not reporting them to the police. The social media chat between the victim and the complainant was used as evidence to arrest, charge, and detain UG11 for one day.

UG12

Section 24 of the Computer Misuse Act: “cyber-harassment.”

UG12 met a person on a popular gay dating app. When they met in person, the perpetrator showed up with a police officer. UG12 was arrested and charged with sending lewd and offensive messages to the perpetrator on social media, and detained for three days.

UG16

N/A: Released without charge

UG16 met a person on a social media app and agreed to meet with them. The perpetrator turned out to be an infamous extortionist who worked with a criminal gang and police officers to extort LGBTQ+ people. The perpetrator showed up with a police officer, who arrested UG16. They were detained for several hours but were later released without formal charges.

UG24

Section 11 of the AHA: “promotion of homosexuality.”

UG24 agreed to meet the perpetrator who they met on a dating app. On the day of the meeting, the perpetrator showed up to the house with police officers claiming that UG12 was trying to recruit them into homosexuality. UG12 and two other people in the house were arrested and detained for 10 days.

UG30

Section 2 (1) of the AHA: “the offense of homosexuality.”

UG30 met up with a person that they met on a gay dating app. During the meeting, the perpetrator tried to steal UG30’s phone. When UG30 resisted and tried to escape, the perpetrator screamed and told onlookers that UG30 was gay. The bystanders detained UG30 and took them to a police station. They were detained for nine days, subjected to an anal examination and charged with the offense of homosexuality.

UG43

Section 2 (1) of the AHA: “the offense of homosexuality.”

UG43 agreed to meet with the perpetrator, who they had been romantically communicating with on a social media platform. On the day of the meeting, the perpetrator showed up with a police officer who arrested UG43. UG43’s phone was confiscated, and the police officers searched through their messages and entrapped a second victim UG44, who they suspected of being UG43’s intimate partner. They were both arrested and charged.

UG63

Section 2 (1) of the AHA: “the offense of homosexuality.”

UG63 agreed to meet a person that they met on a dating app. On the day of the meeting, the perpetrator showed up with police officers and demanded payment from UG63. UG63 was arrested, detained, and charged with the offense of homosexuality. They also confiscated their phone to obtain more evidence.

UG66

Section 2 (3) of the AHA: “attempted homosexuality.”

A stranger reached out to UG66 on a social media platform, and after chatting for a few days, they agreed to meet. However, upon meeting, the perpetrator turned out to be a military officer. They detained UG66 and handed them over to the police. UG66 was detained for three days, subjected to a forced anal examination and charged with attempted homosexuality.

UG100

Section 2 (1) of the AHA: “the offense of homosexuality.”

UG100 was catfished by a person that they met on a gay dating app and was lured into meeting them in person. The perpetrator took them to the police station where UG100 was not only charged, but was also forced to give their phone and password to the perpetrator, who went on to reveal UG100’s sexual orientation to all of their contacts.

How current laws and policies enable violations of the rights to privacy and freedom of expression

The right to privacy is an enabler of other rights, such as freedom of expression, freedom of opinion and access to information. Anti-LGBTQ+ laws inherently violate the right to privacy, as they provide a legal basis for interference with LGBTQ+ people’s private intimacy and autonomy, because their sexuality and identity is made subject to criminal scrutiny.

While the right to privacy is not absolute, limitations must not only be legal, they must also be necessary and proportionate. Limiting the right to privacy on the basis of sexual orientation or gender identity is both repugnant and violates non-discrimination requirements.

In 2023, activists in Uganda challenged the constitutionality of the AHA. In 2024, Uganda’s constitutional court struck down a provision of the law that made it mandatory to report people suspected of being LGBTQ+ to the police, finding that it violated the right to privacy. Yet state-sanctioned anti-LGBTQ+ persecution continues to this day, as the court also upheld AHA provisions that outlaw consensual same-sex acts. Courts elsewhere have found that this type of ban violates LGBTQ+ people’s right to privacy. This legal position is what informed the basis of LGBTQ+ decriminalization cases in countries such as South Africa, Namibia, and Botswana.

The AHA is not the only legislation the government has wielded to target LGBTQ+ people. As HRAPF documented, victims of entrapment accused of being LGBTQ+ have been charged with crimes such as “cyber-harassment” under the Computer Misuse Act. This law has already faced sharp criticism for repressive provisions that have been used to stifle speech online. It is also incompatible with international human rights standards protecting freedom of expression, due to its ambiguity and failure to meet the non-discrimination objectives in the International Covenant on Civil and Political Rights (ICCPR).

As LGBTQ+ people face criminalization of their very existence, the internet has become a space of refuge that they rely on for community building, expression, and forming their identity. Local African courts as well as the UN Human Rights Committee have affirmed that a person’s ability to express their identity and personal autonomy is contingent on their enjoyment of their right to privacy.

When LGBTQ+ people go online, tools that enable anonymity and ensure security of communications help to protect their privacy, allowing them to express themselves and share information without interference. According to the Mozilla Foundation, dating apps such as Bumble, Grindr, and Tinder (which are popularly used in Africa) use encryption, but not end-to-end encryption. As such, there is inadequate protection against arbitrary interference by the state. Additionally, as demonstrated by the HRAPF documentation, law enforcement authorities are bypassing protections such as encryption to access private information through tactics such as arbitrary device searches and entrapment.

While some companies are taking important steps to secure people’s private communications, they should be doing more to protect LGBTQ+ people. All companies have a responsibility to ensure that their policies and practices do not contribute to adverse human rights impacts. Yet when they are operating in contexts where there are anti-LGBTQ+ laws similar to the one in Uganda, research shows companies are failing to provide adequate measures to keep people at risk safe from harm.

Recent investigations into dating app privacy policies and practices have revealed red flags for safety. They include weak safeguards for sharing information with law enforcement, sale of customer data to third parties, and unsafe geolocation practices. Human rights organizations have further noted that even LGBTQ+ dating app companies such as Grindr need to improve their community guidelines on safety and security. For example, Grindr’s guidelines contain broad and vague language instructing users “not to do anything illegal or improper.” This lacks the sufficient precision necessary to allow users to regulate their conduct accordingly. This is particularly troubling given the fact that entrapment and extortion has worsened in the region, as evidenced recently by the existence of dating app extortion gangs in Ghana, Kenya, and South Africa.

Recommendations: what governments and companies can do to protect human rights

LGBTQ+ people can take measures to increase their safety online. Here are some resources to protect the community in this difficult time:

Access Now’s Digital security guide: How to protect yourself on dating apps
Access Now’s Digital safety guide for LGBTQ+ activists in Africa
Grindr’s Holistic security guide
Grindr’s Scam awareness guide
PEN America’s Managing our online footprint and protecting from doxxing

While these are crucial self-help measures, we must be clear: the obligation to ensure a future free of homophobic, transphobic, and biphobic violence rests with governments and companies.

Without overturning repressive morality laws, the rights to privacy, freedom of expression and access to information of LGBTQ+ people will continue to hang in the balance. As politicians engage in shameful rainbow burning, tech companies must ensure they are not feeding vulnerable LGBTQ+ communities to the wolves with their harmful backsliding on human rights protections.

Following are our recommendations to the government of Uganda and tech companies to meet their human rights obligations.

➡ government of uganda:

Repeal the Anti-Homosexuality Act (AHA), overturn all criminal charges and prosecutions under the AHA, and provide remedies for people charged under the legislation, as well as those charged under the now-repealed Section 145 of the Penal Code;
Repeal the Computer Misuse Act and create content governance regulations in consultation with stakeholders such as citizens, civil society, and marginalized groups, as well as the private sector, to ensure that the legislations are human rights-respecting;
Provide codified oversight to ensure that law enforcement authorities abide by the rights of arrested persons, the constitutional right to privacy, and the Data Protection and Privacy Act during investigations;
Provide remedies to victims who have been subjected to arbitrary data collection and exposure at the hands of law enforcement authorities, in violation of the Data Protection and Privacy Act; and
Commit to protecting and promoting human rights for all, and to refrain from engaging in actions and speech that incite hatred, violence, and discrimination against LGBTQ+ people.

➡ Companies:

We call on companies to implement the already extensive recommendations detailed by ARTICLE 19 to improve safety and risk mitigation for LGBTQ+ people in at-risk contexts.

In addition, we demand that they:

Center the experiences of people and communities most vulnerable to abuse, including in underserved contexts like Uganda, in the design of their policies and products, by establishing meaningful engagement with organizations that defend LGBTQ+ people, and by adopting approaches that incorporate the needs and protection for the full diversity of users, such as the “Design from the Margins” framework;
Ensure adequate resources and staffing are available to implement measures to build trust with communities at risk and to design and implement policies conducive to their protection;
Conduct, publish, and implement ongoing / ex ante and ex post independent Human Rights Impact Assessments of their privacy policies and practices, tailored to countries with existing laws prohibiting consensual same-sex acts;
Revise any community guidelines that have weakened previous safeguards against anti-LGBTQ+ online hate and disinformation. Additionally, in consultation with trusted partners, develop policies that proactively address content that violates standards on discrimination and hate speech, or which could put users at risk, while upholding human rights standards on freedom of expression; and
Commit to publishing transparency reports on law enforcement information sharing requests and content removal requests, specifically regarding compliance with anti-LGBTQ+ legislations.

CORRECTION: This blog post was updated May 19, 2025 for a correction clarifying that the dating apps referenced use encryption but not end-to-end encryption.