The team behind menstrual health and period tracking app Clue has said it will not disclose users’ data to American authorities, following Donald Trump’s reelection.

The message comes in response to concerns that during Trump’s second presidency, abortion bans that followed the overturn of Roe v. Wade in 2022 will worsen and states will attempt to increase menstrual surveillance in order to further restrict access to terminations.

  • ForgottenFlux@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    329
    ·
    1 month ago

    Research conducted by the Mozilla Foundation indicates that the app referred to in the article, Clue, gathers extensive information and shares certain data with third parties for advertising, marketing, and research reasons.

    Here are some menstruation tracking apps that are open-source and prioritize user privacy by keeping your data stored locally on your device:

    • ShepherdPie@midwest.social
      link
      fedilink
      English
      arrow-up
      125
      arrow-down
      1
      ·
      1 month ago

      So the government just needs to acquire this data from one of those third parties if it wants it.

      • ganymede@lemmy.ml
        link
        fedilink
        English
        arrow-up
        75
        ·
        edit-2
        1 month ago

        so what they’re really saying is they won’t give it away for free

        • GladiusB@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          1 month ago

          Where is Mark Zuckerberg when you need something to “accidentally” get leaked after billions of dollars are spent.

        • Lifter@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          They do claim to not share any medical data with third parties though. See other comments for source.

          I wouldn’t trust them either way…

      • Vanth@reddthat.com
        link
        fedilink
        English
        arrow-up
        27
        ·
        1 month ago

        Drip doesn’t save anything to the cloud, it’s all local to your device. I can’t speak to the others.

        Which does mean one has to backup and manually move your tracking history to a new device. Guess who forgot to do that 😂

        • rowinxavier@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 month ago

          Good idea is to use something like Syncthing to copy data between your phone and another device like a laptop or another phone. This depends on the app, for Drip you have to manually export the data yourself on a regular basis.

          Another useful idea is if you have an old phone lying around get it connected via Syncthing and back up everything to it. If your current phone dies or is lost you can switch back immediately, a hot backup. If you have root on your device you can use NeoBackup to schedule backups of the data into a folder Syncthing can access and send to backup locations, say a home computer or spare device.

          • Resonosity@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 month ago

            God I wish I could learn more about this shit.

            For all of the Linux and FOSS nerds on Lemmy, I don’t think I’ve seen one make a guide on how to have good digital stewardship of oneself. Syncthing sounds freaking awesome. Still feel like there’s a barrier to entry for me though

            • rowinxavier@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 month ago

              What OS do you use? Windows, Mac, Linux? And same for your phone? Android? If so, you should be able to get it set up on your desktop and phone.

              First, get it installed on your desktop. For windows and mac go to the Syncthing download page and grab the installer. On Linux you will find install instructing below, but basically use your package manager to install syncthing.

              Once it is installed you can start it up and it will open a GUI, most likely through your web browser (probably 127.0.0.1:8384 or similar). From here you will have your Syncthing interface for your computer set up, so on to the phone.

              On your phone install syncthing from whichever store you use, fdroid is my favourite. Once installed open it and you should have an option to add another device. You can use this to scan the QR code on your computer Syncthing interface.

              • Resonosity@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 month ago

                Currently on Windows 11 (yuck) and have a Galaxy S23.

                Next devices I’m looking at are a Framework laptop and Fairphone.

                The QR code sounds super easy which is a good sign. I guess most of my complaints rest with what a full FOSS and pro-privacy cyber-system would look like overall. I come from a Windows world so I have those household names stuck in my head, like Word, Outlook, etc. I guess I’m really looking for a guide that has a 1:1 for the entire OS from Windows to Linux, and maybe more if it improves people’s lives. Thinking Jellyfin and Bitwarden and all those purpose-driven applications.

                At this point I don’t know what I don’t know, and I just wish that some of the awesome devs on Lemmy would post a guide to all of this, soup to nuts style. Maybe one day

                • rowinxavier@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 month ago

                  I think piecemeal is a good way to go. Switch from MS Office to LibreOffice, from iOS to android, from Photoshop to Krita, then go to dual booting Linux (probably Mint or similar) with Windows, learn more using both, find what things you reboot to Windows for, find solutions for those using Wine and alternative software, get used to solving problems in Linux land and learn the tools. Once you are comfortable with a mix of both get rid of what you can, use Windows less and less, try CalyxOS or Graphene for your phone if possible, keep making steps. Each step makes progress, and imperfect solutions are a better starting point for finding better solutions.

                  That said, for the earliest steps a virtual machine is an amazing tool, as is an old laptop. You can learn to solve problems on virtual or real hardware without making your life harder then inch closer to freedom. I’ve been using Linux since 2006 and honestly it has been a constant learning process. The first year was mostly VM learning, then an accidental install on my external HDD taught me about hubris and data protection. Since then I have kept moving towards more open hardware and software one step at a time. Getting started is the key, nothing teaches as well as trying.

        • KrapKake@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 month ago

          It would be nice if it did have some automatic backup solution. Backup options could be something like Nextcloud, or some local server. Maybe even android backup but the data has to be encrypted with a password and be an opt in feature.

      • Gormadt@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        22
        ·
        1 month ago

        Having your own data can be incredibly useful and valuable, the trick is protecting that data so that nefarious actors can’t use it.

      • communism@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Sure, but tracking period data can be very helpful for people. For a threat model of abortion criminalisation (or maybe trans healthcare criminalisation with treatments stopping periods, or really any kind of restrictions on medical autonomy), encryption at rest of locally stored period data is perfectly sufficient. They are not going to send military intelligence agencies after a random person having an abortion. It is actually a relatively low threat model, like equivalent to buying drugs online or something like that.

        • Arbiter@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          1 month ago

          I mostly mean having data stored in a centralized database owned by a corporation. Since even if it’s encrypted you’re just one warrant away from the data being handed over.

          • communism@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            If only the user has the key then there’s no real concern with the data being handed over

  • TipRing@lemmy.world
    link
    fedilink
    English
    arrow-up
    146
    ·
    1 month ago

    They say that, but when Ken Paxton subpoenas them they will say they have no choice. It would be better to use an app that doesn’t store this data server side at all.

      • TachyonTele@lemm.ee
        link
        fedilink
        English
        arrow-up
        18
        arrow-down
        1
        ·
        edit-2
        1 month ago

        How does an app being FOSS defend them from warrants?

        Edit. Thank you guys for the details. I learneded something new today, much appreciated.

        • gaiussabinus@lemmy.world
          link
          fedilink
          English
          arrow-up
          36
          arrow-down
          1
          ·
          1 month ago

          FOSS implies it’s your hardware, therefore a subpoena would extract no information because there is no information outside of the users device.

            • mosiacmango@lemm.ee
              link
              fedilink
              English
              arrow-up
              24
              ·
              edit-2
              1 month ago

              “Free and open source software.” It’s an ethos that says that code should be free and open for people to use and improve as they see fit. The core of it is that if you modify any software that is FOSS, your software must also be FOSS. So overtime the software and what its used for improve, change, widen. Lucky for us, the movement has been ongoing for 50+ years, so it’s a mature ethos whose benefits are everywhere. Most of the internet runs on FOSS. Lemmy itself is FOSS.

              It doesn’t necessarily mean an app is more private, but it does mean you can generally self host, as the commentor said. There isn’t a profit motive with most FOSS, at least not at its core, so there is little desire to data harvest generally. There is also a heavy overlap between FOSS advocates and privacy advocates, so they tend to be more privacy conscious via local data storage or encryption.

              • AliasVortex@lemmy.world
                link
                fedilink
                English
                arrow-up
                9
                ·
                1 month ago

                Just to key in on the overlap between FOSS and privacy, because the source code for the software is open, it means that anyone can take a peek at how everything is running under the hood (among other things). It becomes possible to verify that software is storing data locally and properly encrypting when applicable (as opposed to blindly trusting the software’s author and or lawyers).

                It may also be a fun fact that best practice in encryption is to open source your algorithms. The helps safeguard against backdoors and mistakes/ errors that could compromise the security of the algorithm. Much for similar reasons as above, as it allows the security community to check your math (in a field where it is incredibly easy to get your math wrong).

              • TachyonTele@lemm.ee
                link
                fedilink
                English
                arrow-up
                4
                ·
                1 month ago

                Ok yeah, I understood everything in your first paragraph. The privacy part was what I was really asking about. So if you’re not self hosting you’re still at the whim of the person/company/whatever that is.

                • ch00f@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  7
                  ·
                  1 month ago

                  You could also argue that if even if you’re not self-hosting (i.e. renting server hardware from a 3rd party), your data is still in a siloed environment. While it may be accessible by law enforcement if you are targeted specifically, it’s unlikely to be dragnetted like the data collected from popular apps.

        • Otter@lemmy.ca
          link
          fedilink
          English
          arrow-up
          17
          ·
          edit-2
          1 month ago

          Something being FOSS doesn’t necessarily mean it’s safe / ethical, but a LOT of FOSS apps are designed with those principles in mind.

          However, being FOSS means that if an app claims that it is safe / ethical (ex. In this case, not storing data anywhere but on your device), you or an experienced peer can check the code to verify that fact.

        • Pirky@lemmy.world
          link
          fedilink
          English
          arrow-up
          15
          ·
          1 month ago

          It doesn’t, but with these apps, you can see what information they send back to their servers (if any). If there is no info getting sent back to any servers, then there’s nothing a subpoena can do since there’s no info to subpoena. You can’t obtain info that just isn’t there.

        • qyron@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          1 month ago

          Simple. Most FOSS are built for privacy and thus do not harvest data to send to some server somewhere in the world for whatever obscure reason. The data is locally stored on your device and stays and dies there.

          No callback, no selling nor surrending data.

          Personally speaking, I’d quicker have all data banks destroyed than surrendered to whatever purposes, if I ever decided to build an aplication that somehow compiled data.

    • spujb@lemmy.cafe
      link
      fedilink
      English
      arrow-up
      27
      ·
      1 month ago

      not defending the bogus use of the cloud to host sensitive data, nor do i unquestioningly believe this? but correcting the record since you did 80% of the work in finding the link:

      Be assured that the sensitive health data you track in the Clue app is never shared with or sold to advertisers, or any partners whose services we may recommend in Clue.

      If you actually read what you sent it seems like the only data that is shared to advertisers is standard marketing stuff like IP, device ID, age group, and location. Still bad and I stand with others recommending locally hosted FOSS alternatives.

    • rumba@lemmy.zip
      link
      fedilink
      English
      arrow-up
      42
      ·
      1 month ago

      Some people want convenience of accessing the data between devices.

      It’s okay to store stuff in the cloud just make it’s encrypted deeply and thoroughly and that the user is the only person with the key.

      There’s absolutely no reason for them to have access to this data.

      • sugar_in_your_tea
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        1 month ago

        Yup. I use Tuta for email, and they have a calendar feature that should be more than sufficient. Just set a recurring event for 28 days or whatever your personal cycle is, and you’re good to go! Everything is E2EE, so there’s nothing for the authorities to get.

        I’m sure Proton Mail’s calendar feature is equally sufficient here, or you could self-host something like NextCloud and use the calendar that way.

        • rc__buggy
          link
          fedilink
          English
          arrow-up
          11
          ·
          1 month ago

          It’s not about having a rigid schedule, but about actually tracking periods and analyzing the data. I’m male and that’s about all I know about it

          • sugar_in_your_tea
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            1 month ago

            Eh, a calendar and a spreadsheet should be enough, but I also don’t have menstrual cycles, so what do I know…

            • Otter@lemmy.ca
              link
              fedilink
              English
              arrow-up
              9
              ·
              1 month ago

              I’d imagine it’s the same as personal finance apps. A spreadsheet can be enough, and it is enough for a lot of people, but a custom app can make things easier:

              • reducing the friction of keeping track
              • built in visualizations
              • alerts
              • integrating the data with other tools

              etc.

            • Vanth@reddthat.com
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 month ago

              I tend to get headaches more frequently at a certain point in my ~monthly cycle, not at the same time I have my period. It’s nice to know it’s coming so I can plan accordingly. Like avoid being on a road trip at that time, or proactively knocking it out with meds before it even starts.

              Some people find their cycles affect their energy and recovery a lot, so they adjust their workout plans accordingly. Like knowing when within a cycle estrogen and testosterone are at their peak, versus progesterone.

              Aside from just day count between periods, some people track temp, consistency of vaginal fluid, mood, weight, and probably other things depending on their needs.

        • Sirence@feddit.org
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          1 month ago

          You actually have your period the same time everytime like in a textbook? That’s sounds pretty nice, first time I heard someone has that. Usually it’s pretty random, like sometimes it’s 20 days sometimes it’s 35 and you have to calculate it with the daily temperature. I’m kinda jealous ngl

          • sugar_in_your_tea
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 month ago

            I’m a male, but I am married to someone who has periods. And yeah, they’re not textbook, but they’re generally within a couple days. We can both tell when it’s about to happen because my SO’s hormones start going crazy (alternate between angry over small things and affectionate), and like clockwork, the menstrual cycle happens about 2 days later.

            But yeah, it’s generally about every 4 weeks, give or take a few days. It used to be all over the place, but now that she’s been better about exercise and diet, it’s a lot more consistent.

            • Sirence@feddit.org
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 month ago

              Oh that sounds really nice, in that case you really don’t need to use a period app. I have to enter my temperature, cervix condition and (I don’t know the English word for it but you know,) the ‘slime’ condition. Sometimes it’s 6 weeks, sometimes it’s 3, the app helps a lot but sometimes it’s still off.

      • sit@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        1 month ago

        no cloud or get fossed, son.

        Seriously how some business makes money doesn’t matter in the context of state surveillance

          • sugar_in_your_tea
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            2
            ·
            1 month ago

            There are calendar apps, which should get the job done, assuming your menstrual cycle is pretty regular.

            • trailee
              link
              fedilink
              English
              arrow-up
              7
              arrow-down
              1
              ·
              1 month ago

              Why would you assume the cycle is regular? It’s a biological process that can vary quite a bit, which is part of why you would want to track it in the first place. There’s also much more to track that just the expected start date of your next cycle. The various tracking apps are quite a bit more involved than just a calendar.

              • sugar_in_your_tea
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                1 month ago

                Yeah, I know they’re not necessarily regular, seeing as I’m married to someone with menstrual cycles. I guess I’m just not very familiar with what kind of data a calendar and a spreadsheet can’t solve just as easily.

                • trailee
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  1 month ago

                  Actually I’ll agree with you that a spreadsheet could do a lot, but that’s a niche solution. Building a good one requires a fair bit of technical know how, and even using one well requires a lot of understanding.

  • irotsoma@lemmy.world
    link
    fedilink
    English
    arrow-up
    63
    ·
    1 month ago

    Yeah they may not cooperate with authorities, but I’m sure they’d be happy to sell it to contractors working on behalf of the government to the same ends. They already sell the info as it is.

    • ameancow@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      ·
      1 month ago

      Or until the American people get bored with talking about it, like with everything else, then stop caring and just let whatever happen.

  • daniskarma@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    2
    ·
    1 month ago

    Why the hell period data needs to be stored on the cloud?

    How much could it weight? A few Kb? Local storage!

    I would never trust such data leaving my device when is no need for it whatsoever.

    Aren’t there any open source period tracking apps? I’ll do one, it can’t be that hard. An sqlite database patched to a frontend calendar and some basic predictions based on normal scenarios.

  • taxon@lemmy.world
    link
    fedilink
    English
    arrow-up
    48
    arrow-down
    2
    ·
    edit-2
    1 month ago

    If you want an app that stores nothing on the cloud, check it out here on Android and here on IOS. My SO loves it!

  • cum@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    39
    ·
    1 month ago

    Cool but the proper solution is that they shouldn’t have access to this data at all. It should be either stored locally, or encrypted on their servers. Companies not being able to access their consumer data should be the default.

  • SplashJackson@lemmy.ca
    link
    fedilink
    English
    arrow-up
    34
    ·
    1 month ago

    Why do they need to save the tracked period data to a server farm? Why can’t it just be saved on the phone, huh?

    • el_abuelo@programming.dev
      link
      fedilink
      English
      arrow-up
      20
      ·
      1 month ago

      Probably because they want to be able to maintain users during device switches. Given much of the world is on an annual or bi-annual cycle it’d suck to lose your users each time.

      • frayedpickles@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 month ago

        They could just do the password manager approach where the data is encrypted on your phone but stored in the cloud. App retains users, sensitive data remains private.

        • communism@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 month ago

          I wonder how many average users would be bothered to export their period database and transfer to a new phone every time they get a new phone. I do that when I get a new phone (not often, I use my phones till they break/are literally unusable and unfixable), but I’ve had real trouble getting other people to do these kinds of things.

  • FlashMobOfOne@lemmy.world
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    1
    ·
    1 month ago

    I wouldn’t trust it. We now live in an era where, if you want control of any kind of information, you simply can’t share it digitally in any way.

  • Unknown1234_5@lemmy.world
    link
    fedilink
    English
    arrow-up
    30
    ·
    1 month ago

    This kind of surveillance should be something every platform fights against. Remember that the government does not own you and they are only entitled to any of your data at all when necessary to uphold the law and under a warrant. Protect your right to privacy or they will use what you do I private to justify stripping you of all your other rights in the name of justice they will at that point no longer uphold.

    • sunzu2@thebrainbin.org
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      1 month ago

      Every corporation registered under the US law is subject to the US law.

      If you relying on a corpo to protect your data… 🤡

      • Zak@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 month ago

        Biowink GmbH is probably not a corporation registered under US law. If I had to guess, the government of Germany will not be particularly eager to force them to turn over data to the USA. The Germans take their Datenschutz very seriously.

        • sunzu2@thebrainbin.org
          link
          fedilink
          arrow-up
          2
          ·
          1 month ago

          Great point. Then they can take the hard stance but I doubt they will not to piss off largest consumer market in the world.

      • Unknown1234_5@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        1 month ago

        No I’m relying on people to protect their own data, I’m saying that platforms should too. Edit: also most of the time they don’t have to turn over anything but do so willingly, they should say no unless presented with a valid warrant.

        • sunzu2@thebrainbin.org
          link
          fedilink
          arrow-up
          2
          arrow-down
          2
          ·
          1 month ago

          Corpos are unreliable but yes they should at least pretend not to turn it over.

          Unless corpo is using zero knowledge set up, don’t use it is the really the only way to use a corpo service imho

          • Unknown1234_5@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            Yeah I think PIA is a golden example here. They’ve got RAM-only servers so they have no data to turn over in the first place.

            • sunzu2@thebrainbin.org
              link
              fedilink
              arrow-up
              1
              ·
              1 month ago

              Pia the third vendor along with proton and mullvad that are considered gold standard?

              Does it have it port-forwarding?

              • Unknown1234_5@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 month ago

                There is a setting that says port forwarding in the desktop and Android apps but I’ve never used it. If it helps, I did turn it on once to see what it was and it picks a port for you which afaik can be important.

  • kureta@lemmy.ml
    link
    fedilink
    English
    arrow-up
    26
    ·
    1 month ago

    menstrual surveillance

    Now that’s a phrase I would’ve never thought I would read.

    • captainlezbian@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      1 month ago

      Why? It’s a logical outcome of the combination of mass surveillance and draconian anti abortion laws. This is the sort of shit the judicial construction of the implied right to privacy was kinda built around stopping. This is just straight up the sort of shit Snowden warned us of.

      So yeah, the federal government (and likely state as well), who have the data from your personal devices to understand far more of your sex life than you want your friends knowing, much less your Senator, are able to purchase or subpoena data from menstrual tracking apps and will do as the law tells them to. The law, meanwhile is written by a group of people who are vastly disproportionately elderly men with little to know understanding of any branch of science or medicine. A group notable for comments like the assumption that ecoptic pregnancies can be replanted and that presenting a snowball disproves global warming. The one gynecologist of note to have been in Congress in recent memory being Ron fucking Paul, who incidentally was anti choice.

      To sum my previous paragraph to a thesis statement: people who have no idea how bodies work and couldn’t tell a Skene’s gland from a vas deferens and disproportionately think pee comes out the vagina get to decide the rules by which people who know every aspect of your life that they choose to look for decide if your menstrual irregularities are normal or an illegal abortion.

  • Brumefey
    link
    fedilink
    English
    arrow-up
    18
    ·
    edit-2
    1 month ago

    Can’t those app offer this feature : replace all the original data by pseudo random data shifting the menstruation cycle in a way that would benefit the user at that moment ? Or : shift all data to x days (easier to undo)

    It’s crazy that we live in a world where we have to think about such things…

  • Treczoks@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    1 month ago

    First I thought “WTF is period data a thing that should concern the government”, but then I noticed we are talking about the future Handmaids Tale country here.