Hacker News
The privacy problems hidden in your period tracker
benoau
|next
[-]
[1] https://www.thebureauinvestigates.com/stories/2025-09-03/met...
soumyadeb
|root
|parent
[-]
This one is about privacy — what data an app chooses to collect and which third parties it intentionally sends that data to. The concern isn't that someone hacked those companies. The distinction is important for us.
Disclaimer: RudderStack founder.
quadrifoliate
|next
|previous
[-]
I thought entering the information is like 90% of the tracking, everything else is mostly calculation/averaging and none of it needs to live on a server. The Euki app seems like my idea of what it would always be.
makeitdouble
|root
|parent
[-]
Paying for apps doesn't help as much as expected, as they'll want to keep the revenue stream alive. Solving this conundrum would require to deal with both side of the coin.
The real solution to this would be to give everyone and their dog a standardised online server with legally enforced privacy, and have sandboxed apps manage data in and out in a interexchangeable format, but I feel like I'm asking for peace on earth.
PS: we have banks for money, there should really be something similar for data.
troyvit
|next
|previous
[-]
https://f-droid.org/packages/com.drip/
It's not mentioned in the article.
Like Euki it's local-only. I don't know how they compare as far as features but it's cool that there are two good apps out there.
kevin_thibedeau
|next
|previous
[-]
annzabelle
|root
|parent
|next
[-]
vasco
|root
|parent
[-]
https://www.forbes.com/sites/kashmirhill/2012/02/16/how-targ...
Cider9986
|next
|previous
[-]
>Drip, Euki, and Apple Health
annzabelle
|next
|previous
[-]
The one downside is that they do days since last period as days since the end of your last period, not days since the start, unlike literally every woman and gynecologist ever.
nonameiguess
|root
|parent
[-]
faangguyindia
|root
|parent
|next
[-]
This is kinda misleading. First of all, MacroFactor uses the Gemini API for photo to calorie/macro estimation, so the data does leave their premises. It does not work completely offline, so it does call home, and after that, you never really know what happens with the data.
MacroFactor charges roughly $70 a year. MacroCodex is free and doesn't require an internet connection to work. It can also offset random weight gain due to PMS or other short term hormonal cyclical issues, as well as other water retention issues. It doesn't even ask for your phone number or email or even date of birth!! (it just asks age) on Android. On the web app, an email is required only for storing your data (due to the volatile web storage offered in PWAs, where the OS/browser can evict storage under memory pressure).
If an app doesn't collect your personal identifiable data it cannot sell it, if it's capable of running offline it can be put behind a firewall rule and/or diagnostic/telemetry data disabled in setting though i'd argue if it's not collecting your personal info and want data for improvement of specific app feature (which benefit from data analysis) then you should perhaps analyze the risk of this decision.
annzabelle
|root
|parent
|next
|previous
[-]
Sadly, a lot of the great boutique lifestyle business paid apps are apple only, and I can't stand the typing experience on iphones.
Slow_Hand
|root
|parent
|previous
[-]
The value of tracking my diet and health has been well worth it. I will happily pay their asking price and it's heartening to hear that the founders/owners are committed to good practices.
Side note: I recently switched over fully to the Proton Unlimited ecosystem. Another ethical service that I will happily pay for.
I'm beginning to think that we might be able to turn this shitty ad-industry-lead ship around, folks. Or at least we have strong alternatives these days for the people who care.
Now if I can just get my social groups to use Signal.
starefossen
|next
|previous
[-]
consonaut
|root
|parent
[-]
https://support.apple.com/en-gb/guide/security/sec88be9900f/...
chambored
|next
|previous
[-]
bell-cot
|next
|previous
[-]
> Euki is the only app Mozilla recommends without reservations. "Euki is special," Wodinsky* says.
> Unlike the other apps on this list, Mozilla says Euki keeps all your health information stored on your device, without even sending it to the company's servers.
> You don't even need to make an account, so you can stay completely anonymous. Euki also offers a "decoy" feature that shows fake, harmless information if someone gets your phone and tries to snoop.
*Shoshana Wodinsky, a privacy research analyst who tested 6 period tracker on behalf of the Mozilla Foundation
_def
|root
|parent
|next
[-]
_blk
|root
|parent
|previous
[-]
> This is also not Planned Parenthood's first run in with privacy criticisms. I wrote about similar problems four years ago, for example. The organisation didn't respond to a request for comment.
.. And it doesn't look like they care to change anything about it. Who can end this on a positive note? I hate to be this negative but I don't see it.
scotty79
|next
|previous
[-]
The technology it is built on is extremely cool. http://pears.com/
Or better yet. Why trust this one (even though the source is on github)? You can just ask your AI agent to build you your custom one on the basis of this technology.
fragmede
|next
|previous
[-]
soumyadeb
|next
|previous
[-]
Although the article doesn't accuse us of doing anything improper, we weren't contacted for comment, so I'd like to clarify our role.
We are customer data infrastructure, not a data broker. We do not buy, sell or monetize the customer data that passes through our systems.
Our role is analogous to infrastructure: customers choose what data to send, and RudderStack routes that data to the destinations they configure (analytics tools, data warehouses, marketing platforms, etc.). The customer owns the data and decides where it goes; RudderStack does not repurpose it for its own business.
Infrastructure providers like us should be held to high standards for security and privacy, but we should not be confused with companies that collect or monetize end-user data.
dijksterhuis
|root
|parent
|next
[-]
inigyou
|root
|parent
|next
|previous
[-]
hluska
|root
|parent
|next
|previous
[-]
I’m struggling to understand why you would feel the need to comment. Or why you even think the BBC would have contacted you. This is one of those moments in PR where a response with no reason makes reasonable people wonder why.
wavemode
|root
|parent
|next
[-]
> Mozilla uncovered numerous privacy problems across various apps, but Stardust was the only one found sharing detailed reproductive health data with another company.
> The report found that Stardust sends users' health information to a data management company called RudderStack, which isn't named in its privacy policy. That data includes pregnancy status, birth control, moods, alcohol consumption and specific symptoms like tender breasts and stomach cramps.
> Companies often share data with outside services to process information and analyse user behaviour. There's nothing unlawful going on, and there's no reason to think RudderStack (or any company mentioned in this story) is doing something nefarious.
> However, experts say it's inherently risky when your data spreads to more places. It creates another opportunity for security breaches or legal requests for information. Besides, you may just be uncomfortable with another company seeing your health data.
> A Stardust spokesperson says the company only uses RudderStack as a "technical pipeline" to route data into its own analytics systems, and the app doesn't share anything that could allow RudderStack to identify your name or contact information. "Additionally, RudderStack is contractually prohibited from selling or using it for its own purposes," and RudderStack doesn't store the data long-term, the spokesperson says.
> "People deserve better," says Shoshana Wodinsky, a privacy research analyst who conducted Mozilla's tests. At the very least, she says, you should know what's happening.
soumyadeb
|root
|parent
|previous
[-]
I wanted to clarify that distinction because we've already had people reach out asking whether we were involved in collecting or using this data.
Its bad PR for us