The team behind menstrual health and period tracking app Clue has said it will not disclose users’ data to American authorities, following Donald Trump’s reelection.
The message comes in response to concerns that during Trump’s second presidency, abortion bans that followed the overturn of Roe v. Wade in 2022 will worsen and states will attempt to increase menstrual surveillance in order to further restrict access to terminations.
Research conducted by the Mozilla Foundation indicates that the app referred to in the article, Clue, gathers extensive information and shares certain data with third parties for advertising, marketing, and research reasons.
Here are some menstruation tracking apps that are open-source and prioritize user privacy by keeping your data stored locally on your device:
So the government just needs to acquire this data from one of those third parties if it wants it.
Drip doesn’t save anything to the cloud, it’s all local to your device. I can’t speak to the others.
Which does mean one has to backup and manually move your tracking history to a new device. Guess who forgot to do that 😂
Good idea is to use something like Syncthing to copy data between your phone and another device like a laptop or another phone. This depends on the app, for Drip you have to manually export the data yourself on a regular basis.
Another useful idea is if you have an old phone lying around get it connected via Syncthing and back up everything to it. If your current phone dies or is lost you can switch back immediately, a hot backup. If you have root on your device you can use NeoBackup to schedule backups of the data into a folder Syncthing can access and send to backup locations, say a home computer or spare device.
Sure, but tracking period data can be very helpful for people. For a threat model of abortion criminalisation (or maybe trans healthcare criminalisation with treatments stopping periods, or really any kind of restrictions on medical autonomy), encryption at rest of locally stored period data is perfectly sufficient. They are not going to send military intelligence agencies after a random person having an abortion. It is actually a relatively low threat model, like equivalent to buying drugs online or something like that.
I mostly mean having data stored in a centralized database owned by a corporation. Since even if it’s encrypted you’re just one warrant away from the data being handed over.
They say that, but when Ken Paxton subpoenas them they will say they have no choice. It would be better to use an app that doesn’t store this data server side at all.
FOSS Period Tracking Apps Exist: (there may be others, as well)
https://fossdroid.com/a/bluemoon.html
https://fossdroid.com/a/mensinator.html
https://github.com/TotallyMonica/foss-period-tracker
Also paper and pencil.
Also the oldest known “writing” is a stick with 28 notches on it.
How does an app being FOSS defend them from warrants?
Edit. Thank you guys for the details. I learneded something new today, much appreciated.
FOSS implies it’s your hardware, therefore a subpoena would extract no information because there is no information outside of the users device.
Something being FOSS doesn’t necessarily mean it’s safe / ethical, but a LOT of FOSS apps are designed with those principles in mind.
However, being FOSS means that if an app claims that it is safe / ethical (ex. In this case, not storing data anywhere but on your device), you or an experienced peer can check the code to verify that fact.
It doesn’t, but with these apps, you can see what information they send back to their servers (if any). If there is no info getting sent back to any servers, then there’s nothing a subpoena can do since there’s no info to subpoena. You can’t obtain info that just isn’t there.
Simple. Most FOSS are built for privacy and thus do not harvest data to send to some server somewhere in the world for whatever obscure reason. The data is locally stored on your device and stays and dies there.
No callback, no selling nor surrending data.
Personally speaking, I’d quicker have all data banks destroyed than surrendered to whatever purposes, if I ever decided to build an aplication that somehow compiled data.
not defending the bogus use of the cloud to host sensitive data, nor do i unquestioningly believe this? but correcting the record since you did 80% of the work in finding the link:
Be assured that the sensitive health data you track in the Clue app is never shared with or sold to advertisers, or any partners whose services we may recommend in Clue.
If you actually read what you sent it seems like the only data that is shared to advertisers is standard marketing stuff like IP, device ID, age group, and location. Still bad and I stand with others recommending locally hosted FOSS alternatives.
Period tracking apps should store no data at all in the cloud.
Some people want convenience of accessing the data between devices.
It’s okay to store stuff in the cloud just make it’s encrypted deeply and thoroughly and that the user is the only person with the key.
There’s absolutely no reason for them to have access to this data.
Yup. I use Tuta for email, and they have a calendar feature that should be more than sufficient. Just set a recurring event for 28 days or whatever your personal cycle is, and you’re good to go! Everything is E2EE, so there’s nothing for the authorities to get.
I’m sure Proton Mail’s calendar feature is equally sufficient here, or you could self-host something like NextCloud and use the calendar that way.
It’s not about having a rigid schedule, but about actually tracking periods and analyzing the data. I’m male and that’s about all I know about it
You actually have your period the same time everytime like in a textbook? That’s sounds pretty nice, first time I heard someone has that. Usually it’s pretty random, like sometimes it’s 20 days sometimes it’s 35 and you have to calculate it with the daily temperature. I’m kinda jealous ngl
no cloud or get fossed, son.
Seriously how some business makes money doesn’t matter in the context of state surveillance
Yeah they may not cooperate with authorities, but I’m sure they’d be happy to sell it to contractors working on behalf of the government to the same ends. They already sell the info as it is.
