Why does a period tracking app even need to store the data anywhere other than locally?
their given reasons are “to keep backups” and “academic and clinical research with de-identified datasets”
they seem to actually do a fairly good job with anonymizing the research datasets, unlike most “anonymized research data”, though for the raw data stored on their servers, they do not seem to use encryption properly and their security model is “the cloud hoster wouldn’t spy on the data right?” (hint: their data is stored on american servers, so the american authorities can just subpoena Amazon Web Services directly, bypassing all their “privacy guarantees”. (the replacement for the EU-US Privacy Shield seems to be on very uncertain legal grounds, and that was before the election))
If anyone is in need of a more secure option in these dystopian times: drip keeps all your data on your phone. You can export the data, so you can keep the tracked data when changing phones. I only use it for tracking my cycle and sometimes symptoms though, so I can’t say much about using it for birth control.
Apple’s Cycle Tracking app is also locally and E2E encrypted in iCloud.
When your phone is locked with a passcode, Touch ID, or Face ID, all of your health and fitness data in the Health app, other than your Medical ID, is encrypted. Any health data synced to iCloud is encrypted both in transit and on our servers. And if you have a recent version of watchOS and iOS with the default two-factor authentication and a passcode, your health and activity data will be stored in a way that Apple can’t read it.
This means that when you use the Cycle Tracking feature and have enabled two-factor authentication, your health data synced to iCloud is encrypted end-to-end and Apple does not have the key to decrypt the data and therefore cannot read it.
Is the app and the OS open source? No? Then please shut the fuck up with your dangerous “advice”. People really still havent understood how this shit works. How is this being upvoted? Corporations do not deserve your trust when they claim things without proving them.
This is not a joke, this shit affects peoples lives. After spearheading the technology for creeps to stalk people with physical tags, and being the first to experiment with client side communications scanning, how do people still not understand that apple is just as bad as the rest.
Apple is very clear how they make their money. Desirable products at high margins, free customer support, and an ecosystem that encourages the purchase of additional devices and services.
They have also been very clear about their commitment to privacy, and have consistently led the industry in customer-focused privacy software. It’s the primary reason many customers choose Apple over their competitors.
Realistically, why would Apple blow up a $3.3T global success for an extra $10M? That 1/330 of the company value. For comparison, Apple sells ~$54M in Apple Pencils every year.
What apple wants or doesnt want to do is completely irrelevant. The fact that they have the ability to remotely modify your device is a disqualifying factor for any rational person thinking about risk of life level privacy.
Also they can be legally forced to put backdoors into their software while, under the threat of state violence, being prohibited from telling the public about it. Thats how the US legal system works.
They can also be forced to put on a theater to make it look like they are not giving the feds access btw.
Realistically, why would Apple blow up a $3.3T global success for an extra $10M? That 1/330 of the company value
Because they know that even after being caught harvesting user data for advertising, people will still claim they don’t do that even on a specialist privacy community on lemmy. Now think just how long it will take for the average apple user to realize it
Yes. There was an issue with iOS 14.1 that enabled personalized ads by default if you didn’t restore from a backup. I was working for Apple at that time. It wasn’t intentional or malicious, and a hotfix was implemented as soon as the bug was identified. The lawsuit was just. Apple fucked up.
Sure. It’s encrypted. And your private data only stays on your device. Pinky swear.
With our 10 billion $ in ad revenue, you can trust that your data never makes it to a third party unencrypted 😚
I’m not sure what that license has to do with Apple’s privacy policy. Apple uses ML to place ads alongside relevant content. They provide no customer information to advertisers. They generate so much ad revenue by keeping a sizable 30% from the advertisers.
https://support.apple.com/guide/adguide/generate-revenue-apd51c721ca9/icloud
I too trust every word apple says.
That’s the second time you posted that. What does it have to do with Apple’s privacy?
The link has nothing to do with the comment, some people just add that to all their posts because they think it will prevent LLMs from using their comments as training data. It’s useless and very stupid imo, equivalent to people on facebook a few years back copy and pasting that text about owning their pictures and not giving fb permission to use them even though permission was already given in the sign up agreement.
I actually hate this take. Unlike facebook, on lemmy, you actually own your data. Will this ownership of data be enforced against LLM companies? Probably not. Stackoverflow had everything under a license that requires attribution, but LLM’s don’t attribute and got away scot free.
But… the license that onlinepersona uses is less restrictive, rather than the default of an individual having absolute copyright over content they make. With onlinepersona’s comments, I know exactly what I can legally do with their comments.
As for everybody’s else comments, like yours, I don’t really know. Can I quote you, with or with out attribution? Can I legally remix comments? Do I have to ask permission before I use your comment in my presentation? You didn’t sign any kind of license/agreement that explicitly stated what they can do with your comments, did you?
I’m never gonna complain about someone explicitly releasing their work under a more free license. I find it frustrating that the fediverse is the “free culture” place and all that, but we don’t have a way to set copyright (or more likely, copyleft), on our comments. Instead, every comment is the equivalent of proprietary, source available software.
People mad about onlinepersona’s CC BY-NC-SA 4.0 license, like the other poster who is calling them stupid, are literally mad about receiving free shit. Stay mad, I guess. Personally, I’m happy that I am given content under a more free license than proprietary.
DO NOT put this kind of information in an app!
If you absolutely have to have it in your phone, use the calendar and pick some event that’s plausible monthly with a unique name so you can search on it. “Checked for Mxyzlptik updates”, “Look at travel to Canada prices” or whatever.
If you need more functionality than that you’ll need an offline solution. We live in a fascist dictatorship now. They hate women. And they will 100% use that information against you if they can.
They shouldn’t be collecting it in the first place, store the logs locally (and encrypted tbh) on the user’s device.
Can I get a reminder about the apps that WILL share with the govt so I can help fuck with their data?
That’s nice, but why does that data need to be on their servers in the first place?Ok, so apparently they don’t store the data by default. Guessing they could if the user wants it backed up or synced across devices.
I imagine they collect data to improve their algorithm so it can more accurately predict a woman’s cycle. Quite a few women use these apps as an alternative birth control, so knowing the specific days where they need to avoid sex is helpful.
Normally, I’d install the app to find out, but I can’t really install any more apps on my phone. And oh man, do I never like seeing the phrase “collect data to improve [their] algorithm”.
In general, medical predictions are a very good example of using AI to benefit humanity, not just shareholders. It’s still scary if it’s done by a private company.
It’s a German company, so I have no idea if they have an equivalent to HIPAA(USA) or if a private company would even have to comply with it.
I know it’s not feasible, but if a lot of males would just use the apps that are know to report to US authorities and input data, that most likely will raise a alarms, they would have to deal with heaps of false-positives and it would obscure the real data.
I just experienced my first period as a 38 year old male. I know almost nothing about them, so this is gonna be a wild ride for anyone who reads my stats.
It makes zero sense in keeping the data unencrypted in ang cloud. People usually don’t share their cycles details on the public internet.
