584
Period tracking app refuses to disclose data to American authorities (www.newsweek.com)
submitted 4 days ago by lemmee_in@lemm.ee to c/privacy@programming.dev
113 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[-] ValiantDust@feddit.org 132 points 4 days ago

If anyone is in need of a more secure option in these dystopian times: drip keeps all your data on your phone. You can export the data, so you can keep the tracked data when changing phones. I only use it for tracking my cycle and sometimes symptoms though, so I can't say much about using it for birth control.

[-] disguy_ovahea@lemmy.world 25 points 4 days ago

Apple’s Cycle Tracking app is also locally and E2E encrypted in iCloud.

When your phone is locked with a passcode, Touch ID, or Face ID, all of your health and fitness data in the Health app, other than your Medical ID, is encrypted. Any health data synced to iCloud is encrypted both in transit and on our servers. And if you have a recent version of watchOS and iOS with the default two-factor authentication and a passcode, your health and activity data will be stored in a way that Apple can’t read it.

This means that when you use the Cycle Tracking feature and have enabled two-factor authentication, your health data synced to iCloud is encrypted end-to-end and Apple does not have the key to decrypt the data and therefore cannot read it.

https://support.apple.com/en-us/120356

[-] onlinepersona@programming.dev 31 points 4 days ago* (last edited 3 days ago)

Sure. It's encrypted. And your private data only stays on your device. Pinky swear.

With our 10 billion $ in ad revenue, you can trust that your data never makes it to a third party unencrypted 😚

Anti Commercial-AI license

[-] uis@lemm.ee 4 points 3 days ago* (last edited 3 days ago)

"If you are paying, it doesn't mean you are not the product"

- Cory Doctorow

load more comments (8 replies)
load more comments (20 replies)
[-] glimse@lemmy.world 15 points 4 days ago

What a name lol

load more comments (2 replies)
[-] ArcaneSlime@lemmy.dbzer0.com 16 points 3 days ago* (last edited 3 days ago)

They shouldn't be collecting it in the first place, store the logs locally (and encrypted tbh) on the user's device.

[-] Anticorp@lemmy.world 46 points 3 days ago

Why in the fuck would the government need this information?

[-] dance_ninja@lemmy.world 48 points 3 days ago

When they start prosecuting women for miscarriages and suspected abortions under Trump's national abortion ban.

load more comments (9 replies)
[-] problematicPanther@lemmy.world 14 points 3 days ago

dystopian hellscape where government has an algorithm to check whether your period has come in a given month, and if you've missed more than a few weeks, you'll be listed as pregnant. And then if you're not pregnant anymore for any reason other than giving birth, then you'll be prosecuted for having an abortion.

[-] KomfortablesKissen@discuss.tchncs.de 13 points 3 days ago

To prosecute criminals. Like women not following a shit take like "Your body, my choice". Or terrorists. With wombs? Idk.

This shit is just fucked up.

[-] horse_tranquilizers@sh.itjust.works 9 points 3 days ago

China had a database that stored fertility information including information like in the article leak a few years back too. Worse cause it leaked/got hacked. Creepy AF

[-] Fosheze@lemmy.world 65 points 4 days ago

Why does a period tracking app even need to store the data anywhere other than locally?

[-] sus@programming.dev 43 points 3 days ago* (last edited 3 days ago)

their given reasons are "to keep backups" and "academic and clinical research with de-identified datasets"

they seem to actually do a fairly good job with anonymizing the research datasets, unlike most "anonymized research data", though for the raw data stored on their servers, they do not seem to use encryption properly and their security model is "the cloud hoster wouldn't spy on the data right?" (hint: their data is stored on american servers, so the american authorities can just subpoena Amazon Web Services directly, bypassing all their "privacy guarantees". (the replacement for the EU-US Privacy Shield seems to be on very uncertain legal grounds, and that was before the election))

[-] Anticorp@lemmy.world 13 points 3 days ago

de-identified

Doubt.

[-] ballmerpeaking@programming.dev 6 points 3 days ago* (last edited 3 days ago)

De-identified data is an oxymoron. Basically any dataset that's in any way interesting is identifiable.

[-] sus@programming.dev 4 points 3 days ago* (last edited 3 days ago)

no it's not. If you reduce the information in the datapoints until none of them are unique, then it is very obviously impossible to uniquely identify someone from them. And when you have millions of users the data can definitely still be kept interesting

(though there's pretty big pitfalls here, as their report seems to leave open the possibility of not doing it correctly)

load more comments (11 replies)
[-] kekmacska@lemmy.zip 6 points 3 days ago

tf is usa on, why they need perios statistics

[-] OneWomanCreamTeam@sh.itjust.works 6 points 2 days ago

So they can prosecute people for getting illegal abortions.

load more comments (1 replies)
[-] EmperorHenry@discuss.tchncs.de 5 points 2 days ago

But it will still disclose that data to advertising companies which WILL give it to the authorities for a nominal fee

Also, why does the app keep that data in a centralized location where it can be scooped up like that?

And more importantly, people have known that everything is spyware since the Snowden leaks, why the hell would you ever give that kind of data to an app on your phone? Even if the app was totally E2EE and private, other things on your phone do all kinds of spying

[-] Duamerthrax@lemmy.world 41 points 4 days ago* (last edited 4 days ago)

~~That's nice, but why does that data need to be on their servers in the first place?~~

Ok, so apparently they don't store the data by default. Guessing they could if the user wants it backed up or synced across devices.

[-] Cosmonaut_Collin@lemmy.world 21 points 4 days ago

I imagine they collect data to improve their algorithm so it can more accurately predict a woman's cycle. Quite a few women use these apps as an alternative birth control, so knowing the specific days where they need to avoid sex is helpful.

load more comments (6 replies)
[-] Bluefalcon@discuss.tchncs.de 36 points 4 days ago

Any woman on here, please consider bluemoon. My wife is tech illiterate but loves the app.

Bluemoon (Open source, privacy friendly menstruation tracking app. Your period, your data!) https://f-droid.org/packages/ch.nilsgrob.android.bluemoon/

load more comments (3 replies)
[-] ColdWater@lemmy.ca 4 points 2 days ago

Why US gov need to know about people's period?, that's weird and creepy

[-] EmperorHenry@discuss.tchncs.de 3 points 2 days ago

To get the needle, you need the whole haystack. Collect everything decrypt later

[-] imPastaSyndrome@lemm.ee 29 points 4 days ago

Can I get a reminder about the apps that WILL share with the govt so I can help fuck with their data?

[-] jmcs@discuss.tchncs.de 24 points 4 days ago

All US-based apps and all the apps that store their data in US-owned cloud providers at very least.

load more comments (5 replies)
load more comments (1 replies)
[-] Undaunted@discuss.tchncs.de 22 points 4 days ago

I know it's not feasible, but if a lot of males would just use the apps that are know to report to US authorities and input data, that most likely will raise a alarms, they would have to deal with heaps of false-positives and it would obscure the real data.

[-] Ellvix@lemmy.world 14 points 4 days ago

I'm in. Anyone know of any apps that DO report data?

[-] Proposal6114@lemmy.dbzer0.com 16 points 4 days ago

Same, ready to poison data against fascists anytime.

[-] Agent641@lemmy.world 5 points 3 days ago

I just experienced my first period as a 38 year old male. I know almost nothing about them, so this is gonna be a wild ride for anyone who reads my stats.

load more comments (2 replies)
[-] KomfortablesKissen@discuss.tchncs.de 6 points 3 days ago

This is awesome, thank you for your service! Goddamn, the premises around that are just... sad.

[-] far_university190@feddit.org 22 points 4 days ago

female and male staff members at Clue, based in Berlin

Basiert und in Berlin.

π•―π–Žπ–Šπ–˜π–Š π•Άπ–”π–’π–’π–Šπ–“π–™π–†π–—π–˜π–Šπ–π–™π–Žπ–”π–“ π–Žπ–˜π–™ π–“π–šπ–“ π•°π–Žπ–Œπ–Šπ–“π–™π–šπ–’ π–‰π–Šπ–— π•­π–šπ–“π–‰π–Šπ–˜π–—π–Šπ–•π–šπ–‡π–‘π–Žπ– π•―π–Šπ–šπ–™π–˜π–ˆπ–π–‘π–†π–“π–‰

[-] homesweethomeMrL@lemmy.world 19 points 4 days ago

DO NOT put this kind of information in an app!

If you absolutely have to have it in your phone, use the calendar and pick some event that's plausible monthly with a unique name so you can search on it. "Checked for Mxyzlptik updates", "Look at travel to Canada prices" or whatever.

If you need more functionality than that you'll need an offline solution. We live in a fascist dictatorship now. They hate women. And they will 100% use that information against you if they can.

[-] serenissi@lemmy.world 13 points 4 days ago

It makes zero sense in keeping the data unencrypted in ang cloud. People usually don't share their cycles details on the public internet.

load more comments
view more: next β€Ί
this post was submitted on 11 Nov 2024
584 points (99.2% liked)

Privacy

1221 readers
61 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev