this post was submitted on 11 Nov 2024
585 points (99.2% liked)

Privacy

1266 readers
158 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Fosheze@lemmy.world 64 points 1 week ago (2 children)

Why does a period tracking app even need to store the data anywhere other than locally?

[–] sus@programming.dev 43 points 1 week ago* (last edited 1 week ago) (2 children)

their given reasons are "to keep backups" and "academic and clinical research with de-identified datasets"

they seem to actually do a fairly good job with anonymizing the research datasets, unlike most "anonymized research data", though for the raw data stored on their servers, they do not seem to use encryption properly and their security model is "the cloud hoster wouldn't spy on the data right?" (hint: their data is stored on american servers, so the american authorities can just subpoena Amazon Web Services directly, bypassing all their "privacy guarantees". (the replacement for the EU-US Privacy Shield seems to be on very uncertain legal grounds, and that was before the election))

[–] Anticorp@lemmy.world 13 points 1 week ago

de-identified

Doubt.

[–] ballmerpeaking@programming.dev 6 points 1 week ago* (last edited 1 week ago) (1 children)

De-identified data is an oxymoron. Basically any dataset that's in any way interesting is identifiable.

[–] sus@programming.dev 4 points 1 week ago* (last edited 1 week ago)

no it's not. If you reduce the information in the datapoints until none of them are unique, then it is very obviously impossible to uniquely identify someone from them. And when you have millions of users the data can definitely still be kept interesting

(though there's pretty big pitfalls here, as their report seems to leave open the possibility of not doing it correctly)

[–] absentbird@lemm.ee 8 points 1 week ago (2 children)

Sometimes people get new phones 🤷‍♀️

[–] gamermanh@lemmy.dbzer0.com 23 points 1 week ago (2 children)

Then that data should be stored encrypted, salted, hashed, smashed, mashed, and passed so that only the person who is moving phones can open it

Not just for being made to give it over but also like leaks n shit

[–] Scolding7300@lemmy.world 8 points 1 week ago (1 children)
[–] MeThisGuy@feddit.nl 6 points 1 week ago (1 children)
[–] PlainSimpleGarak@lemm.ee 1 points 1 week ago

Baby you got a stew goin'!

[–] absentbird@lemm.ee 4 points 1 week ago

Sure, personally I think we should do that for all personal data. It's a bit depressing that period trackers are being targeted in this way though.

[–] Swedneck@discuss.tchncs.de 2 points 1 week ago (2 children)

dude, phones have built-in functions to transfer data seamlessly, i helped my dad with that a while back and it amounts to pressing some buttons and putting the phones on top of each other..

if that's too difficult i think you need a personal assistant.

[–] ArcaneSlime@lemmy.dbzer0.com 3 points 1 week ago* (last edited 1 week ago) (1 children)

You can what?! I've been using a USB drive..

Not that I'm complaining, the USB is easy enough, but of what wizardry do you speak?

[–] Swedneck@discuss.tchncs.de 2 points 1 week ago (1 children)

I think it's only available on stock OSes, it's one of those things we tech nerds sacrifice for freedom.
But for the kind of person who uses a period app connected to the internet, yeah that's not a problem lmao.

fwiw there are apps to make migrating easier on custom OSes as well, a quick search shows at least BARIA on f-droid.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 week ago

Oh cool I'll check out Baria, thanks!

[–] absentbird@lemm.ee 1 points 1 week ago

Why are you being so condescending?

Phones get lost, stolen, damaged beyond repair. I knew a woman whose phone fell into a body of water on vacation and couldn't be recovered.

When you have an app used by millions of people, which they depend on for tracking wellness, health issues, reproductive planning, etc. it makes sense to have a cloud backup for those inevitable situations.

Also yes, not everyone knows how to initiate an NFC file transfer, or even how to navigate their phone's file system to select the data to transfer. You often have to develop software to the lowest common denominator. There's open source options like Mensinator for people who want more control and privacy, but most software on the app store is targeted at less technical people.