If anyone is in need of a more secure option in these dystopian times: drip keeps all your data on your phone. You can export the data, so you can keep the tracked data when changing phones. I only use it for tracking my cycle and sometimes symptoms though, so I can’t say much about using it for birth control.
Apple’s Cycle Tracking app is also locally and E2E encrypted in iCloud.
When your phone is locked with a passcode, Touch ID, or Face ID, all of your health and fitness data in the Health app, other than your Medical ID, is encrypted. Any health data synced to iCloud is encrypted both in transit and on our servers. And if you have a recent version of watchOS and iOS with the default two-factor authentication and a passcode, your health and activity data will be stored in a way that Apple can’t read it.
This means that when you use the Cycle Tracking feature and have enabled two-factor authentication, your health data synced to iCloud is encrypted end-to-end and Apple does not have the key to decrypt the data and therefore cannot read it.
Sure. It’s encrypted. And your private data only stays on your device. Pinky swear.
With our 10 billion $ in ad revenue, you can trust that your data never makes it to a third party unencrypted 😚
I’m not sure what that license has to do with Apple’s privacy policy. Apple uses ML to place ads alongside relevant content. They provide no customer information to advertisers. They generate so much ad revenue by keeping a sizable 30% from the advertisers.
https://support.apple.com/guide/adguide/generate-revenue-apd51c721ca9/icloud
onlinepersona posts that on every comment they make. They’re licensing their comments under CC BY-SA-NC 4.0. Given the context of the conversation it may have sounded confusing.
I too trust every word apple says.
That’s the second time you posted that. What does it have to do with Apple’s privacy?
The link has nothing to do with the comment, some people just add that to all their posts because they think it will prevent LLMs from using their comments as training data. It’s useless and very stupid imo, equivalent to people on facebook a few years back copy and pasting that text about owning their pictures and not giving fb permission to use them even though permission was already given in the sign up agreement.
I actually hate this take. Unlike facebook, on lemmy, you actually own your data. Will this ownership of data be enforced against LLM companies? Probably not. Stackoverflow had everything under a license that requires attribution, but LLM’s don’t attribute and got away scot free.
But… the license that onlinepersona uses is less restrictive, rather than the default of an individual having absolute copyright over content they make. With onlinepersona’s comments, I know exactly what I can legally do with their comments.
As for everybody’s else comments, like yours, I don’t really know. Can I quote you, with or with out attribution? Can I legally remix comments? Do I have to ask permission before I use your comment in my presentation? You didn’t sign any kind of license/agreement that explicitly stated what they can do with your comments, did you?
I’m never gonna complain about someone explicitly releasing their work under a more free license. I find it frustrating that the fediverse is the “free culture” place and all that, but we don’t have a way to set copyright (or more likely, copyleft), on our comments. Instead, every comment is the equivalent of proprietary, source available software.
People mad about onlinepersona’s CC BY-NC-SA 4.0 license, like the other poster who is calling them stupid, are literally mad about receiving free shit. Stay mad, I guess. Personally, I’m happy that I am given content under a more free license than proprietary.
Oh that guy posts that link in every post he makes because he trusts the data scraping companies and legal authorities to enforce it/make it a pain to ingest his data. When in reality he is a hypocrite as his sarcasm is stupid.
“If you are paying, it doesn’t mean you are not the product”
- Cory Doctorow
Is the app and the OS open source? No? Then please shut the fuck up with your dangerous “advice”. People really still havent understood how this shit works. How is this being upvoted? Corporations do not deserve your trust when they claim things without proving them.
This is not a joke, this shit affects peoples lives. After spearheading the technology for creeps to stalk people with physical tags, and being the first to experiment with client side communications scanning, how do people still not understand that apple is just as bad as the rest.
Apple is very clear how they make their money. Desirable products at high margins, free customer support, and an ecosystem that encourages the purchase of additional devices and services.
They have also been very clear about their commitment to privacy, and have consistently led the industry in customer-focused privacy software. It’s the primary reason many customers choose Apple over their competitors.
Realistically, why would Apple blow up a $3.3T global success for an extra $10M? That 1/330 of the company value. For comparison, Apple sells ~$54M in Apple Pencils every year.
What apple wants or doesnt want to do is completely irrelevant. The fact that they have the ability to remotely modify your device is a disqualifying factor for any rational person thinking about risk of life level privacy.
Also they can be legally forced to put backdoors into their software while, under the threat of state violence, being prohibited from telling the public about it. Thats how the US legal system works.
They can also be forced to put on a theater to make it look like they are not giving the feds access btw.
How can Apple remotely modify your device? Software updates? They have no access to your data.
Correct, forced software updates i.e. remotely modifying your device. Also what makes you think they have no access to your data already? Do just trust them when they say “we promise uwu” ?
Also phones can be caught during shipping and modified, thats how the feds did it for one of their more recent big drug operations. Under Trump who fucking knows what justifications will be used to do the most vile shit.
Updates aren’t forced. You have the ability to enable automatic updates, but they are turned off by default. They also cannot affect user data. iOS and app software is sandboxed. The kernel keeps application and OS layers independent, just like Linux. User data is stored in a separate partition.
Apple users will experience the same thing that all other computer owners experience when they disable updates entirely; outdated security software and limited compatibility.
Realistically, why would Apple blow up a $3.3T global success for an extra $10M? That 1/330 of the company value
Because they know that even after being caught harvesting user data for advertising, people will still claim they don’t do that even on a specialist privacy community on lemmy. Now think just how long it will take for the average apple user to realize it
Yes. There was an issue with iOS 14.1 that enabled personalized ads by default if you didn’t restore from a backup. I was working for Apple at that time. It wasn’t intentional or malicious, and a hotfix was implemented as soon as the bug was identified. The lawsuit was just. Apple fucked up.
“If you are paying, it doesn’t mean you are not the product”
- Cory Doctorow
For better E2E encryption, you should turn on Advanced Data Protection: https://support.apple.com/en-us/108756
What a name lol
Best to write your data down. Do not put on device or online.
I mean, the app offers encryption of the data, so you’d have to enter a password. And you can encrypt your phone as well. If it gets to a point where you are forced to enter the password, a piece of paper in your drawer is probably not much safer.
It’s really beyond fucked up that this is something people have to think about.
Why does a period tracking app even need to store the data anywhere other than locally?
their given reasons are “to keep backups” and “academic and clinical research with de-identified datasets”
they seem to actually do a fairly good job with anonymizing the research datasets, unlike most “anonymized research data”, though for the raw data stored on their servers, they do not seem to use encryption properly and their security model is “the cloud hoster wouldn’t spy on the data right?” (hint: their data is stored on american servers, so the american authorities can just subpoena Amazon Web Services directly, bypassing all their “privacy guarantees”. (the replacement for the EU-US Privacy Shield seems to be on very uncertain legal grounds, and that was before the election))
De-identified data is an oxymoron. Basically any dataset that’s in any way interesting is identifiable.
no it’s not. If you reduce the information in the datapoints until none of them are unique, then it is very obviously impossible to uniquely identify someone from them. And when you have millions of users the data can definitely still be kept interesting
(though there’s pretty big pitfalls here, as their report seems to leave open the possibility of not doing it correctly)
Sometimes people get new phones 🤷♀️
Then that data should be stored encrypted, salted, hashed, smashed, mashed, and passed so that only the person who is moving phones can open it
Not just for being made to give it over but also like leaks n shit
Boiled too
Sure, personally I think we should do that for all personal data. It’s a bit depressing that period trackers are being targeted in this way though.
dude, phones have built-in functions to transfer data seamlessly, i helped my dad with that a while back and it amounts to pressing some buttons and putting the phones on top of each other…
if that’s too difficult i think you need a personal assistant.
You can what?! I’ve been using a USB drive…
Not that I’m complaining, the USB is easy enough, but of what wizardry do you speak?
I think it’s only available on stock OSes, it’s one of those things we tech nerds sacrifice for freedom.
But for the kind of person who uses a period app connected to the internet, yeah that’s not a problem lmao.fwiw there are apps to make migrating easier on custom OSes as well, a quick search shows at least BARIA on f-droid.
Oh cool I’ll check out Baria, thanks!
Why are you being so condescending?
Phones get lost, stolen, damaged beyond repair. I knew a woman whose phone fell into a body of water on vacation and couldn’t be recovered.
When you have an app used by millions of people, which they depend on for tracking wellness, health issues, reproductive planning, etc. it makes sense to have a cloud backup for those inevitable situations.
Also yes, not everyone knows how to initiate an NFC file transfer, or even how to navigate their phone’s file system to select the data to transfer. You often have to develop software to the lowest common denominator. There’s open source options like Mensinator for people who want more control and privacy, but most software on the app store is targeted at less technical people.
That’s nice, but why does that data need to be on their servers in the first place?Ok, so apparently they don’t store the data by default. Guessing they could if the user wants it backed up or synced across devices.
I imagine they collect data to improve their algorithm so it can more accurately predict a woman’s cycle. Quite a few women use these apps as an alternative birth control, so knowing the specific days where they need to avoid sex is helpful.
Normally, I’d install the app to find out, but I can’t really install any more apps on my phone. And oh man, do I never like seeing the phrase “collect data to improve [their] algorithm”.
In general, medical predictions are a very good example of using AI to benefit humanity, not just shareholders. It’s still scary if it’s done by a private company.
It’s a German company, so I have no idea if they have an equivalent to HIPAA(USA) or if a private company would even have to comply with it.
health data in all of eu regulated by gdpr. but did not find reference quick (lost link). but special protection on health data, hipaa is joke compared.
on other hand, all data you tell your doctor confidential (Arztschweigepflicht). legally even police or judge cannot ask for what you talk about.
Does this company fall under those rules? Even if the person isn’t a citizen of Germany?
The GDPR applies to:
- a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
- a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
company definitely fit 1.
Does GDPR apply to non-EU citizens?
Yes, it applies to non-EU citizens under certain circumstances. The regulation is designed to protect the personal data of individuals within the EU, but its scope extends beyond EU borders. It applies to any organisation, anywhere in the world, that processes the personal data of individuals in the EU. This includes non-EU citizens who are in the EU at the time of data collection.
only location important for gdpr. but honest, bet they process all data the same. no idea if legally different, not lawyer.
if mean Artzschweigepflicht, that specific between you and doctor. was example for health data taken serious in germany.
Any woman on here, please consider bluemoon. My wife is tech illiterate but loves the app.
Bluemoon (Open source, privacy friendly menstruation tracking app. Your period, your data!) https://f-droid.org/packages/ch.nilsgrob.android.bluemoon/
I can recommend Mensinator. It includes logging and calculated ovulation day too. Something I could not see in bluemoon screenshots.
Mensinator
Sounds like something from Doofenshmirtz.
Doofenshmirtz Evil incorporateeeeed
Can I get a reminder about the apps that WILL share with the govt so I can help fuck with their data?
All US-based apps and all the apps that store their data in US-owned cloud providers at very least.
US based apps that’s are end-to-end encrypted where you control the private keys cannot physically share as they won’t have access. Even if it’s in their cloud.
If the nice people at the FBI show up to your door with a warrant from a secret court set up by Trump show up to your office telling you either implement a backdoor in your app or everyone goes to jail forever, what do you do?
the devs don’t even need to know about it. google has the app signing keys, they can make a change anytime they want. read my reply to their comment
Start blasting.
until they get forced to issue an update that steals your key.
assuming you installed the app from google play.
since for a few years now google holds the signing keys that are used for verifying that the app has not been tampered with, the app developer is not even needed for this. google can make the changes, sign the app with the key they already have, and push an update to your phone.
Probably the rest of them.
I know it’s not feasible, but if a lot of males would just use the apps that are know to report to US authorities and input data, that most likely will raise a alarms, they would have to deal with heaps of false-positives and it would obscure the real data.
I’m in. Anyone know of any apps that DO report data?
Same, ready to poison data against fascists anytime.
I just experienced my first period as a 38 year old male. I know almost nothing about them, so this is gonna be a wild ride for anyone who reads my stats.
Wouldn’t that just break the app?
I’m just assuming they use user data to improve the health data shown, if people are going to fill it up with bogus data, it just destroys whatever use this app has for women.
Do you want to be protected or do you want the app optimized pick one
female and male staff members at Clue, based in Berlin
Basiert und in Berlin.
𝕯𝖎𝖊𝖘𝖊 𝕶𝖔𝖒𝖒𝖊𝖓𝖙𝖆𝖗𝖘𝖊𝖐𝖙𝖎𝖔𝖓 𝖎𝖘𝖙 𝖓𝖚𝖓 𝕰𝖎𝖌𝖊𝖓𝖙𝖚𝖒 𝖉𝖊𝖗 𝕭𝖚𝖓𝖉𝖊𝖘𝖗𝖊𝖕𝖚𝖇𝖑𝖎𝖐 𝕯𝖊𝖚𝖙𝖘𝖈𝖍𝖑𝖆𝖓𝖉
DO NOT put this kind of information in an app!
If you absolutely have to have it in your phone, use the calendar and pick some event that’s plausible monthly with a unique name so you can search on it. “Checked for Mxyzlptik updates”, “Look at travel to Canada prices” or whatever.
If you need more functionality than that you’ll need an offline solution. We live in a fascist dictatorship now. They hate women. And they will 100% use that information against you if they can.
They shouldn’t be collecting it in the first place, store the logs locally (and encrypted tbh) on the user’s device.
It makes zero sense in keeping the data unencrypted in ang cloud. People usually don’t share their cycles details on the public internet.
I’m glad this article is about Clue. I hope I can continue to trust them.
I’ve been using Clue for years and it’s nicely trans-friendly and not-pink. When I was first looking for a period app, many options were focused on fertility–either seeking or avoiding pregnancy–which rubbed me the wrong way.
tf is usa on, why they need perios statistics
So they can prosecute people for getting illegal abortions.
typical Trump presidency bullshit. Yet they fail to prosecuate many gangsters and rich money launderers. like this was the biggest problem ever
This is awesome, thank you for your service! Goddamn, the premises around that are just… sad.
But it will still disclose that data to advertising companies which WILL give it to the authorities for a nominal fee
Also, why does the app keep that data in a centralized location where it can be scooped up like that?
And more importantly, people have known that everything is spyware since the Snowden leaks, why the hell would you ever give that kind of data to an app on your phone? Even if the app was totally E2EE and private, other things on your phone do all kinds of spying
Why US gov need to know about people’s period?, that’s weird and creepy
To get the needle, you need the whole haystack. Collect everything decrypt later