The privacy problems hidden in your period tracker

(bbc.com)

51 points | by tchalla 2 hours ago

10 comments

  • troyvit 1 hour ago
    Somebody on HN recommended drip awhile ago:

    https://f-droid.org/packages/com.drip/

    It's not mentioned in the article.

    Like Euki it's local-only. I don't know how they compare as far as features but it's cool that there are two good apps out there.

  • kevin_thibedeau 46 minutes ago
    Whenever this issue comes up I feel the need to relay a story about a meeting with a databroker in 1998 who was tracking menstrual cycles using purchasing records of a wide variety of consumer goods. They will track you to optimize their manipulative, targeted advertising whether you have an invasive app or not.
    • annzabelle 32 minutes ago
      I've heard rumors, maybe that far back, of women getting mail ads for baby clothes a couple weeks before having a positive pregnancy test.
  • Cider9986 1 hour ago
    List of recommended ones: https://www.privacyguides.org/en/health-and-wellness/#menstr...

    >Drip, Euki, and Apple Health

  • annzabelle 1 hour ago
    I use Macrofactor (macro tracking app for lifters with good privacy/UI) as a weight/period tracker, and occasional macro tracker. I don't think anybody is going to go to the effort to hack their databases to find the 100 women tracking our periods on it.

    The one downside is that they do days since last period as days since the end of your last period, not days since the start, unlike literally every woman and gynecologist ever.

    • nonameiguess 1 hour ago
      MacroFactor is very rare in the modern software world, probably because it was created by fitness science junkies rather than VCs or engineers. Greg was extremely adamant from the start that they're charging money, take it or leave it, but selling the product itself is all they're ever going to sell. No monetizing user data. No dark patterns to drive engagement and keep you in the app. All they're trying to drive is better lifting and better eating because that's honest to god Greg and Lindsay Nuckols passions in life, not getting rich. Classic lifestyle business that'll never eat the world, but it'll pay the rent in North Carolina for two 40 year-olds with no kids.
      • annzabelle 34 minutes ago
        I do find that the best apps are the paid ones, they don't need to be relying on selling user data to make a profit.

        Sadly, a lot of the great boutique lifestyle business paid apps are apple only, and I can't stand the typing experience on iphones.

      • Slow_Hand 32 minutes ago
        I've been using Macrofactor for many years (after a HN recommendation) and now that you mention it, I've been super happy with the experience and don't detect a whiff of dark patterns, unwarranted tracking, or bad business practices that plague other apps.

        The value of tracking my diet and health has been well worth it. I will happily pay their asking price and it's heartening to hear that the founders/owners are committed to good practices.

        Side note: I recently switched over fully to the Proton Unlimited ecosystem. Another ethical service that I will happily pay for.

        I'm beginning to think that we might be able to turn this shitty ad-industry-lead ship around, folks. Or at least we have strong alternatives these days for the people who care.

        Now if I can just get my social groups to use Signal.

  • chambored 33 minutes ago
    As others in the thread have pointed out, Euki is a wonderful application and having interacted with members of their team, I know they are committed to maintaining their liberating privacy stances.
  • starefossen 1 hour ago
    Apple Health was not among the reviewed?
  • bell-cot 2 hours ago
    Only one (of the six reviewed) that I'd call acceptable -

    > Euki is the only app Mozilla recommends without reservations. "Euki is special," Wodinsky* says.

    > Unlike the other apps on this list, Mozilla says Euki keeps all your health information stored on your device, without even sending it to the company's servers.

    > You don't even need to make an account, so you can stay completely anonymous. Euki also offers a "decoy" feature that shows fake, harmless information if someone gets your phone and tries to snoop.

    *Shoshana Wodinsky, a privacy research analyst who tested 6 period tracker on behalf of the Mozilla Foundation

    • _def 1 hour ago
      It's really sad to see that this is not the usual kind of software people are exposed too.
    • _blk 1 hour ago
      It indeed looks like the rest are "you're the product" (tm) type apps. Honestly, I don't expect much from Play Store (or App Store for that matter) these days but as a developer it's terrible what hoops you have to go through to publish your app.. Endless forms to fill out manually and then the overall store quality is just disappointing. Ads, ads, more ads and privacy and security debacles. Now it also looks like locking down on outside app stores like F-Droid.. Developers and hackers will find solutions but for the general population I'm not very hopeful. As to the period apps:

      > This is also not Planned Parenthood's first run in with privacy criticisms. I wrote about similar problems four years ago, for example. The organisation didn't respond to a request for comment.

      .. And it doesn't look like they care to change anything about it. Who can end this on a positive note? I hate to be this negative but I don't see it.

  • scotty79 20 minutes ago
    Why not something p2p and encrypted? https://peerloomllc.com/pearpetal/ No servers, no problem. You fear losing your device? I'm sure you have more than one, any additional one you have is a fully functional backup.

    The technology it is built on is extremely cool. http://pears.com/

    Or better yet. Why trust this one (even though the source is on github)? You can just ask your AI agent to build you your custom one on the basis of this technology.

  • soumyadeb 1 hour ago
    RudderStack founder here.

    Although the article doesn't accuse us of doing anything improper, we weren't contacted for comment, so I'd like to clarify our role.

    We are customer data infrastructure, not a data broker. We do not buy, sell or monetize the customer data that passes through our systems.

    Our role is analogous to infrastructure: customers choose what data to send, and RudderStack routes that data to the destinations they configure (analytics tools, data warehouses, marketing platforms, etc.). The customer owns the data and decides where it goes; RudderStack does not repurpose it for its own business.

    Infrastructure providers like us should be held to high standards for security and privacy, but we should not be confused with companies that collect or monetize end-user data.

    • inigyou 42 minutes ago
      Are analytics tools, data warehouses, and marketing platforms the only types of destinations you support? Because if that's the case then your system appears to only be useful for privacy invasions.
    • hluska 42 minutes ago
      The article did not accuse you of anything and went so far as to say “There's nothing unlawful going on, and there's no reason to think RudderStack (or any company mentioned in this story) is doing something nefarious.”

      I’m struggling to understand why you would feel the need to comment. Or why you even think the BBC would have contacted you. This is one of those moments in PR where a response with no reason makes reasonable people wonder why.

      • soumyadeb 17 minutes ago
        My concern is that terms like "data management company" (and another article described us as an "analytics company") are broad enough that many readers could reasonably infer we're collecting, storing, or monetizing sensitive end-user data.

        I wanted to clarify that distinction because we've already had people reach out asking whether we were involved in collecting or using this data.

        Its bad PR for us

    • _blk 51 minutes ago
      Awesome insight. Thanks for clarifying! @bbc please update because there's definitely an implicit complicity in your article.