> imagine you are a company and you sit with literal gold in a sqlite DB and you are like hmmm no let's not do this query, that makes no sense from a business standpoint.

I expect all humans to treat other humans with dignity and respect. I acknowledge that many people will likely fail to meet that expectation, quite often I'm sure. But I'm never going to accept or become an apologist for this asshattery.

It's wrong to violate the privacy and dignity of other people. The correct response when you see people hurting others is not to make up an excuse about "business need", instead some anger, disappointment, and loud condemnation is required.

Stop making excuses for those hurting others so they can make money.

Unfortunately, companies like Apple (and soon Google as well) are making this unnecessarily hard in their phone ecosystems.

"If you use GrapheneOS, you can enable or disable internet access for each app."

This can also be done on Android with certain apps such as Netguard and PCAPDroid

(Using either a blacklist or whitelist approach)

Disabling internet access is not necessarily a hard requirement to stop this type of spying

Controlling what DNS data apps can access, if any, will usually suffice

Motorola needs to hurry up and release their GrapheneOS devices, I need a new phone soon(TM) (next year or two) and I refuse to give google money to buy hardware to avoid Google.

> If you use GrapheneOS, you can enable or disable internet access for each app.

Not sure what information you're expecting the app in question to surface if you disable internet access for it.

I'm assuming the question should be further refined to "why does the service need to know the data". The things that you mention could be done with the service only having the encrypted blob.

Well... They share their data with you and a bunch of adtech companies...

Or, you know, she could just track it without any app at all and share it with you in person.

I wonder if you would ask the same thing about any number of apps - like fitness trackers, mood trackers, supplement trackers, online diary apps, task trackers, etc? You don't even need a notes app - you could just carry a notebook around or email notes to yourself.

As for why people may want to track menstrual cycles specifically, it is because bodies can be greatly influenced by what phase of the menstrual cycle we are in. From regular physical and mood changes to disorders like PMDD. The different parts of the cycle can also impact ideal exercise and even food choices for some. There are women and couples who gain insights (and often useful predictions) into how their moods coincide with menstrual phases, and that is much easier to track in a dedicated app designed to do so (which can also flag cycle irregularities, bleeding variation, or other changes), just as with other purpose-built applications. All of that is before we even get to the whole fertility tracking thing. One such app is a certified birth control method in my country. Tracking periods in a notes app is not.

Like most data entry software there’s nothing that unstructured notes (or paper) can’t handle.

The main useful feature of the apps (or Apple Health’s tracker which is entirely adequate) is that it sends reminders on the estimated period start date, and then a few days afterwards if you haven’t recorded the end date.

Even “regular” periods often aren’t perfectly regular, or can become irregular when they were regular. (Which is often very important health information.)

It also automatically calculates median period length and typical variation/range.

All unnecessary for some people but very useful for others.

> If you have a regular period, why do you need an app at all?

You probably don't need to use it if your cycle is completely regular and it doesn't really impact your daily life, but it's not as common as you might think: about 10% of women have PCOS, which is the leading cause of oligomenorrhea; about 10% have endometriosis, which often causes debilitating pain and irregular periods (with a small overlap with PCOS population); 20% to 30% live with PMS - and that's only the portion that has clinically significant symptoms. Even if you were lucky enough to avoid all of these, your cycle length will change as you age, gain or lose weight, and inevitably reach menopause.

Still, you'll have to at least mark the dates. Someone here in the comments compared it to tracking completely optional fitness metrics like sleep or steps, but period data is not really in the same bucket. Just as an illustration: it's hard to see a doctor without being asked "when was your last period?" or "any chance you might be pregnant?", no matter what brought you into the office. In fact, it is such a common experience that it became a subject of many jokes [1]. Also, if you only rely on your memory, you might not notice if/when you do experience changes, some of which might be medically significant.

But let's say you've already decided to track your data somehow.

> what does the app give [...] does it do anything you can't do with a simple notebook app?

Valid question. Some people do just use notes, especially when they don't experience any problems and don't care much about when their next period is coming. But for many others, there are plenty of valid use cases:

1. Reminders for ovulation and next periods. The app can also remind you to enter the data if it thinks you should've had a period but you didn't enter anything. 2. Sharing with your partner. You could, theoretically, write it in a shared document or hand over your paper notebook in person, but it's much easier to see this type of data in a calendar rather than do mental math every time. Having this option gets even more important if you are trying to conceive and track fertility windows. 3. Not having to do the aforementioned mental math is also convenient for the woman herself. A lot of women, even completely healthy ones, experience an array of various unpleasant symptoms in the luteal phase, as well as changes in mood, physical and even cognitive performance during the cycle. It's just really useful to be able to quickly see the calendar and have an idea of what to expect while making your plans (for example, people might want to adjust their workout routines, book a vacation on a more convenient date, or avoid taking extra responsibilities when they know they are going to feel shitty).

And now for those who were not as lucky.

> If you have an irregular period, does this app help "guess" when it's going to start/end?

It does! Though surprisingly, a lot of apps, including Flo, are still abysmally bad at this: they either give you a median of past cycles, at best unhelpfully telling you that your periods are "late," or require you to enter lots of sensitive and subjective data daily to get useful predictions. It is well-known in medical literature that there are other metrics like resting heart rate and skin temperature that are predictive of different phases, especially when they are combined with other data. I've always wondered why the integration with consumer wearables that track a lot of those indicators with good-enough precision is not commonplace. As far as I know, only Apple Health's cycle tracking feature, Samsung Health, and Oura Ring do that among the major players. A few others like Natural Cycles use temperature, but they are all focused on fertility & conception.

That said, using an app like Drip that allows you to export data freely in a universal format can be incredibly valuable for personal analysis. You can find patterns in your data to make your own "predictor" or determine whether certain medications or lifestyle changes were effective. It can also be helpful at your next doctor visit.

[1] https://www.linkedin.com/posts/thefemalelead_wendi-aarons-a-...

> It doesn’t?

I'm guessing P2P technology isn't really sufficiently easy for developers yet, so when you have two users using an app that are supposed to share something between the two, most of us default to building server-side services. That + the "dynamic" list of articles and "help" Flo offer I'm guessing is the main reason for them having servers in the first place.

The app in question couldn't be bothered to do E2EE, and your solution is a public, immutable database?

Does that include putting your ear to your neighbor's wall and recording into their private dwelling?

And will be targeted by an avalanche of childbirth-related ads... Isn't this an old story now? We've already seen this happening even before evidence of women's health data being sold to ad companies...

> lots of people dont know what HIPPA is

Ironically, it's HIPAA.

You're right, though; it's much more limited than people think. During COVID people claimed everything violated HIPAA (masks, vaccine requirements, testing), but it only applies in a very narrow subset of patient/provider relationships.

There are a plethora of open-source implementations available on F-Droid. They need to be looked at for privacy before choosing one, but there are completely offline ones.

Drip has a paradoxical flaw: by trying to be extremely inclusive and making a "gender-neutral" app (without the colour pink) to include trans people, it discourages some people from using it. At least, my friend told me she thought the design was ugly and was looking for a "cute" app, so she ended up using Flo instead of Drip despite my many warnings.

I think FLOSS apps often forget that not everyone is a developer or a nerd who prioritizes privacy and ethics over design, which is a real problem since people end up using proprietary apps that data-mine them.

How does the sharing between partners happen with 28x, or is it literally local-only as in "solely for one person and no way to share with partner"?

The trouble is that it's literally impossible to tell what applications are trustworthy and what applications are not, or whether they'll remain trustworthy over time. So you have to treat them all as untrustworthy. It's a fair rule of thumb because the majority of them can't be trusted.

Why would me giving you 5 bucks a month assure you didn't also sell all of the data from the period tracker app? That's money you'd just be leaving on the table.

Doesn't flo charge ten dollars a month?

https://help.flo.health/hc/en-us/articles/4411278780564-What...

Nobody is going to trust your $5 a month service.

why does it have to be 5 bucks a month and not a one time purchase?

there is a third option: don't make one at all if you feel your only recompense involves selling this data. that's what creeps do.

That one is good I think. It's German and adheres to EU privacy laws. The main FLOSS one is called drip. Has some funding from the German government as well as Mozilla

https://bloodyhealth.gitlab.io/

Great video, thanks for sharing.

TL;DW: HIPAA was actually created to allow insurance companies to share patient data without having to get patient consent. Before HIPAA, data was more fractured and less commonly shared. The only privacy protections it offers is, e.g., your doctor not giving your data to your boss. But about 1.5 million private entities can legally access your data (everything from health startups to insurance companies to hospitals)

It's just a generic key-value API.

If you do pay for a subscription, how can you be sure you're still not the product? What stops them from double dipping here?

Flo isn't free though, you have to pay a weekly/yearly subscription to use it.

Less a f-u-view, more a f-u-world, the above is pragmatic advice about the actual IRL challenges of keeping data secure.

Further, a view that ignores many real world digital data risks faced by those considered to be useful targets; eg: compromised supply chains delivering "pre hacked" hardware with discreet wifi chips or hidden out of band comms, etc.

Nah. A healthy view when dealing with the fucked up situation that is modern life.

Most of the women I know well enough to know this about them track and predict the onset of their next period without needing an application. It isn't exactly rocket science.

We're using Flo specifically, mostly for sharing stuff like "her period starts tomorrow" to the both of us, she doesn't really need a notification for that :)

Privacy legislation by itself does not solve the problem; what Flo did was already illegal. Effective enforcement is also necessary.

They've been thumbing their noses at EU privacy legislation and fines for quite some time already.

> privacy legislation would just solve the problem by itself though

Just like banning drugs and murder did!

"would just solve", lol.

> Why blame the victims

This is a bit of a revealing phrasing, but I'll bite anyway. If someone shot themselves in the toe because they were being careless, am I blaming the victim by saying that they shouldn't have been careless? Not everything is cops and robbers.

Nobody is blaming victims, please stop these wild fabulations. OP meant that you can't trust app owners especially long term, as you write its worse than wild west, literally nobody.gives.a.fuck. till they are dragged to the court, then they fight, dissolve company, still sell the data, start a new one and rinse and repeat. People are simply way more greedy than moral on average if there is any lesson in current times.

Look at say zuckenberg - a typical sociopath lying again and again through his nose with big grin just to get what he wants (ie scandals how FB employees go to DB to spy on their exes or enemies is popping up for 10 years at least and there is no stop, every time there is another assurance how it can't be done now blablabla... and thats just specific meta employees).

Nobody likes that, but just sitting and waiting for almighty regulators while blindly trusting apps in good faith to do their jobs is... not working much, is it. Be smart, adapt to real environment out there, not some wishful thinking. In parallel push for change as much as you can, vote with wallet and your time. Once sought-for paradise comes then feel free to use anything anyhow. At least that seems like smarter approach to me.

> "Just don't use the computer if you don't want companies to rat you out to the fascist government that'll imprison or kill you for having a miscarriage" is a ridiculous victim-blaming position.

No-one's saying this, and based on your wording you seem to be trained on some very predictable and narrow corpuses.

> It's not a "medical requirement" except for the many many many cases where it is.

Flo is not a medical device. It's not prescribed. It's just a consumer app, no different medically or legally to writing your feelings diary into Google Keep. If you have an actual medical device app then this would be a problem.