- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
The team behind menstrual health and period tracking app Clue has said it will not disclose users’ data to American authorities, following Donald Trump’s reelection.
The message comes in response to concerns that during Trump’s second presidency, abortion bans that followed the overturn of Roe v. Wade in 2022 will worsen and states will attempt to increase menstrual surveillance in order to further restrict access to terminations.
You must log in or # to comment.
First I thought “WTF is period data a thing that should concern the government”, but then I noticed we are talking about the future Handmaids Tale country here.
Still not worth the risk to download it. Get a paper journal, they make ones that guide you through tracking all the necessary data.
Paper without some sort of code to hide what’s happening isn’t much better, considering if something ever happens you could get searched.
Shit which reminds me. Now I have to stop using the app… and delete it.
That will last only until a judge signs a warrant.
Or until the American people get bored with talking about it, like with everything else, then stop caring and just let whatever happen.
Or until Trump decides to have an army of hackers like Putin.
We already do. We wage cyber warfare with other countries the same.
Were people unclear on this? They think that the US is just letting cyber warfare happen without participating…?
Why the hell period data needs to be stored on the cloud?
How much could it weight? A few Kb? Local storage!
I would never trust such data leaving my device when is no need for it whatsoever.
Aren’t there any open source period tracking apps? I’ll do one, it can’t be that hard. An sqlite database patched to a frontend calendar and some basic predictions based on normal scenarios.
Aren’t there any open source period tracking apps?
Many. On F-Droid.
drip. menstrual cycle and fertility tracking (Open-source, non-commercial and leaves your data on your phone.) https://f-droid.org/packages/com.drip/
Drip is a pretty wild name to call your menstrual tracking app.
Everyone says that. Idk what the big deal is
That is some darkest timeline Abed type stuff.
Don’t fall for it. Read their privacy policy.
They keep your data in the cloud and share it with third parties, including advertisers.
Pen and paper doesn’t snitch.
not defending the bogus use of the cloud to host sensitive data, nor do i unquestioningly believe this? but correcting the record since you did 80% of the work in finding the link:
Be assured that the sensitive health data you track in the Clue app is never shared with or sold to advertisers, or any partners whose services we may recommend in Clue.
If you actually read what you sent it seems like the only data that is shared to advertisers is standard marketing stuff like IP, device ID, age group, and location. Still bad and I stand with others recommending locally hosted FOSS alternatives.
There are also foss alternatives. Install fdroid and get drip.
Drip is a horrible name for a period tracking app lol
I mean at that point just call it Bleed lol
GUSH
What an insightful comment, the_crotch
It actually inspired me to start writing my own competing period tracking app, Margaret Plug That Up Already You’re Ruining The Carpet
I like you
That was my first thought. Why?
You guys are talking about it arent ya?
And look how fast you memorized the name.
I had to check my phone for the name.
Why do they need to save the tracked period data to a server farm? Why can’t it just be saved on the phone, huh?
Probably because they want to be able to maintain users during device switches. Given much of the world is on an annual or bi-annual cycle it’d suck to lose your users each time.
They could just do the password manager approach where the data is encrypted on your phone but stored in the cloud. App retains users, sensitive data remains private.
I wonder how many average users would be bothered to export their period database and transfer to a new phone every time they get a new phone. I do that when I get a new phone (not often, I use my phones till they break/are literally unusable and unfixable), but I’ve had real trouble getting other people to do these kinds of things.
menstrual surveillance
Now that’s a phrase I would’ve never thought I would read.
Why? It’s a logical outcome of the combination of mass surveillance and draconian anti abortion laws. This is the sort of shit the judicial construction of the implied right to privacy was kinda built around stopping. This is just straight up the sort of shit Snowden warned us of.
So yeah, the federal government (and likely state as well), who have the data from your personal devices to understand far more of your sex life than you want your friends knowing, much less your Senator, are able to purchase or subpoena data from menstrual tracking apps and will do as the law tells them to. The law, meanwhile is written by a group of people who are vastly disproportionately elderly men with little to know understanding of any branch of science or medicine. A group notable for comments like the assumption that ecoptic pregnancies can be replanted and that presenting a snowball disproves global warming. The one gynecologist of note to have been in Congress in recent memory being Ron fucking Paul, who incidentally was anti choice.
To sum my previous paragraph to a thesis statement: people who have no idea how bodies work and couldn’t tell a Skene’s gland from a vas deferens and disproportionately think pee comes out the vagina get to decide the rules by which people who know every aspect of your life that they choose to look for decide if your menstrual irregularities are normal or an illegal abortion.
Research conducted by the Mozilla Foundation indicates that the app referred to in the article, Clue, gathers extensive information and shares certain data with third parties for advertising, marketing, and research reasons.
Here are some menstruation tracking apps that are open-source and prioritize user privacy by keeping your data stored locally on your device:
So the government just needs to acquire this data from one of those third parties if it wants it.
so what they’re really saying is they won’t give it away for free
Where is Mark Zuckerberg when you need something to “accidentally” get leaked after billions of dollars are spent.
You don’t know how fascism works, do you?
Drip doesn’t save anything to the cloud, it’s all local to your device. I can’t speak to the others.
Which does mean one has to backup and manually move your tracking history to a new device. Guess who forgot to do that 😂
It would be nice if it did have some automatic backup solution. Backup options could be something like Nextcloud, or some local server. Maybe even android backup but the data has to be encrypted with a password and be an opt in feature.
Good idea is to use something like Syncthing to copy data between your phone and another device like a laptop or another phone. This depends on the app, for Drip you have to manually export the data yourself on a regular basis.
Another useful idea is if you have an old phone lying around get it connected via Syncthing and back up everything to it. If your current phone dies or is lost you can switch back immediately, a hot backup. If you have root on your device you can use NeoBackup to schedule backups of the data into a folder Syncthing can access and send to backup locations, say a home computer or spare device.
The only way to protect data is to not gather it.
Sure, but tracking period data can be very helpful for people. For a threat model of abortion criminalisation (or maybe trans healthcare criminalisation with treatments stopping periods, or really any kind of restrictions on medical autonomy), encryption at rest of locally stored period data is perfectly sufficient. They are not going to send military intelligence agencies after a random person having an abortion. It is actually a relatively low threat model, like equivalent to buying drugs online or something like that.
I mostly mean having data stored in a centralized database owned by a corporation. Since even if it’s encrypted you’re just one warrant away from the data being handed over.
If only the user has the key then there’s no real concern with the data being handed over
Having your own data can be incredibly useful and valuable, the trick is protecting that data so that nefarious actors can’t use it.
False
The apps I wanted to share
I hadn’t seen this comment, thanks for making it.
Can’t those app offer this feature : replace all the original data by pseudo random data shifting the menstruation cycle in a way that would benefit the user at that moment ? Or : shift all data to x days (easier to undo)
It’s crazy that we live in a world where we have to think about such things…
Drip is also available on F-droid.
Haha that is some app name!
It’s the app the comment above me was recommending. I just wanted to make that clear and show that it was available outside the app stores as well.
Yeah they may not cooperate with authorities, but I’m sure they’d be happy to sell it to contractors working on behalf of the government to the same ends. They already sell the info as it is.
They say that, but when Ken Paxton subpoenas them they will say they have no choice. It would be better to use an app that doesn’t store this data server side at all.
FOSS Period Tracking Apps Exist: (there may be others, as well)
https://fossdroid.com/a/bluemoon.html
https://fossdroid.com/a/mensinator.html
https://github.com/TotallyMonica/foss-period-tracker
Also paper and pencil.
Also the oldest known “writing” is a stick with 28 notches on it.
How does an app being FOSS defend them from warrants?
Edit. Thank you guys for the details. I learneded something new today, much appreciated.
FOSS implies it’s your hardware, therefore a subpoena would extract no information because there is no information outside of the users device.
Interesting, thank you. I guess I don’t know enough about FOSS then.
“Free and open source software.” It’s an ethos that says that code should be free and open for people to use and improve as they see fit. The core of it is that if you modify any software that is FOSS, your software must also be FOSS. So overtime the software and what its used for improve, change, widen. Lucky for us, the movement has been ongoing for 50+ years, so it’s a mature ethos whose benefits are everywhere. Most of the internet runs on FOSS. Lemmy itself is FOSS.
It doesn’t necessarily mean an app is more private, but it does mean you can generally self host, as the commentor said. There isn’t a profit motive with most FOSS, at least not at its core, so there is little desire to data harvest generally. There is also a heavy overlap between FOSS advocates and privacy advocates, so they tend to be more privacy conscious via local data storage or encryption.
Just to key in on the overlap between FOSS and privacy, because the source code for the software is open, it means that anyone can take a peek at how everything is running under the hood (among other things). It becomes possible to verify that software is storing data locally and properly encrypting when applicable (as opposed to blindly trusting the software’s author and or lawyers).
It may also be a fun fact that best practice in encryption is to open source your algorithms. The helps safeguard against backdoors and mistakes/ errors that could compromise the security of the algorithm. Much for similar reasons as above, as it allows the security community to check your math (in a field where it is incredibly easy to get your math wrong).
Ok yeah, I understood everything in your first paragraph. The privacy part was what I was really asking about. So if you’re not self hosting you’re still at the whim of the person/company/whatever that is.
You could also argue that if even if you’re not self-hosting (i.e. renting server hardware from a 3rd party), your data is still in a siloed environment. While it may be accessible by law enforcement if you are targeted specifically, it’s unlikely to be dragnetted like the data collected from popular apps.
Something being FOSS doesn’t necessarily mean it’s safe / ethical, but a LOT of FOSS apps are designed with those principles in mind.
However, being FOSS means that if an app claims that it is safe / ethical (ex. In this case, not storing data anywhere but on your device), you or an experienced peer can check the code to verify that fact.
It doesn’t, but with these apps, you can see what information they send back to their servers (if any). If there is no info getting sent back to any servers, then there’s nothing a subpoena can do since there’s no info to subpoena. You can’t obtain info that just isn’t there.
That makes sense. Thank you!
Simple. Most FOSS are built for privacy and thus do not harvest data to send to some server somewhere in the world for whatever obscure reason. The data is locally stored on your device and stays and dies there.
No callback, no selling nor surrending data.
Personally speaking, I’d quicker have all data banks destroyed than surrendered to whatever purposes, if I ever decided to build an aplication that somehow compiled data.
deleted by creator
I wouldn’t trust it. We now live in an era where, if you want control of any kind of information, you simply can’t share it digitally in any way.
