Period tracking app refuses to disclose data to American authorities - eviltoast
  • ArcaneSlime@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    16
    ·
    edit-2
    2 days ago

    They shouldn’t be collecting it in the first place, store the logs locally (and encrypted tbh) on the user’s device.

    • problematicPanther@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      2 days ago

      dystopian hellscape where government has an algorithm to check whether your period has come in a given month, and if you’ve missed more than a few weeks, you’ll be listed as pregnant. And then if you’re not pregnant anymore for any reason other than giving birth, then you’ll be prosecuted for having an abortion.

    • dance_ninja@lemmy.world
      link
      fedilink
      arrow-up
      49
      arrow-down
      1
      ·
      3 days ago

      When they start prosecuting women for miscarriages and suspected abortions under Trump’s national abortion ban.

      • rotten@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        22
        ·
        2 days ago

        Literally on video saying he doesn’t want a national abortion ban, but now they are going to take data from period apps? Even the pro lifers aren’t this unhinged.

        • auzy@lemmy.world
          link
          fedilink
          arrow-up
          7
          ·
          edit-2
          2 days ago

          For a guy who doesn’t want a ban he seems awfully proud of overturning roe vs Wade. There’s literally only one reason to do that

          Why else would he overturn it?

          Why else would he keep claiming people are aborting after birth lol.

          I think I know how he won now. I’m Australian and it turns out even I’ve been paying better attention than you

        • dance_ninja@lemmy.world
          link
          fedilink
          arrow-up
          8
          ·
          2 days ago

          Ken Paxton’s actions in Texas say otherwise.

          I wouldn’t be surprised if Trump either signs the bill when it gets to his desk or if he just lets it sit there for 10 days and it automatically becomes law without a veto.

        • MrPoopbutt@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          2 days ago

          Lol yes they are.

          Each time you think you have seen a bottom to the barrel to how low they will stoop, be prepared to be disappointed as they drill right through it and show you a whole new bottom. This bottom too will be shattered.

          Mark my words.

  • ValiantDust@feddit.org
    link
    fedilink
    arrow-up
    132
    ·
    3 days ago

    If anyone is in need of a more secure option in these dystopian times: drip keeps all your data on your phone. You can export the data, so you can keep the tracked data when changing phones. I only use it for tracking my cycle and sometimes symptoms though, so I can’t say much about using it for birth control.

    • disguy_ovahea@lemmy.world
      link
      fedilink
      arrow-up
      34
      arrow-down
      9
      ·
      3 days ago

      Apple’s Cycle Tracking app is also locally and E2E encrypted in iCloud.

      When your phone is locked with a passcode, Touch ID, or Face ID, all of your health and fitness data in the Health app, other than your Medical ID, is encrypted. Any health data synced to iCloud is encrypted both in transit and on our servers. And if you have a recent version of watchOS and iOS with the default two-factor authentication and a passcode, your health and activity data will be stored in a way that Apple can’t read it.

      This means that when you use the Cycle Tracking feature and have enabled two-factor authentication, your health data synced to iCloud is encrypted end-to-end and Apple does not have the key to decrypt the data and therefore cannot read it.

      https://support.apple.com/en-us/120356

        • uis@lemm.ee
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          2 days ago

          “If you are paying, it doesn’t mean you are not the product”

          - Cory Doctorow

        • disguy_ovahea@lemmy.world
          link
          fedilink
          arrow-up
          17
          arrow-down
          6
          ·
          edit-2
          3 days ago

          I’m not sure what that license has to do with Apple’s privacy policy. Apple uses ML to place ads alongside relevant content. They provide no customer information to advertisers. They generate so much ad revenue by keeping a sizable 30% from the advertisers.

          https://support.apple.com/guide/news-publisher/earn-revenue-with-advertising-on-apple-news-apdd44eeeeeb/icloud

          https://support.apple.com/guide/adguide/generate-revenue-apd51c721ca9/icloud

          • JackbyDev@programming.dev
            link
            fedilink
            English
            arrow-up
            17
            ·
            3 days ago

            onlinepersona posts that on every comment they make. They’re licensing their comments under CC BY-SA-NC 4.0. Given the context of the conversation it may have sounded confusing.

              • PoopingCough@lemmy.world
                link
                fedilink
                English
                arrow-up
                49
                ·
                3 days ago

                The link has nothing to do with the comment, some people just add that to all their posts because they think it will prevent LLMs from using their comments as training data. It’s useless and very stupid imo, equivalent to people on facebook a few years back copy and pasting that text about owning their pictures and not giving fb permission to use them even though permission was already given in the sign up agreement.

                • moonpiedumplings@programming.dev
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  arrow-down
                  7
                  ·
                  3 days ago

                  I actually hate this take. Unlike facebook, on lemmy, you actually own your data. Will this ownership of data be enforced against LLM companies? Probably not. Stackoverflow had everything under a license that requires attribution, but LLM’s don’t attribute and got away scot free.

                  But… the license that onlinepersona uses is less restrictive, rather than the default of an individual having absolute copyright over content they make. With onlinepersona’s comments, I know exactly what I can legally do with their comments.

                  As for everybody’s else comments, like yours, I don’t really know. Can I quote you, with or with out attribution? Can I legally remix comments? Do I have to ask permission before I use your comment in my presentation? You didn’t sign any kind of license/agreement that explicitly stated what they can do with your comments, did you?

                  I’m never gonna complain about someone explicitly releasing their work under a more free license. I find it frustrating that the fediverse is the “free culture” place and all that, but we don’t have a way to set copyright (or more likely, copyleft), on our comments. Instead, every comment is the equivalent of proprietary, source available software.

                  People mad about onlinepersona’s CC BY-NC-SA 4.0 license, like the other poster who is calling them stupid, are literally mad about receiving free shit. Stay mad, I guess. Personally, I’m happy that I am given content under a more free license than proprietary.

              • Acters@lemmy.world
                link
                fedilink
                arrow-up
                16
                ·
                3 days ago

                Oh that guy posts that link in every post he makes because he trusts the data scraping companies and legal authorities to enforce it/make it a pain to ingest his data. When in reality he is a hypocrite as his sarcasm is stupid.

      • unexposedhazard@discuss.tchncs.de
        link
        fedilink
        arrow-up
        22
        arrow-down
        10
        ·
        edit-2
        3 days ago

        Is the app and the OS open source? No? Then please shut the fuck up with your dangerous “advice”. People really still havent understood how this shit works. How is this being upvoted? Corporations do not deserve your trust when they claim things without proving them.

        This is not a joke, this shit affects peoples lives. After spearheading the technology for creeps to stalk people with physical tags, and being the first to experiment with client side communications scanning, how do people still not understand that apple is just as bad as the rest.

        • disguy_ovahea@lemmy.world
          link
          fedilink
          arrow-up
          5
          arrow-down
          14
          ·
          edit-2
          3 days ago

          Apple is very clear how they make their money. Desirable products at high margins, free customer support, and an ecosystem that encourages the purchase of additional devices and services.

          They have also been very clear about their commitment to privacy, and have consistently led the industry in customer-focused privacy software. It’s the primary reason many customers choose Apple over their competitors.

          Realistically, why would Apple blow up a $3.3T global success for an extra $10M? That 1/330 of the company value. For comparison, Apple sells ~$54M in Apple Pencils every year.

          • uis@lemm.ee
            link
            fedilink
            arrow-up
            3
            ·
            2 days ago

            “If you are paying, it doesn’t mean you are not the product”

            - Cory Doctorow

          • unexposedhazard@discuss.tchncs.de
            link
            fedilink
            arrow-up
            14
            arrow-down
            4
            ·
            edit-2
            3 days ago

            What apple wants or doesnt want to do is completely irrelevant. The fact that they have the ability to remotely modify your device is a disqualifying factor for any rational person thinking about risk of life level privacy.

            Also they can be legally forced to put backdoors into their software while, under the threat of state violence, being prohibited from telling the public about it. Thats how the US legal system works.

            They can also be forced to put on a theater to make it look like they are not giving the feds access btw.

              • unexposedhazard@discuss.tchncs.de
                link
                fedilink
                arrow-up
                15
                arrow-down
                3
                ·
                edit-2
                3 days ago

                Correct, forced software updates i.e. remotely modifying your device. Also what makes you think they have no access to your data already? Do just trust them when they say “we promise uwu” ?

                Also phones can be caught during shipping and modified, thats how the feds did it for one of their more recent big drug operations. Under Trump who fucking knows what justifications will be used to do the most vile shit.

                • disguy_ovahea@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  5
                  ·
                  edit-2
                  3 days ago

                  Updates aren’t forced. You have the ability to enable automatic updates, but they are turned off by default. They also cannot affect user data. iOS and app software is sandboxed. The kernel keeps application and OS layers independent, just like Linux. User data is stored in a separate partition.

                  Apple users will experience the same thing that all other computer owners experience when they disable updates entirely; outdated security software and limited compatibility.

          • sus@programming.dev
            link
            fedilink
            arrow-up
            4
            arrow-down
            2
            ·
            3 days ago

            Realistically, why would Apple blow up a $3.3T global success for an extra $10M? That 1/330 of the company value

            Because they know that even after being caught harvesting user data for advertising, people will still claim they don’t do that even on a specialist privacy community on lemmy. Now think just how long it will take for the average apple user to realize it

            • disguy_ovahea@lemmy.world
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              3 days ago

              Yes. There was an issue with iOS 14.1 that enabled personalized ads by default if you didn’t restore from a backup. I was working for Apple at that time. It wasn’t intentional or malicious, and a hotfix was implemented as soon as the bug was identified. The lawsuit was just. Apple fucked up.

      • ValiantDust@feddit.org
        link
        fedilink
        arrow-up
        9
        ·
        3 days ago

        I mean, the app offers encryption of the data, so you’d have to enter a password. And you can encrypt your phone as well. If it gets to a point where you are forced to enter the password, a piece of paper in your drawer is probably not much safer.

        It’s really beyond fucked up that this is something people have to think about.

  • EmperorHenry@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 days ago

    But it will still disclose that data to advertising companies which WILL give it to the authorities for a nominal fee

    Also, why does the app keep that data in a centralized location where it can be scooped up like that?

    And more importantly, people have known that everything is spyware since the Snowden leaks, why the hell would you ever give that kind of data to an app on your phone? Even if the app was totally E2EE and private, other things on your phone do all kinds of spying

  • Fosheze@lemmy.world
    link
    fedilink
    English
    arrow-up
    66
    arrow-down
    1
    ·
    3 days ago

    Why does a period tracking app even need to store the data anywhere other than locally?

    • sus@programming.dev
      link
      fedilink
      arrow-up
      44
      arrow-down
      1
      ·
      edit-2
      3 days ago

      their given reasons are “to keep backups” and “academic and clinical research with de-identified datasets”

      they seem to actually do a fairly good job with anonymizing the research datasets, unlike most “anonymized research data”, though for the raw data stored on their servers, they do not seem to use encryption properly and their security model is “the cloud hoster wouldn’t spy on the data right?” (hint: their data is stored on american servers, so the american authorities can just subpoena Amazon Web Services directly, bypassing all their “privacy guarantees”. (the replacement for the EU-US Privacy Shield seems to be on very uncertain legal grounds, and that was before the election))

        • sus@programming.dev
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          2 days ago

          no it’s not. If you reduce the information in the datapoints until none of them are unique, then it is very obviously impossible to uniquely identify someone from them. And when you have millions of users the data can definitely still be kept interesting

          (though there’s pretty big pitfalls here, as their report seems to leave open the possibility of not doing it correctly)

      • gamermanh@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        23
        ·
        3 days ago

        Then that data should be stored encrypted, salted, hashed, smashed, mashed, and passed so that only the person who is moving phones can open it

        Not just for being made to give it over but also like leaks n shit

      • Swedneck@discuss.tchncs.de
        link
        fedilink
        arrow-up
        4
        arrow-down
        2
        ·
        3 days ago

        dude, phones have built-in functions to transfer data seamlessly, i helped my dad with that a while back and it amounts to pressing some buttons and putting the phones on top of each other…

        if that’s too difficult i think you need a personal assistant.

        • ArcaneSlime@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          2 days ago

          You can what?! I’ve been using a USB drive…

          Not that I’m complaining, the USB is easy enough, but of what wizardry do you speak?

          • Swedneck@discuss.tchncs.de
            link
            fedilink
            arrow-up
            2
            ·
            2 days ago

            I think it’s only available on stock OSes, it’s one of those things we tech nerds sacrifice for freedom.
            But for the kind of person who uses a period app connected to the internet, yeah that’s not a problem lmao.

            fwiw there are apps to make migrating easier on custom OSes as well, a quick search shows at least BARIA on f-droid.

        • AbsentBird@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          2 days ago

          Why are you being so condescending?

          Phones get lost, stolen, damaged beyond repair. I knew a woman whose phone fell into a body of water on vacation and couldn’t be recovered.

          When you have an app used by millions of people, which they depend on for tracking wellness, health issues, reproductive planning, etc. it makes sense to have a cloud backup for those inevitable situations.

          Also yes, not everyone knows how to initiate an NFC file transfer, or even how to navigate their phone’s file system to select the data to transfer. You often have to develop software to the lowest common denominator. There’s open source options like Mensinator for people who want more control and privacy, but most software on the app store is targeted at less technical people.

  • Duamerthrax@lemmy.world
    link
    fedilink
    arrow-up
    40
    ·
    edit-2
    3 days ago

    That’s nice, but why does that data need to be on their servers in the first place?

    Ok, so apparently they don’t store the data by default. Guessing they could if the user wants it backed up or synced across devices.

    • Cosmonaut_Collin@lemmy.world
      link
      fedilink
      arrow-up
      21
      ·
      3 days ago

      I imagine they collect data to improve their algorithm so it can more accurately predict a woman’s cycle. Quite a few women use these apps as an alternative birth control, so knowing the specific days where they need to avoid sex is helpful.

      • Duamerthrax@lemmy.world
        link
        fedilink
        arrow-up
        13
        ·
        3 days ago

        Normally, I’d install the app to find out, but I can’t really install any more apps on my phone. And oh man, do I never like seeing the phrase “collect data to improve [their] algorithm”.

        • Droggelbecher@lemmy.world
          link
          fedilink
          arrow-up
          15
          ·
          3 days ago

          In general, medical predictions are a very good example of using AI to benefit humanity, not just shareholders. It’s still scary if it’s done by a private company.

          • Duamerthrax@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            3 days ago

            It’s a German company, so I have no idea if they have an equivalent to HIPAA(USA) or if a private company would even have to comply with it.

  • Undaunted@discuss.tchncs.de
    link
    fedilink
    arrow-up
    23
    arrow-down
    1
    ·
    3 days ago

    I know it’s not feasible, but if a lot of males would just use the apps that are know to report to US authorities and input data, that most likely will raise a alarms, they would have to deal with heaps of false-positives and it would obscure the real data.

    • Agent641@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      2 days ago

      I just experienced my first period as a 38 year old male. I know almost nothing about them, so this is gonna be a wild ride for anyone who reads my stats.

    • Hawk@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 days ago

      Wouldn’t that just break the app?

      I’m just assuming they use user data to improve the health data shown, if people are going to fill it up with bogus data, it just destroys whatever use this app has for women.

  • imPastaSyndrome@lemm.ee
    link
    fedilink
    arrow-up
    30
    arrow-down
    1
    ·
    3 days ago

    Can I get a reminder about the apps that WILL share with the govt so I can help fuck with their data?

      • SecureTaco@lemmy.asc6.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        3 days ago

        US based apps that’s are end-to-end encrypted where you control the private keys cannot physically share as they won’t have access. Even if it’s in their cloud.

        • jmcs@discuss.tchncs.de
          link
          fedilink
          arrow-up
          14
          ·
          edit-2
          3 days ago

          If the nice people at the FBI show up to your door with a warrant from a secret court set up by Trump show up to your office telling you either implement a backdoor in your app or everyone goes to jail forever, what do you do?

        • ReversalHatchery@beehaw.org
          link
          fedilink
          English
          arrow-up
          8
          ·
          3 days ago

          until they get forced to issue an update that steals your key.

          assuming you installed the app from google play.
          since for a few years now google holds the signing keys that are used for verifying that the app has not been tampered with, the app developer is not even needed for this. google can make the changes, sign the app with the key they already have, and push an update to your phone.

  • far_university190@feddit.org
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    2
    ·
    3 days ago

    female and male staff members at Clue, based in Berlin

    Basiert und in Berlin.

    𝕯𝖎𝖊𝖘𝖊 𝕶𝖔𝖒𝖒𝖊𝖓𝖙𝖆𝖗𝖘𝖊𝖐𝖙𝖎𝖔𝖓 𝖎𝖘𝖙 𝖓𝖚𝖓 𝕰𝖎𝖌𝖊𝖓𝖙𝖚𝖒 𝖉𝖊𝖗 𝕭𝖚𝖓𝖉𝖊𝖘𝖗𝖊𝖕𝖚𝖇𝖑𝖎𝖐 𝕯𝖊𝖚𝖙𝖘𝖈𝖍𝖑𝖆𝖓𝖉

  • Optional@lemmy.world
    link
    fedilink
    arrow-up
    23
    arrow-down
    4
    ·
    3 days ago

    DO NOT put this kind of information in an app!

    If you absolutely have to have it in your phone, use the calendar and pick some event that’s plausible monthly with a unique name so you can search on it. “Checked for Mxyzlptik updates”, “Look at travel to Canada prices” or whatever.

    If you need more functionality than that you’ll need an offline solution. We live in a fascist dictatorship now. They hate women. And they will 100% use that information against you if they can.

  • serenissi@lemmy.world
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    3 days ago

    It makes zero sense in keeping the data unencrypted in ang cloud. People usually don’t share their cycles details on the public internet.