Cambridge researchers urge public health bodies like the NHS to provide trustworthy, research-driven alternatives to platforms driven by profit.
Smartphone apps that track menstrual cycles are a “gold mine” for consumer profiling, collecting information on everything from exercise, diet and medication to sexual preferences, hormone levels and contraception use.
This is according to a new report from the University of Cambridge’s Minderoo Centre for Technology and Democracy, which argues that the financial worth of this data is “vastly underestimated” by users who supply profit-driven companies with highly intimate details in a market lacking in regulation.
The report’s authors caution that cycle tracking app (CTA) data in the wrong hands could result in risks to job prospects, workplace monitoring, health insurance discrimination and cyberstalking – and limit access to abortion.
They call for better governance of the booming ‘femtech’ industry to protect users when their data is sold at scale, arguing that apps must provide clear consent options rather than all-or-nothing data collection, and urge public health bodies to launch alternatives to commercial CTAs.
“Menstrual cycle tracking apps are presented as empowering women and addressing the gender health gap,” said Dr Stefanie Felsberger, lead author of the report from Cambridge’s Minderoo Centre. “Yet the business model behind their services rests on commercial use, selling user data and insights to third parties for profit.”
“There are real and frightening privacy and safety risks to women as a result of the commodification of the data collected by cycle tracking app companies.”
As most cycle tracking apps are targeted at women aiming to get pregnant, the download data alone is of huge commercial value, say researchers, as – other than home buying – no life event is linked to such dramatic shifts in consumer behaviour.
In fact, data on pregnancy is believed to be over two hundred times more valuable than data on age, gender or location for targeted advertising. The report points out that period tracking could also be used to target women at different points in their cycle. For example, the oestrogen or ‘mating’ phase could see an increase in cosmetics adverts.
Just the three most popular apps had estimated global download figures of a quarter of a billion in 2024. So-called femtech – digital products focused on women’s health and wellbeing – is estimated to reach over US$60 billion by 2027, with cycle tracking apps making up half of this market.
With such intense demand for period tracking, the report argues that the UK’s National Health Service (NHS) should develop its own transparent and trustworthy app to rival those from private companies, with apps allowing permission for data to be used in valid medical research.
“The UK is ideally positioned to solve the question of access to menstrual data for researchers, as well as privacy and data commodification concerns, by developing an NHS app to track menstrual cycles,” said Felsberger, who points out that Planned Parenthood in the US already has its own app, but the UK lacks an equivalent.
“Apps that are situated within public healthcare systems, and not driven primarily by profit, will mitigate privacy violations, provide much-needed data on reproductive health, and give people more agency over how their menstrual data is used.”
“The use of cycle tracking apps is at an all-time high,” said Prof Gina Neff, Executive Director of Cambridge’s Minderoo Centre. “Women deserve better than to have their menstrual tracking data treated as consumer data, but there is a different possible future.”
“Researchers could use this data to help answer questions about women’s health. Care providers could use this data for important information about their patients’ health. Women could get meaningful insights that they are searching for,” Neff said.
In the UK and EU, period tracking data is considered “special category”, as with that on genetics or ethnicity, and has more legal safeguarding. However, the report highlights how in the UK, apps designed for women's health have been used to charge women for illegally accessing abortion services
In the US, data about menstrual cycles has been collected by officials in an attempt to undermine abortion access. Despite this, data from CTAs are regulated simply as “general wellness” and granted no special protections.
“Menstrual tracking data is being used to control people’s reproductive lives,” said Felsberger. “It should not be left in the hands of private companies.”
Investigations by media, non-profit, and consumer groups have revealed CTAs sharing data with third parties ranging from advertisers and data brokers to tech giants such as Facebook and Google.
The report cites work published last month from Privacy International showing that, while the major CTA companies have updated their approach to data sharing, device information is still collected in the UK and US with “no meaningful consent”.
Despite data protection improvements, the report suggests that user information is still shared with third parties such as cloud-based delivery networks that move the data around, and outside developers contracted to handle app functionalities.
At the very least, commercial apps could include delete buttons, says Felsberger, allowing users to erase data in the app as well as the company servers, helping protect against situations – from legal to medical – where data could be used against them.
“Menstrual tracking in the US should be classed as medical data,” said Felsberger. “In the UK and EU, where this data is already afforded special category status, more focus needs to be placed on enforcing existing regulation.”
The report stresses the need to improve public awareness and digital literacy around period tracking. The researchers argue that schools should educate students on medical data apps and privacy, so young people are less vulnerable to health hoaxes.
The report ‘The High Stakes of Tracking Menstruation’ is authored by Dr Stefanie Felsberger with a foreword by Professor Gina Neff and published by the Minderoo Centre for Technology and Democracy (MCTD).
Read the original article
Comments
By plastic_bag 2025-06-1114:193 reply There's a FOSS alternative called Drip.
It is funded by Mozilla and Open Knowledge Foundation. Available on iOS and Android.
Mensinator is also another FOSS that uses no third party sdks and is reproducibly built for android, fairly actively used, and made by women. https://github.com/EmmaTellblom/Mensinator
By carstenhag 2025-06-1120:271 reply As I had failed finding an app that was not ad-ridden or oldish, my girlfriend and I are using this (I am copying her values, to know when her period will be). Also contributing some code :)
By radicalbyte 2025-06-1121:516 reply Can I ask why you use it? We used test strips - they're really cheap and way more accurate as women's bodies aren't clocks. That was effective for getting pregnant.
Using anything except some kind of active measures to avoid pregnancy doesn't pass my engineer brain and certainly doesn't pass my wife's Pharmacologist brain (i.e. she actually knows what she's talking about whereas I'm using applied probability theory with assumptions).
By smileysteve 2025-06-1212:54 For the opposite FYI; some aren't trying to either target or not target pregnancy, they want to have a forecast for the next 3 days so they can pack their purse.
By code_biologist 2025-06-121:37 Can I ask why you use it?
Honestly just for fun? I think girl stuff is cool and my partner indulges me. It does truly help with emotional/sexual/physical planning, but a very biological embodied flavor of fun is my real reason.
FYI - many couples track cycles because they are trying to get pregnant.
By radicalbyte 2025-06-126:301 reply Yes but as I said in my post - it's not effective. Hormone measuring strips are and they costs very little - $2 / month - and are very effective. We wouldn't have three kids now if we relied on counting days.
By tw04 2025-06-1212:41 You use them in conjunction with each other. For instance, if one of you travels for work, you can try to plan around when you think the next cycle will be.
A strip confirming you’re ovulating is pretty useless by itself if your partner is on the other side of the country.
By carstenhag 2025-06-1321:31 What test strips are you using? It's the first time I am hearing about that, I guess it's not common in Germany.
I/we track it, mostly because she is a bit clumsy and forgets when her last period was & when the next one is. So not for ovulation tracking at all. Once she told me she thought she was pregnant because her period still was not there; I checked chats & the app and could confirm her period was still two weeks away :).
By konfusinomicon 2025-06-1123:102 reply this article got me wondering where the partner app, potentially named drop?, that warns drip user's partners to be more careful in their choice of words, or lack thereof, during that special time where domestic emotions often devolve in to an irrational mess ending with a few days of sleeping on the couch until the drip has subsided
By dreamcompiler 2025-06-122:15 I never noticed any "special times" of irrationality with my partner. I have noticed I got the cold shoulder when I behaved like a teenage boy or didn't treat her with the respect an adult human deserves.
By steve_adams_86 2025-06-1220:49 I've never known my partners to turn into an irrational mess because I said something they would otherwise be fine with. I actually find partners to be quite a bit more affectionate around those times. There's certainly an element of emotional volatility, but it swings both ways... And doesn't devolve into messes at all. Nothing that can't be sorted with a simple 'how are you feeling, anything I can do to help?'
I’m not sure why this is downvoted, the strips are indeed a lot more accurate.
By radicalbyte 2025-06-128:111 reply It's because people are reading the first few words and thinking "this is an male nerd asking stupid ignorant questions".
It's that or there are people who actually think that counting days is a good way to enable unprotected sex without a risk of baby. Which is absolutely isn't - it changes the risk to 2-5% a shot. Compared to around ~2% year for condoms alone.
By OkayPhysicist 2025-06-1217:151 reply It's worth pointing out that due to the nature of how contraceptive studies are done, it's remarkably easy to stay out of that 2% for condoms. (Namely, if you're planning on using condoms as your choice of contraceptive, actually use the condoms).
By radicalbyte 2025-06-138:08 They can burst and slip off too. That's the problem. I'm anti-abortion* so we took extra measures to avoid the argument (my wife is Pro, and I although have no right to tell anyone else what to do with their body, it would probably have ended our relationship had she done it).
* For myself, I find that the Americans who try to force everyone else to follow their personal positions to be insane Authoritarian Fascists. Our society only works if people have freedom and personal choice.
This gets downvoted for being negative, but it was my immediate reaction when I saw "Mozilla": They're axing projects that don't align for strategic reasons that probably make sense, but is simultaneously very Googly.
Association with Mozilla is a cause for concern when considering the longevity of a project.
Sure, Mozilla does this. So does Google. And Apple. And Microsoft. Everyone does. Pruning is a healthy and expected part of running a business. So what? All software is temporary, given a long enough timeline, even gmail. It's a user's fault for expecting otherwise.
By sshine 2025-06-1215:03 > Mozilla does this. So does Google. And Apple. And Microsoft.
Those are all companies you need to be wary with, because a strategic choice on their behalf may upend your life with a few days warning, or none at all.
And the sad part is that Mozilla joined their ranks, not qualifying as a truly “public service company”.
> All software is temporary, given a long enough timeline
Sure, we must all perish one day. But what you describe is how commercial SaaSS gets pruned because it’s good for business, and I have two objections with that:
My Linux toolchain doesn’t suddenly deprecate some core tool. Only commercial software services die like this; FOSS bit rots at the worst. And when some authority makes a brainfart, people fork.1. That doesn’t make it good for users. 2. It’s a different timeline for software than for services.I was contacted today by the customer of an old employer post bankruptcy. They want to know how to deal with self-hosting the service their hardware depends on; this never got delivered. All software is temporary, I told him, meanwhile his very expensive hardware wouldn’t initialize properly on boot.
By Wowfunhappy 2025-06-1123:021 reply Some companies kill projects much more frequently than others.
https://killedbygoogle.com/ vs https://killedbymozilla.com/
Yet Mozilla has the stigma here?
By Wowfunhappy 2025-06-1123:322 reply Mozilla launches fewer projects in general, so the denominator is smaller.
But yes, Google is the worst at this, and they've built up a reputation which has really hurt them! For example, basically no one believed that Stadia would stick around long-term, which (I would argue) became a self-fulfilling prophesy.
By myko 2025-06-1217:10 Spot on with Stadia! I use GeForce NOW, now, but it's nowhere near as stable or fast as Stadia. Very sad.
If Google had launched it and told everyone from the start that if they canceled it you'd get your money for games/hardware back I think people would've tried it.
By TheNewsIsHere 2025-06-1213:15 There’s “move fast and break things” at Facebook.
And then there’s “launch whatever an SVP dreams up” followed by “kill that old SVP’s thing” at Google.
Perhaps slightly exaggerated. Google product reveals and sunsets have frequently followed executive movements in/around/out of the company. Two big examples that had widespread impact are in the later Google Wallet/Pay changes and some of the later insanity around multiple self-canabalizing IM/chat/conferencing services.
There seems to be no long term vision or strategy at Google, and Pichai is notoriously averse to making decisions of consequence. It’s not surprising that Google is rudderless.
By Anthony-G 2025-06-1311:29 I suspect that this could be due to “immediacy effect” or “availability heuristic”. Mozilla’s announcement that they are shutting down Pocket and Fakespot was only three weeks ago and was big news. On the other hand, Google shut down so many services that it’s not a rare or memorable issue – unless you were personally impacted by the shutdown.
By NoTranslationL 2025-06-1113:1613 reply If anyone is interested in a privacy focused tracking app that stores all your data locally, I make an app called Reflect [0] whose sole purpose is this, plus on-device analysis.
We’re working on a menstrual tracking feature right now and it’s pretty far along. We’ve just released an anomaly detection feature as well.
[0] https://apps.apple.com/us/app/reflect-track-anything/id64638...
By pickledoyster 2025-06-1114:551 reply The report in the OP raises valid concerns about SDKs from third parties, including Google and Facebook. Your own site showcases the Reflect SDK which is, I quote:
> The Reflect SDK is the iOS framework that powers the Reflect – Track Anything app and is designed to help you: > > Create forms to track customer product usage and experience > Collect customer biometric data [...]
Source: https://ntl.ai/products/
Let's just say I'm skeptical about your claims.
Edit: provided a more extensive quote and link to source.
By NoTranslationL 2025-06-1115:091 reply This is a totally valid concern. Initially we were considering augmenting our income with a B2B model to license the library we’ve built, but that didn’t pan out and our priorities have changed, so we solely work on the apps for customers now. I actually forgot this was even on our website and, since we aren’t trying to offer those services or license anymore, I’ve removed them.
By pickledoyster 2025-06-1115:282 reply [flagged]
By NoTranslationL 2025-06-1115:343 reply What I mean by valid is that, without knowing all the information, skepticism is a good thing. Too many companies take a mile when you give an inch and take advantage of ambiguity.
The SDK simply doesn’t exist as a product any more and so doesn’t make sense to keep on our website as an offering. So I’m glad you brought that to my attention.
If there are any specifics about the privacy of Reflect you’d like me to elucidate, I’m happy to do that.
By wasimanitoba 2025-06-1116:31 I appreciate your response, even if the other poster doesn't.
This is the correct use of elucidate, "to make light of". Perfectly cromulent.
> Too many companies take a mile when you give an inch and take advantage of ambiguity. [paragraph break] The SDK simply doesn’t exist as a product any more and so doesn’t make sense to keep on our website as an offering.
Would you say that you had an epiphany about respecting privacy, after earlier dabbling in intimate surveillance capitalism, and are now firmly committed to privacy?
If so, have you found a way to lock in that commitment?
For example, some kind of contractual assurance, which can't be revoked by the usual "we've updated our privacy policy" (such as might accompany a leadership change, or change of heart), and which effectively survives any merger/acquisition or sale of assets?
(Of course, even with that in place, technologically, a new version of an app could be pushed that irrevocably violates all the users' privacy, in a matter of hours. But at least then, the company, executives, and owners might be sued into oblivion, and even face criminal charges in various jurisdictions.)
By NoTranslationL 2025-06-1119:34 Good question. I'm realizing I did not really communicate this well.
The full story is that we went to a conference for biohacking, spreading the word about Reflect, and businesses wanted to white label the product so that they could have the same capabilities but for their own niches.
Those businesses wanted to be able to do things like create surveys using our form building library and have users collect their own data for things like N=1 experiments with their products.
What those businesses wanted to use that functionality for was up to them and their privacy policies, but the terms we talked about were something similar to "you can't use our SDK without users explicitly opting into any data collection". We never ended up actually licensing the SDK or making any deals with any companies.
Hope that makes things a little clearer. As far as Reflect the app, that was started from the beginning with privacy in mind and local-first. I have a long blog post I've been sitting on explaining the whole story, which I will publish soon hopefully, but I've been revolted by surveillance capitalism for a long time and originally made Reflect to help my partner get off of using google forms for tracking mood.
You have a good point regarding the privacy policy. We haven't found a way to lock in that commitment, and that's obviously not ideal from a user's perspective. People do place trust in Reflect not to pull the rug out from under them.
By rfrey 2025-06-1117:16 This comment is so cynical, and not in some cool, edgy way.
I made an honest attempt, but I could not find a way to read the response in a way that your interpretation makes sense.
By hamburglar 2025-06-1115:301 reply This looked promising, but the first two things I tried to record with it seemed just outside of its capabilities. I track blood pressure daily, but it didn’t seem to have a way to record a metric that has two numbers. In addition, I record the sodium and potassium values of everything I eat, and I want a way to record the name of the food item along with those two values (preferably providing a dropdown for previous entries that auto-fills the numeric parts).
Also, the nagging about buying premium was quite aggressive and it made me feel like I couldn’t even get a feel for what the app is like first.
By NoTranslationL 2025-06-1115:402 reply Yeah, there is no support for “multi-dimensional” metrics. So systolic and diastolic would each have to be their own metric. Food tracking in Reflect could use some work, but if you link with Apple Health, Reflect can pull data from Cronometer or MyFitnessPal for example.
Any particular place you thought the premium was very aggressive? I’m open to changing that, it’s not the kind of feedback we normally get. Thanks for saying so
By hamburglar 2025-06-1120:451 reply A lot of things I clicked on just led to an upsell page that wanted me to do a week trial that led to a $49 monthly, which surprised me since I hadn’t even begun to explore and only had a single metric which I’d never even recorded a datapoint for. And it seemed like I only was allowed to define a single metric, so I tried to delete it in order to create a new one, but clicking “delete” on it was apparently a premium feature as well. I gave up.
You really need to let people actually use the product with no commitment, see how it’s useful, and then bug them a month later.
Btw, I found a bug: on the page where there are three big buttons and the third is “load a csv”, the csv button isn’t clickable. Only the icon on it is.
By NoTranslationL 2025-06-1121:45 Thanks for all that feedback! One minor point is that the 49.99 is annual. You can define and record unlimited metrics and data on the free version so if you can’t then that’s a bug for sure. Also, noted regarding the import bug, thanks for that.
By PythagoRascal 2025-06-128:10 Could you elaborate on which features are premium only? Or maybe also put them in the AppStore description? I tend to be averse to even downloading apps with IAP, without knowing what they are going to be.
By bryanhogan 2025-06-1115:302 reply That looks very interesting. I'm building almost the same actually: http://dailyselftrack.com/
Any reason your app is iOS only?
By NoTranslationL 2025-06-1115:36 Reflect started as a passion project for myself and my partner with no intention to make a product out of it. By the time we thought to do so, we’d already put so much into just iOS that doing an Android version as well was its own huge project.
We still plan to implement Android, we have a roadmap where we track this: https://changemap.co/ntl/reflect/task/9239-android-version-o...
Are you going to have it be local only?
I think you would be interested in seeing what Flo has done using OHTTP: https://oblivious.network/ohttp
By bryanhogan 2025-06-1115:48 It won't be local-only, it will be local-first. So you won't have to put your data online if you don't want to.
That sounds like a good idea with one obvious challenge: how can you prove that data will remain private forever?
By NoTranslationL 2025-06-1114:342 reply That’s a tough guarantee, ultimately you’re placing trust in the device’s security once you limit your attack surface to just local data. So that’s why we’re working on encryption with key custody. Any feature like cloud backups are explicitly opt-out by default so no one is putting their data onto someone else’s servers without knowing what they’re getting into.
By kevinventullo 2025-06-1114:471 reply Just to be clear, you’re saying cloud backups are off by default, and the user must explicitly enable them?
If so, just FYI I believe that pattern is usually referred to as “opt-in.” As in, the feature is off by default, and the user must opt in to using it.
By NoTranslationL 2025-06-1118:06 Yes, you have that right
(Don't take any of the below in a negative sense! It's awesome you built a privacy-first solution and care about these things, to the extent practical. Below just musings)
I assume the attack vector here is more along the lines of 23andme bankruptcy -- if developer is bought by a new corporate entity / priorities change, what guarantees exist that privacy architecture won't backslide via updates?
Users shouldn't be concerned that a minor update or corporate sale will change the bargain they made around their privacy.
Honestly, it'd be great if there were scaled third-party cloud key escrow services coupled with enforced legal guarantees.* ^
It feels like we did cloud wrong from a legal/privacy perspective by not separating keyholder from data-at-rest-holder (legal entity wise). Tenant-based encryption is basically there... just still mingling data and key ownership in the same entity.
GDPR / right to be forgotten would be trivial if there were always a third party (who enforced requirements on any first party) I could submit a request to, that would burn my keys on their side, thus rendering first-party stored data un-practically-retrievable.
(And a third party because, similar to the browser+CA system, balancing power against each other to enforce guarantees of good behavior seems effective)
* Legal guarantees like "no caching keys for longer than X" or "no unencrypted user data at rest"
^ Cloud hosting encryption keys would also solve the ugly UX edge of strong encryption around "I lost my key... help?"
This is a wonderful comment, but also ...
Is there a way to prevent future versions of the app from uploaded the locally saved data? Even if none if it was in the cloud to begin with?
That's the route I would be most concerned about.
After that, I agree with the rest of your comment.
Blocking network access by a specific app at the OS level would be the way to achieve this.
I don't believe iOS currently has this ability (all network, not just cellular).
Android has solutions like NetGuard.
But you can make updates manual instead of automatic, that’s something.
The issue with this in practice is that it collapses to one of (a) never take updates ever again or (b) risk that any update changes privacy behavior.
Given that it's impossible for a user to vet each update's content effectively.
By illiac786 2025-06-1212:16 I agree about a) but b) does not make sense to me, otherwise you cannot instal the app in the first place. I think that a quick internet search about the apps privacy is sufficient for b), definitely better than automatic updates. And it does not have to happen for every release.
Simple + open source + no access to network + no updates (idk about Android/iOS cross-app data sharing).
Still data can be uploaded to the cloud and will be available to cloud providers.
So there is more vectors to protect user data.
By dylan604 2025-06-1114:30 Still, I can steal your phone or use my $5 wrench to get the data. There is no guarantee, so why bother. Hypotheticals can always be used to shit on any idea. They just are not always helpful
By 1718627440 2025-06-1114:182 reply > no access to network ?
I wish this were a capability you could (as a user) grant or reject at will. But there’s a UI problem: people are sick of clicking accept on a million dialog boxes already.
By rustcleaner 2025-06-1115:08 GrapheneOS gives per-app network access control.
By antiframe 2025-06-1115:51 Your wish exists. The first thing my phone asks before I install a new app is whether to allow network access or not.
By UnreachableCode 2025-06-1115:031 reply Android and iOS developers need to explicitly request network access in their app's configurations.
By ablob 2025-06-1114:39 What's your threat model?
By omeid2 2025-06-1114:33 I was going to say operate it under a non-profit but then I laughed in Altman.
By Ylpertnodi 2025-06-1113:493 reply For people living in the US of Freedom, wouldn't it be good think to 'keep putting in' cycles, despite pregnancy? Should anything untoward happen later, a quick flash o' the app and "Nope, Officer, no siree. Like clockwork, me...".
Duress modes are a frequently overlooked feature in general - e.g. I don't want to just block access to my location, I want to lie about my location entirely.
By SOLAR_FIELDS 2025-06-1114:075 reply I also would like “give an incorrect location” as an option. Something like that would probably never be supported by Google or Apple officially, because unlike some other privacy features, it’s actively and overtly hostile to advertisers.
Not just location, but all privacy sensitive API's. The OS should have built in support for segregating location, contacts, calendars, storage, etc. (GrapheneOS does this quite well with storage scopes). As part of this segregation you should be able to redirect the API to a custom implementation.
Thus, my transit app would have access to my real location while Amazon thinks I'm still at home and Pokemon Go thinks I'm on an around-the-works trip to collect location specific items.
By Wowfunhappy 2025-06-1123:051 reply You mention Pokemon Go... this would basically be the end of that game, no? That's probably worth the tradeoff, but worth mentioning.
People are already spoofing location, and it hasn't been the end of the game so far. Or did I miss something?
By Wowfunhappy 2025-06-1211:521 reply It depends on how many people are doing it though, right? If you make it trivially easy by building the functionality into the operating system—and potentially even prompting people to lie when the app asks for their location—I feel like things would be very different.
By SOLAR_FIELDS 2025-06-1213:48 You don’t even have to guess about what will happen. We have examples. For instance, someone made a chrome browser extension that clicked through every single ad on the page. It was immediately banned by Google. You could have always built said tool yourself and used it, but the second it became immediately available to the masses it was crushed.
By freedomben 2025-06-1118:49 For years when Android was a lot more root friendly, this was easy to do. IIRC there was an Xposed module you could activate to do it. If you root I'm certain there are still apps that will do it, though I'm sure Google/Apple will be actively hostile against it, let alone actually support it
regardless of what apple/google allow officially, the cell carrier also has tracking locations. if you're going out to do something that you would want to hide your location, it's best to just leave the device at home. get a burner phone paid for in cash by someone not you doing the transaction.
Your cell carrier operators under very different laws and ability to harm you. Sure they know where you are, but most of the data flowing across their network is encrypted and so they mostly know you have a lot of data to AWS, google, and the like but not what it is. Google as the endpoint of that data has the decrypted version of the data and so they know what it is, and so they can target you in different ways.
If you are going to commit a crime (rape, murder), then all the police need is to know who owns the phones in the area and so you need a burner phone to hide your tracks.
However most of us are not worried about crimes. We are worried about privacy. We are not doing anything illegal, but google still knows far too much about us and is using that to legally abuse us with advertisements. While we all want to pretend we are good at ignoring advertisements, most of us have bought things we don't need and don't really want (or spent too much on things we did need/want).
By dylan604 2025-06-1119:10 You seem to have lost the plot a bit. In several locations, it is illegal for women to get certain health care. There are parties out there that are very interested in policing those policies. To prove that, it doesn't matter where they get the tracking data as long as they can prove your location. If someone needs a warrant/subpoena to get the data from a cell carrier or some app developer it doesn't matter to the person being persecuted for seeking health care.
By rustcleaner 2025-06-1115:061 reply Just pointing out this is an all-or-nothing strawman argument summed up as: if you can't have it all, don't bother trying. It's fallacious. That is all. :^)
By dylan604 2025-06-1115:27 I disagree to it being a strawman. If you are doing something where you location being identified could put you in a spot of bother, do not carry anything that can track your location. There's just no way around it. If you want to use wavy hands to pretend tracking of location isn't so bad, then you go ahead and call it a strawman. For people whose physical safety depends on not being tracked, it is not a strawman.
By makeitdouble 2025-06-1115:14 Apps that fuzzy or fake your GPS location are available on android.
I needed one when working on an app with store location detection and it worked pretty decently. I have no idea what it became or if it can be recommended, but there should be a bunch with recent reviews in the Store.
By em-bee 2025-06-1114:18 murena - e/OS/ has that as a feature.
I want this for my contact address book too. “This app would like to know all your contacts. Allow / send empty contact list / generate garbage data”
I’d also enjoy if my advertising cookies were randomly reused by people all over the globe. And I’d like my phone number and email address to get associated with dozens of other identities.
there is an alternative contact app that doesn't share your data. you can then fill the default contact app with fake data or leave it empty.
i am not sure if the last point is a good idea though. i get what you want to achieve. anonymity in numbers and plausible deniability, but you are more likely to get mixed up with problematic stuff others are doing rather than protecting yourself. having a common name already shows that. it is both a blessing and a curse.
> there is an alternative contact app that doesn't share your data. you can then fill the default contact app with fake data or leave it empty.
You may want to share your contacts with app X but not with app Y, though.
By em-bee 2025-06-1212:43 yes, fair point. i solve that by using shelter where the app and a contact app run with an independent configuration. the downside is that i have to duplicate contacts in the shelter vs outside. however that is what i want because not all contacts are duplicated.
By ASalazarMX 2025-06-1119:071 reply I don't get the downvotes. Plausible deniability is a valid concern when menstrual cycles and geolocation can lead to criminal repercussions in many states of USA [0].
Nevertheless, if I was a fertile woman, I'd be more concerned of my phone/tablet/car leaking my visits to an abortion clinic than a police officer checking my phone.
By drentost 2025-06-1114:38 [dead]
Are you using OHTTP? If there are cloud aspects - I think you would want to. Learn more: https://oblivious.network/ohttp
By NoTranslationL 2025-06-1115:42 No, because we don’t have any servers. We don’t track anything about our users, not even logs or usage.
By DrammBA 2025-06-1123:11 Are you affiliated with OHTTP?
By 2Gkashmiri 2025-06-1115:461 reply What kind of "analysis" is done on the data ? We have apps like mensinator that are very simple.
I'd like to know if it is different from these simple apps ?
Note: im a guy btw
By NoTranslationL 2025-06-1115:50 Do you mean for menstrual data specifically?
Currently for general data there is pearson correlation, five different anomaly detection algorithms, and T tests for significance among other things.
The work in progress we have for menstrual tracking takes temperature, flow, and past grund truth data into account. I know that’s vague, and it’s because my partner is working on it, not me :)
When we release the cycle tracking we’ll have a full writeup
What homomorphic encryption technology have you looked into using? this is a good use case for that technology.
By NoTranslationL 2025-06-1119:43 I agree it could make sense one day but, as I mentioned in another thread, we don't have any servers and so we don't collect or host any user data (encrypted or not). In fact, I really don't want to; it's overhead and costly, and might involve compliance with HIPAA or GDPR, and I just would rather the user be in charge of their own data.
Having FHE for local data would be very interesting though.
By TechPlasma 2025-06-1114:512 reply Do you have a link to the Android app?
By NoTranslationL 2025-06-1115:26 Unfortunately no android yet, but you can track progress here: https://changemap.co/ntl/reflect/task/9239-android-version-o...
By bryanhogan 2025-06-1115:54 I'm building an app with the same concept but web based first and converted to Android and iOS via Capacitor, for now.
It's not released yet, but if you'd like to get an e-mail notification you could take a look here: https://dailyselftrack.com/
By Mistletoe 2025-06-1114:02 Really neat app, thanks for sharing.
By tveyben 2025-06-1114:44 Thanx - sounds like what I need ;-)
By chromanoid 2025-06-1114:401 reply Some disorders more or less require tracking to make them diagnosable and their symptoms managable (e.g. PMDD). Managing tracking with paper is ofc possible, but apps allow for reminders and gamification that help on challenging days.
Sure, I'm not saying categorically don't just that people especially in the US and other countries that are having backslides on reproductive rights should think really hard about using period tracking apps if they don't have a strong reason to like you mentioned and even in those cases consider a more deniable and private option.
By chromanoid 2025-06-125:36 I agree. It seems pretty apocalyptic :(
By testing22321 2025-06-1113:532 reply It’s always worth pointing out there are many billions of people who live completely free of this fear of reprisals from the state/country they live in
By mschuster91 2025-06-1114:031 reply Unfortunately, the right to abortion is under fire worldwide. I'm not just talking about the usual suspects like Russia or Islamist theocracies, but also here in Europe... Hungary and Poland being the first suspects, but Italy is also planning to restrict it [1]. And in Germany, the last government at least banned "pro-life" haunting events, but there are wide swaths especially in Bavaria where there is no doctor or clinic providing abortion at all, even in medical emergency scenarios, because church-run hospitals can and do ban it.
[1] https://www.rnd.de/politik/abtreibungsgesetz-in-italien-rech...
By rtkwe 2025-06-1114:45 Yeah the conservative rubber banding and backsliding isn't isolated to just the US right now we're just ahead of the rest of the pack partially because of our government and election structure being more beholden to the GOP because of the senate and gerrymandering in the states after the 2010 election and subsequent redistricting.
True, but for many, even “local only” apps store their data on devices managed by US-based companies. Would Apple sell your data to advertisers? - probably not. Would Apple share your data with law enforcement? - of course, and they don’t even need to tell you.
By testing22321 2025-06-1114:59 Law enforcement in developed countries don’t care about that information. The right to abortion is part of society, and strongly held.
why why why are you using a company device for such personal information? don't do this.
By iamacyborg 2025-06-1114:352 reply I don’t believe they mean storing it on a company owned device, just that Apple and Google are US companies
By rtkwe 2025-06-1114:39 That's what I got out of isodev's comment too. The data is accessible by US companies still. If it comes down to being able to sell services and phones to the US market or giving up your data to a warrant I don't think Apple would stand on principal and lose US market access. [0]
[0] To clarify preemptively I mean if it came down to that in the end. I think Apple would attempt to fight it but if they lost in the Supreme Court and had to make the choice I think privacy would lose that fight.
maybe, but it reads like IT managed devices owned by your employer. i've never seen it referenced as "managed" when referring to the fact that iOS/Android are US companies. seems a strained way to phrase it
By isodev 2025-06-1118:19 Your iPhone is fully managed by Apple. They control which apps are preinstalled, which apps you can install and uninstall, they can even intervene and install/uninstall apps without your intervention. Your phone needs to communicate with Apple even to just be a phone for calling and SMS. The data from apps is included in your iCloud backups (in addition to the data some apps choose to share with iCloud so it syncs between devices) and so easily accessible. We’re not talking about individual targeting here, but there are no technological barriers to guard against your data being shared by “the platform”.
By justinrubek 2025-06-1114:44 An iOS device is a device managed by Apple, though. The user doesn't manage it themselves. I didn't get a hint of employer owned devices from that happen.
By NoTranslationL 2025-06-1113:371 reply I can understand that. We are also working on an encryption feature that doesn’t use the default encryption primitives so people can have custody over their own keys and feel better about their data security at rest
Is that better than using the secure enclave type of default? Not everyone is an HN reader that would even know what a personal/private key pair is let alone how to properly/securely handle them.
By NoTranslationL 2025-06-1114:38 As with most advanced features in Reflect, we’ll expose a low friction version to those who don’t want the control, but also the option for more control in the form of key management if they wish
By oulipo 2025-06-1113:31 I guess using FHE like from https://zama.ai you could provide server-side features without compromising privacy
While unlikely, I personally believe that advertising revenue should be taxed at 50%. This would do a lot to align industry incentives. Advertising revenue would be looked at less as a free cash stream that can be bolted on everywhere. In this case, maybe the app could be monetized directly instead of whatever the fuck is happening now.
By crazygringo 2025-06-1119:387 reply Revenue isn't taxed. Profit is.
I suppose you could tax a proportion of your profit at a higher rate, according to the proportion of your revenue that came from advertising.
But advertising isn't a "free cash stream that can be bolted on everywhere". It's part of a business model that either is sustainable or isn't.
If you taxed it that much higher, a lot of businesses would simply go out of business, because people aren't willing to pay a subscription instead. Especially businesses that survive on a lot of users who use something only occasionally. Is that really what you want? Think carefully about how much journalism would be even further eroded...
By wand3r 2025-06-1120:48 I understand that, and I kind if alluded to this being a concept less than a well thought out policy. If it was strictly profit, then all expenses of the business would be written against advertising and miraculously there would be 0 profit. My general point is that advertising revenue is insanely easy to get, especially with auctions and technology from google. Some of the problems and perverse incentives: - negative engagement in media - advertising screens at gas stations - popups everywhere - hardware devices you own display ads - software you purchase has ads - streaming services you bought without ads have ads added later
You all participate in society, so you get it. Advertising has become a tragedy of the commons and 2nd order effects are things like negative engagement and body dysmorphia. There needs to be a vice tax for advertisements to stop them from being bolted on everywhere. Lobbyists, smart policy makers, economists and lawmakers can come together to find the right mix. However, we should disincentivize it AND use it to make up for budget shortfalls.
By mitthrowaway2 2025-06-1121:35 Sales taxes are taxes on revenue, and they could certainly be advertisement-specific.
By anigbrowl 2025-06-1123:29 You can tax anything, even beards. Advertising is a business model, but it's a bad one that poisons the social environment. Advertisers are economically incentivized to lie and to push the common denominator ever lower. It is cancer.
I think in case of ad companies you could tax the revenue directly. They are strongly vertically integrated so there's really very little reason to track their profit rather than total sales.
The only reason you tax profits rather than revenue is that you want to avoid killing businesses that do useful things why operating at low margins.
Margins in advertising are huge and what those company do is pure detriment to all market actors on average.
Wouldn't that effectively create a massive moat for high efficiency advertisers? The consequences of such a thing sound systematically perversely centralizing. Sort of like how if you were to ban all advertising tomorrow, it would strongly favor incumbents who have the most 'cached' advertising in human memory.
By scotty79 2025-06-1219:39 There's absolutely nothing wrong with that. Advertisement is pure waste for the economy. You want to make it highly efficient. If you can make it even more efficient than the free market by itself does, you should.
By Smar 2025-06-1119:46 There cpuld be harmful substance tax, akin to alcohol.
By os2warpman 2025-06-123:371 reply If corporations are indeed people, why isn't their income taxed?
They can have the mortgage interest deduction, just like me! I'm a people too!
Also:
>Is that really what you want?
Kinda
By crazygringo 2025-06-1217:321 reply Because the actual value corporations provide is only in their profit. Whereas the economic value individuals provide is measured by their compensation. It's completely incoherent to tax a corporation based on revenue. If profit margins are an average of 5%, what exactly would you want the tax rate on revenue to be that wouldn't immediately put out of business nearly every corporation on earth?
And if individuals got to deduct everything they spend money on, then everyone would be incentivized to spend their entire paycheck every year and never save money for retirement or anything.
So the reasons we tax corporations on profit and individuals on income doesn't just make sense logically from a point of measuring economic value, but is also literally the only practical mechanism.
And just to check, you really want most of journalism to go out of business?
By os2warpman 2025-06-1219:38 Capex and opex create value the same way an individual buying a house (capex) or a happy meal (opex) creates value.
>And just to check, you really want most of journalism to go out of business?
This is bullshit concern trolling.
But if you demand an answer: yes. "JoUrNaLiSm" probably bears half of the fault for getting us to where we are today.
The vast majority of "JoUrNaLiSm" nowadays is just copying and pasting tweets, putting "slams" in the title, and adding commentary anyways.
Low value. Sad. Many such cases.
By sdeframond 2025-06-1121:07 > Revenue isn't taxed. Profit is
What about VAT ?
By therealdrag0 2025-06-1517:28 A progressive tax by company size might make sense and be more marketable (heh). Advertising is very important for new/small businesses, but no one needs to be told about incumbents like Coca-Cola or Johnson and Johnson. Privileging market entrants can be sold as pro-market and anti-monopolist.
By YetAnotherNick 2025-06-1122:02 If you believe advertisement is bad why not just ban advertisement?
By timewizard 2025-06-1121:57 I personally believe I should be able to install an ad blocker on my device and completely circumvent the problem.
Why are we creating new economic loopholes? Why not just enforce the anti monopoly laws we currently have?
If your advertising becomes to onerous you simply lose the channel altogether. That will quickly "realign" industry priorities.
By smileysteve 2025-06-1213:01 The crazier thing would be if they were only expendable over 4 years like r&d
