Should You Use This Encrypted Period Tracking App? – Gizmodo

Posted on by

Screenshot: Lucas Ropek/Stardust

A period-tracking company proclaimed last week that it was dedicated to protecting womens data rather than sharing it with cops in a post-Roe v Wade world. Stardust, a woman-owned period-tracking app, announced that it would be the first company of its kind to roll out end-to-end encryption. E2E limits datas visibility to only the user, keeping personal information safeand is widely considered on of the best privacy protections on the web. Stardust founder and CEO, Rachel Moranis, announced the plans in a video on the apps TikTok account on Friday, claiming the change had already been in the works prior to Roes overturning. What this means is that if we get subpoenaed by the government, we will not be able to hand over any of your period tracking data, she said.

Stardust didnt stop there, though. In a series of tweets, the company went on to state that it hopes to implement a host of new privacy protections, including a way for users to completely opt out of providing any personal identifiable information (no account generation) and use the app fully anonymously, as well as full local data storage. Following the announcements, Stardust saw a huge surge in interestbecoming the second most downloaded app in the U.S., as of Saturday.

Then the company had to do some cleanup. It wiped any mention of end-to-end encryption from its website. It admitted toand pledged to stopsharing data with at least one third-party marketing firm. And it changed its privacy policy to remove language about providing info to cops without any warrant.

The Supreme Courts recent decision to overturn Roe v. Wade and end nearly half a century of constitutional abortion rights in America has already begun to bear ugly results. In a bevy of states, draconian trigger laws have materialized, effectively criminalizing most if not all instances of the medical procedureand more laws are expected in the coming weeks. In this brave new world, civil liberties advocates have expressed concern for the ways in which womens data could be used by law enforcement to monitor for digital evidence of pregnancies. Critics have worried about the data on period tracking apps in particular, which they say could be used to prosecute women who have sought abortions via data on pregnancies that end.

As with anything that sounds potentially too good to be true, critics were quick to point out some problematic elements of Stardusts plans. Questions have swirled about whether the companys new privacy measures will be as effective as they sound. Other critics have wondered whether, in this day and age, it even makes sense to use a period tracking app at all. Its a good questionand worth considering given whats at stake right now.

G/O Media may get a commission

If they want to survive, all of these period tracker apps out there need to really get their house in order and be building up user trust, said Riana Pfefferkorn, a scholar at the Stanford Internet Observatory.

Probably the most problematic thing about Stardusts claims is that they seem to have changed over time. TechCrunch reported Monday that what the company was offering didnt really sound like ironclad end-to-end encryption. The outlet wrote:

Stardust founder [Rachel] Moranis told TechCrunch that all traffic to our servers is through standard SSL (hosted on AWS) and subsequent data storage on AWS RDS utilizing their built-in AES-256 encryption implementation. Although this describes the use of encryption to protect data while in transit and while its stored on Amazons servers, its not clear if this implementation would be considered true end-to-end encryption.

Following the interview with TechCrunch, Stardust apparently scrubbed its website of any mentioning of end-to-end encryption, essentially watering down what it had originally offered to users.

Even more problematically, further analysis of the companys platform appeared to reveal that the firm was occasionally sharing individual users phone numbers with a third-party analytics firm called MixPanel. This kind of information sharing could quite easily lead to the identification of individual userswhich is something the company has promised not to allow. After being confronted with this issue, Moranis told TechCrunch that the current (old) version of Stardust leverages several data collection mechanisms of Mixpanel that we have disabled/removed in the new version. In addition to not sending [personally identifiable information] to Mixpanel, we have also disabled IP tracking for our users to protect from that metadata being used to identify our users.

Meanwhile, Vice News was quick to point out that Stardusts privacy policy left something to be desired. In a story published Monday, the news outlet pointed out that the apps policy acknowledged that it would share information with police whether or not legally required. The policy clarifies that Stardust may...

...share aggregated, anonymized or de-identified, encrypted information, which cannot reasonably be used to identify you, including with our partners or research institutions.

When reached for comment by Gizmodo, a company spokesperson said that Vices story was based on an outdated privacy policy. A visit to Stardusts website on Monday revealed that the language in its privacy policy had been changed. The spokesperson also provided us with a statement from Moranis, Stardusts Founder and CEO, who again reiterated that the new feature was designed to avoid a digital subpoena.

With the update set to go live...Wednesday, June 29th on all iOS devices and Android, users login information will not be associated with their cycle tracking data, and therefore their data will not be a subpoena risk, she said.

We also asked for better information about the apps plans for encryption, but have not heard back yet. We will update this story if we get a response.

Its no surprise that companies like Stardust are now seeking to implement new privacy protections. In fact, such protections might be something of an industry imperative for period trackers, given the full-blown panic about digital health data that now exists afterRoe.

Stanfords Pfefferkorn said that, when properly applied, encryption could be used to protect against the harsh laws currently being passed across the country.

The Dobbs decision [which overturned Roe] underscores the importance of adding strong encryption, by default, wherever it doesnt currently exist already, Pfefferkorn told Gizmodo. She added that companies like Stardust are suddenly under a lot of scrutiny and that their business model is under threat from the public panic spurred by the recent Supreme Court decision. She said, That means being more transparent about the kinds of data that the apps collect and instituting better protections to prevent the data from falling into the wrong hands.

Pfefferkorn also recommended that women invest in existing privacy applications. One of the simplest ways to protect your online communications is to use an encrypted chat platform. For that, one of the best options is to download Signal, a chat app that offers true end-to-end encryption. Its free, easy to use, and should ensure that your conversations stay private. That might be the best place to start.

Follow this link:
Should You Use This Encrypted Period Tracking App? - Gizmodo

Related Posts
This entry was posted in $1$s. Bookmark the permalink.