Get the top HN stories in your inbox every day.
ndiscussion
philsnow
> This is one of the most egregious abuses of privacy imagineable.
For people who haven't used these kinds of apps, Flo includes day-by-day tracking of:
- sex and sex drive
- didn't have sex
- protected sex
- unprotected sex
- high sex drive
- masturbation
- mood:
- calm
- happy
- [...]
- sad
- depressed
- obsessive thoughts
- apathetic
- very self-critical
- symptoms (cramps, tender breasts, acne, many more)
- vaginal discharge (none, spotting, sticky, eggwhite, etc, "unusual")
- other (travel, stress, disease/injury, alcohol)
There's also a lot of things here that are maybe legally dangerous to be disclosing outside of a doctor-patient context (the last several "mood" items).
This is abhorrent.
kevin_thibedeau
It's worth pointing out that traditional data brokers are able to track menstrual cycles based on purchase activity. Nobody can opt out of this and it's been going on for a few decades. It can be used for ad targeting by presenting the target with the optimal content for each week.
SilasX
Yes, there was this study about clothing purchase correlation:
https://thechart.blogs.cnn.com/2010/08/05/women-buy-sexier-c...
saagarjha
How does this work? Is it that women change their general purchase habits around that time, or that they buy specific products?
A4ET8a8uTh0
I did not hear about that one. It does sound interesting. Is there some sort of of study discussing it you could link?
amptorn
Why is that worth pointing out?
koolk3ychain
This is freaky, with this data and a rough identity (ads wise) you could literally AB test what ads / suggestive content affects someone's mood and relationship. How bone headed do you have to be to actually ask "what could someone do with this info, seems innocuous to me"?
Ar-Curunir
Perhaps they didn’t think it was innocuous at all?
averysmallbird
The FTC brings privacy cases under its 'unfair and deceptive acts or practices in commerce' prohibition, which does not provide it the legal basis to impose civil penalties. There are possibly other things it could have required (the recent Ever case requiring deletion is a good example), but it is currently constrained on what it can force for a first violation. The two Democratic FTC Commissioners issued a useful statement on what else they would have required: https://www.ftc.gov/system/files/documents/public_statements...
swebs
You can revive a dead comment if you feel it was unjustly killed. Just click the timestamp then click "vouch".
ndiscussion
Thanks for this, I've heard of this option but assumed it was unavailable to my account.
saagarjha
It's available to everyone with a fairly reasonable amount of karma (30, I think?)
hombre_fatal
I don't see how it's worse than the ubiquitous data brokers built into our society like the private credit bureaus that charge you to access your own data which has a de facto green light from us and our government.
It would be inconsistent to punish this little app severely when we don't care about much more egregious violations. It's tragic that we're only able to care about small things that fit into our tiny laser beam of public outrage.
zinekeller
I do get with the frustration, but with the current state of US (federal) laws it is probably the best remedy available now (unlike GDPR where you can really go and score larger fines and even jail time if it is grossly negligent or intentional).
gameswithgo
management could be jailed for fraud.
it is the usual thing where the powerful we say “best we could do” but for the weak we find a way to get them in jail if we don’t like them
trollski
i get the frustration.
no you dont
MarkSweep
If anyone is looking for an alternative to Flo, as of iOS 13 the built-in Health app has similar functionality:
mtlynch
I know of another one called POW! made by indie developer Benedicte Raae:
The data is all client-side encrypted, so she doesn't collect any sensitive user data that could be sold or abused.
I've never used it, but I think the privacy-first mission is cool.
raae
Hey, this is Benedicte. If the app is not for you there is also the newsletter about privacy, menstrual health and POW!: https://www.usepow.app/newsletter
Darkphibre
Open inquiry: Anything out there recommended for Android or PC?
BelenusMordred
Anything on f-droid is going to be good. Last time this story came up I saw a comment saying there was two prominent apps there.
It's scary how many people don't immediately go for the open source alternative before checking the Google play store. Most people publishing on f-droid use their real name, have verifiable open source activity, have a professional reputation to maintain and have their apps open to world to be scrutinised.
Checking F-Droid should be your first choice everytime.
judge2020
> Anything on f-droid is going to be good
I fail to see how an app being on F-Droid inherently mean it’s going to be privacy-friendly.
smokey_the_bear
I recommend fertility friend, from their privacy policy
“ FertilityFriend.com is fully funded by its VIP service fees and has been so since we started. It does not rely on any type of data trading for any of its funding or any other purpose. In other words, you are not the product. Clear and straightforward, our charting service is what we sell and nothing else.”
They also have a more data driven approach to fertility than most other sources.
jwlit
For Android, there's Clue : https://helloclue.com/
zaq1
I would recommend Drip, which is available on F-Droid. FOSS with very minimal permissions. I'd suggest checking it for trackers with ClassyShark (also on FD).
https://f-droid.org/packages/com.drip
Screenshots feature a modern looking UI.
bmvcant
There is a secure app called garbage bin: Open the lid, firmly grasp your iPhone, place it over the bin, open your hand and drop it.
Use pen and paper and the problem is solved.
yjftsjthsd-h
No encryption, no backups, no on-device analysis (stats, charts), inconvenient to use: Not secure, not an app, not a good alternative.
etrabroline
>not an app
That foible stands out as humorous. Why does a solution to a problem need to be a smart phone app? lol
Otherwise excellent points.
Cd00d
I'm curious if anyone has insight into the value of this kind of data.
I work with alternative data for investors, mostly consumer spend behavior - things like point of sale transactions and online cart contents. These have value in that you can correlate panel behaviors with a company's revenue or identify trends in the market.
But, for data like ovulation schedules or events like pregnancy, it seems that it's a lot of work (and based on the FTC ethically questionable) to see one-off events or target specific consumers a small set of products.
I must be looking at the available opportunities with some kind of blind spot, because I don't get why companies would pay for this sort of data.
antihero
Are you kidding? As far as I know, there is no greater event generally in a persons life when their purchasing habits and lifestyle change, and they are looking for new brands, than pregnancy.
Not only just for the huge amount of money people will spend on baby stuff, sorting out cribs, but then eighteen years perfectly time-able marketing for birthdays, different stages of development, loans, different cars, houses, college loans, It is probably the most valuable single even about someone from an advertising perspective and whoever can get in first is out to make bank.
How valuable do you think it to build relationship with, track the preferences of, and pick a the perfect adverts and products to show a person who has purchasing power for someone for eighteen solid years? With 100% certainty of what they are going to need unless something tragic happens.
Also knowing that based on the socioeconomic status whether they will be pressed for time and desperate for discounts, or be flush enough that they can afford to give their sprogg the most expensive things they will grow out of.
Cd00d
I was not kidding. I guess I didn't realize they were selling data with PII, which is shocking. I'm actually surprised Google and Facebook were taking in other-party data that wasn't aggregated, just due to the privacy and perception concerns.
That said, it still seems like a vector that's really problematic compared to gain. My personal anecdote is that my kids both only used Pampers Swaddlers diapers, simply because that's what the hospital gave us as we left - that is what I would see as a brilliant marketing partnership for P&G without risks of invasive perceptions.
ascagnel_
There's a lot of value in knowing about a pregnancy -- in the months leading up to a baby, you're spending a ton of money getting ready for the baby or on constantly buying new clothes for mom as the pregnancy moves along. Once the baby comes, you have a good chance for capturing a repeat customer on a bunch of baby-related items (diapers, wipes, etc).
joshspankit
Also, if you’ve ever known someone who’s a new parent; the sheer volume of “welcome packages”, pamphlets, flyers, coupons, and free samples is staggering and clearly indicates (to me at least) that the customer value is uncommonly high.
erichurkman
If you sell cribs, you likely only have 1 - 2 chances per couple's entire lives to sell a crib. Saturation and timing of ads are paramount.
TeMPOraL
Oh god, that. When my wife gave birth, she received a "care package" that was just a box with few small items (water and some cosmetics testers, IIRC) and half a kilogram of flyers. I honestly was floored, and my deep hatred for the advertising industry had reached a new level. And then I noticed that the child health book they gave us - an official medical document that we'll be carrying for the next two decades - had multiple full-page ads in it. Because of course it did.
Did I said it already that advertising is a cancer on modern society?
undefined
tcoff91
You should read this article about Target going to great lengths to figure out which customers were pregnant. https://www.nytimes.com/2012/02/19/magazine/shopping-habits....
jmholla
Some companies' business is that one off customer. Think of weddings and graduations. Entire businesses are formed around those too.
bumbada
The value is enormous because women's hormones depend basically on the menstrual cycle and the modifications of that with things like the pill.
People's behavior (women and men) depend a lot on hormones.
Big big data you can identify lots of useful patterns of behavior and you could control those.
core-e
At a minimum the last few on the mood list (depressed obsessive thoughts, apathetic, very self-critical) seem like great indicators of when someone might be the most receptive to advertising for SSRIs.
taneq
The fact that you can advertise these things at all is kind of shocking to me. I’d expect psychiatric drugs to be prescribed by a psychiatrist on their medicinal merits rather than purchased on an advertising-driven whim.
klyrs
Wait til you learn how they advertise drugs to your psychiatrist!
https://www.washingtonpost.com/business/2019/01/30/stripper-...
marketingtech
Facebook and Google do not pay for this data. Flo sends it to them for free, because it improves the performance/ROI of Flo's marketing.
Facebook and Google have no semantic understanding of this data, so it does not have inherent value to them in terms of creating configurable targeting segments. These are arbitrary data points sent by the app, and they might as well be labeled "A", "B", "C", and "D" rather than their sensitive names.
Flo can optimize their ads towards occurrences of event "A" or they can run ads towards "people who have triggered event B in the last week but not event C", but this doesn't offer specific value to other advertisers or FB/G themselves.
That said, when all of this is put into an ML black box, you never know how data points may be correlated. Maybe the system learns that people who trigger event "D" also end up buying baby clothes. That could lead to observable ad patterns, even if no one can explicitly tie event "D" to pregnancy.
ogre_codes
> I don't get why companies would pay for this sort of data.
Knowing when someone is pregnant or trying to get pregnant seem like premium moments. Lots of money in fertility treatments and related services. Lots more money in maternity products and new baby products.
jschwartzi
Yeah you can definitely sell anything to a couple who is trying to get pregnant, especially if you know they've been trying for a few months without success.
ogre_codes
I'm sure you can successfully sell anything from coffee to yoga classes that helps with fertility. Just takes the right pitch and the right mark.
tdaltonc
It looks like the "sharing" here was "using 3rd party analytics tools," or is there something more here?
raae
There is also this interesting article about app like these sharing data directly to the employer: https://www.washingtonpost.com/technology/2019/04/10/trackin...
"Is your pregnancy app sharing your intimate data with your boss? As apps to help moms monitor their health proliferate, employers and insurers pay to keep tabs on the vast and valuable data"
undefined
schoolornot
Skimmed the complaint. Seems like they got in hot water for deceptive disclaimers and not committing to the tenants of the privacy shield. Had their TOS said "we may disclose your data to advertisers" in small font and not voluntarily entered into the EU-U.S. Privacy Shield they would be okay.
edoceo
Is this related to the US Fertility company's data breach?
Leaked SSN and DoB data, rouge code was on there for a month before they found it.
Edit: it's a different breach of a different fertility related company.
Finally data-breaches are sexy ;)
henearkr
I hope the company Flo Health gets definitively banned from the Google Play store. They just show off how little they understand their business and the principles of medical confidentiality.
cavisne
Whats the actual mechanism here for Google to get value from this data?
You cant create a campaign targeting is_menstruating=true so how are these opaque key value pairs making them money?
SergeAx
So, what's the correct recipe here? Anonimyze your events before sending to third party analytics? Like event5, mood12?
yjftsjthsd-h
Maybe there are some things where you just shouldn't use 3rd party analytics, if any.
arminiusreturns
This, especially considering that most research has shown that it's trivally easy to take anonymized data and de-anonymize it.
SergeAx
What is the difference between using Google Analytics and Google Spanner then? Or AWS Aurora vs AWS EC2 for that matter?
yjftsjthsd-h
My understanding is that Google promises not to use data in gcp databases, while it openly says it will use Analytics data for its own purposes. But yes, you should carefully consider that!
j45
This is abhorrent.
Get the top HN stories in your inbox every day.
To quote a dead comment:
"Am I missing something, or are they really being let off with less than a slap on the wrist, and no fines? Not really sending a great message here, FTC."
Agreed. This is one of the most egregious abuses of privacy imagineable.