benoau 20 hours ago

This is the second time [1] that analytics in period apps have been problematic, and also follows the recent hack of MixPanel [2] exposing OpenAI usage data. Seems like 3rd-party analytics are becoming a new frontier for security issues.

[1] https://www.thebureauinvestigates.com/stories/2025-09-03/met...

[2] https://openai.com/index/mixpanel-incident/

  • soumyadeb 20 hours ago

    That one was a security incident—data that had been legitimately collected by an analytics provider was exposed due to a breach.

    This one is about privacy — what data an app chooses to collect and which third parties it intentionally sends that data to. The concern isn't that someone hacked those companies. The distinction is important for us.

    Disclaimer: RudderStack founder.

    • wpm 5 hours ago

      The word "legitimate" is doing some work there

      If they can't keep it safe they have no legitimate interest having the data

troyvit 22 hours ago

Somebody on HN recommended drip awhile ago:

https://f-droid.org/packages/com.drip/

It's not mentioned in the article.

Like Euki it's local-only. I don't know how they compare as far as features but it's cool that there are two good apps out there.

kevin_thibedeau 21 hours ago

Whenever this issue comes up I feel the need to relay a story about a meeting with a databroker in 1998 who was tracking menstrual cycles using purchasing records of a wide variety of consumer goods. They will track you to optimize their manipulative, targeted advertising whether you have an invasive app or not.

  • annzabelle 20 hours ago

    I've heard rumors, maybe that far back, of women getting mail ads for baby clothes a couple weeks before having a positive pregnancy test.

  • m463 19 hours ago

    I wonder about not only baby or feminine supplies, but also snack coupons and dating apps

    • kevin_thibedeau 19 hours ago

      Any behavioral pattern with a 28 day correlation will pop out. Once you get a rough estimate, you can aggregate subjects with dates shifted into alignment to find more subtle correlations.

  • throwway120385 5 hours ago

    What's different is that the period tracker apps have women provide that information pretty directly. The data broker probably had to do a lot of work and then estimate with a confidence level. So there's a significant difference in level of effort there, and then because of the estimate the data becomes much less valuable because it's only plausible it's not certain.

    This argument gets trotted out whenever people talk about privacy and protection of personal information. I hear it when people discuss LPR systems, cameras, and the like too.

    These data-gathering applications of technology should be treated specially because they make it extremely easy to gather high-confidence data about individuals. I bet your data broker couldn't predict when someone was ovulating or whether they were pregnant or count how many miscarriages they had just based on purchase history? This is all data that period tracker apps capture pretty directly. The miscarriages one is particularly bad because that data could be misconstrued as abortion and in US states where that's illegal it could get you into real trouble. There's a small but vocal subset of the population that seems to want to punish women for anything other than a healthy delivery. But when my spouse and I were trying everyone we talked to had at least one if not more miscarriage stories.

annzabelle 21 hours ago

I use Macrofactor (macro tracking app for lifters with good privacy/UI) as a weight/period tracker, and occasional macro tracker. I don't think anybody is going to go to the effort to hack their databases to find the 100 women tracking our periods on it.

The one downside is that they do days since last period as days since the end of your last period, not days since the start, unlike literally every woman and gynecologist ever.

  • nonameiguess 21 hours ago

    MacroFactor is very rare in the modern software world, probably because it was created by fitness science junkies rather than VCs or engineers. Greg was extremely adamant from the start that they're charging money, take it or leave it, but selling the product itself is all they're ever going to sell. No monetizing user data. No dark patterns to drive engagement and keep you in the app. All they're trying to drive is better lifting and better eating because that's honest to god Greg and Lindsay Nuckols passions in life, not getting rich. Classic lifestyle business that'll never eat the world, but it'll pay the rent in North Carolina for two 40 year-olds with no kids.

    • annzabelle 20 hours ago

      I do find that the best apps are the paid ones, they don't need to be relying on selling user data to make a profit.

      Sadly, a lot of the great boutique lifestyle business paid apps are apple only, and I can't stand the typing experience on iphones.

      • faangguyindia 8 hours ago

        >I do find that the best apps are the paid ones, they don't need to be relying on selling user data to make a profit.

        There is no limit to greed, you can find billionaires who are after trillions. This line of reasoning is at fault.

    • Slow_Hand 20 hours ago

      I've been using Macrofactor for many years (after a HN recommendation) and now that you mention it, I've been super happy with the experience and don't detect a whiff of dark patterns, unwarranted tracking, or bad business practices that plague other apps.

      The value of tracking my diet and health has been well worth it. I will happily pay their asking price and it's heartening to hear that the founders/owners are committed to good practices.

      Side note: I recently switched over fully to the Proton Unlimited ecosystem. Another ethical service that I will happily pay for.

      I'm beginning to think that we might be able to turn this shitty ad-industry-lead ship around, folks. Or at least we have strong alternatives these days for the people who care.

      Now if I can just get my social groups to use Signal.

      • faangguyindia 9 hours ago

        Most people won't pay $70 a year for an app which uses Gemini API to track calories.

        That's something you can directly do in AI studio for free, or use free API quota.

    • faangguyindia 20 hours ago

      Greg isn't the only person who owns MF, there are people like Nippard who call it (my app and are either shareholder or promoter with a lot of influence), if you look at the whole hussein and julian fiasco and solomon nelson episode well...

      This is kinda misleading. First of all, MacroFactor uses the Gemini API for photo to calorie/macro estimation, so the data does leave their premises. It does not work completely offline, so it does call home, and after that, you never really know what happens with the data.

      MacroFactor charges roughly $70 a year. MacroCodex is free and doesn't require an internet connection to work. It can also offset random weight gain due to PMS or other short term hormonal cyclical issues, as well as other water retention issues. It doesn't even ask for your phone number or email or even date of birth!! (it just asks age) on Android. On the web app, an email is required only for storing your data (due to the volatile web storage offered in PWAs, where the OS/browser can evict storage under memory pressure).

      If an app doesn't collect your personal identifiable data it cannot sell it, if it's capable of running offline it can be put behind a firewall rule and/or diagnostic/telemetry data disabled in setting though i'd argue if it's not collecting your personal info and want data for improvement of specific app feature (which benefit from data analysis) then you should perhaps analyze the risk of this decision.

quadrifoliate 19 hours ago

I'm male, and clearly don't know enough about this--are there any benefits for the user that a period tracking app can provide by reaching out to the cloud? I guess backing up your data is an obvious one.

I thought entering the information is like 90% of the tracking, everything else is mostly calculation/averaging and none of it needs to live on a server. The Euki app seems like my idea of what it would always be.

  • makeitdouble 18 hours ago

    Yes, backing up is the most obvious reason to have it live on a server from the user POV. And of course the app vendor will want more lockin and be able to keep the data hostage.

    Paying for apps doesn't help as much as expected, as they'll want to keep the revenue stream alive. Solving this conundrum would require to deal with both side of the coin.

    The real solution to this would be to give everyone and their dog a standardised online server with legally enforced privacy, and have sandboxed apps manage data in and out in a interexchangeable format, but I feel like I'm asking for peace on earth.

    PS: we have banks for money, there should really be something similar for data.

    • RajT88 18 hours ago

      > PS: we have banks for money, there should really be something similar for data.

      It's very hard to imagine a government who would have this too far up their list of priorities. Switzerland maybe. Then Germany, France. Maybe. It's hard to imagine it catching on between the monied interests who can influence government and the lack of consumer awareness of the problem it is solving.

    • epihelix 17 hours ago

      Not quite what you're suggesting, but at least Nextcloud (and other open self-hosting platform) servers are a thing.

      All you need is for the app to provide the option of saving to local storage – your cloud server software provides a local storage endpoint and does the rest.

    • ButlerianJihad 14 hours ago

      > PS: we have banks for money, there should really be something similar for data.

      There is, but the majority of HN participants hate the existing banks with a white-hot passion, and rail against those banks, and prefer to store their cash under their mattress, and their photos in Chad's garage, and they actively discourage everyone else from trusting banks, especially the biggest ones.

      • Terr_ 12 hours ago

        I don't think "majority", although the word might describe certain topics/threads that have a bit of selection-bias.

    • faangguyindia 8 hours ago

      >Yes, backing up is the most obvious reason to have it live on a server from the user POV. And of course the app vendor will want more lockin and be able to keep the data hostage.

      Android comes with auto backup, https://developer.android.com/identity/data/autobackup

      App developers choose to collect more data than they need.

    • iamacyborg 8 hours ago

      > The real solution to this would be to give everyone and their dog a standardised online server with legally enforced privacy, and have sandboxed apps manage data in and out in a interexchangeable format, but I feel like I'm asking for peace on earth.

      That sounds like Tim Berners-Lee’s Solid project.

      https://en.wikipedia.org/wiki/Solid_(web_decentralization_pr...

      • jMyles 5 hours ago

        > I feel like I'm asking for peace on earth.

        FWIW, this is not an unreasonable ask either.

  • anigbrowl 18 hours ago

    If the vendors cared they'd encrypt it client-side and update at regular intervals so that whatever they stored on the servers was unreadable to them. My understanding is that this data isn't covered by HIPAA, which only covers licensed medical providers; you'd think that such personal information would automatically qualify for privacy protections, but [helpless shrug]

  • faangguyindia 8 hours ago

    You can collect data without collecting information about who the data belongs to if you only need it to improve your statistical model. That's what we do. We do not know the user's name, phone number, email address, or date of birth. I think it's best to not collect stuff you don't need for your app to work.

  • drdexebtjl 7 hours ago

    Sharing with your partner is a big one.

    Whether you’re trying to have a baby, buying her snacks, or planning beach/pool activities together, it’s very useful.

    • mishellaneous 6 hours ago

      > Sharing with your partner is a big one.

      how is that even 10% more convenient than simply speaking? nevermind being worth giving away private data.

      • drdexebtjl 2 hours ago

        It just is? I used to get notifications that said something like “$partner is likely to be irritable for the next 2 days”, so I could be extra careful not to piss her off.

        No way you can get someone to tell you that unprompted.

        Now, of course I would prefer if that data was end-to-end encrypted.

        • mishellaneous 1 hour ago

          > It just is? I used to get notifications that said something like “$partner is likely to be irritable for the next 2 days”, so I could be extra careful not to piss her off.

          to be clear, you think getting a notification about an incoming period is more convenient than being directly told about it? even considering you'll probably already be speaking to this person during this period (otherwise the notification is pointless)?

          that barely makes sense even in the strict interpretation where it means that it takes less key presses to enter your period information on an app than typing "i'm on my period" every month (though i doubt you can beat typing "pms").

          > No way you can get someone to tell you that unprompted.

          and you can get people to, connect/sync with you or whatever, on yet another app, made strictly for this purpose, unprompted?

          > Now, of course I would prefer if that data was end-to-end encrypted.

          but the important question is the intensity of this preferrence. clearly, it's not as strong as your preferrence for... one key press less per month?

          how is that saying? if one key press less per month is all it takes for you to give up private information, then i have a bridge to sell to you.

  • berofeev 4 hours ago

    I (a male) use it to have my partner's menstrual cycle on my own phone.

SoftTalker 17 hours ago

I would never trust any private health data to an app. I don't care what promises or claims they make. The technology is fundamentally untrustable, and even if a vendor is doing the right thing today, they (or any intermediary) could change tomorrow.

  • bell-cot 14 hours ago

    > even if a vendor is doing the right thing today,

    ... they could fail to realize that they were hacked last year.

    Sadly, the same issues apply to the copies of your private health data in your doctor's computer, your insurance company's computer, your hospital's computer, your pharmacy's computer, etc.

    Avoiding the app reduces the attack surface. With the minor moral victory of not having gone out of your way to make it easy for the enemies of your privacy.

    • SoftTalker 3 hours ago

      I avoid the medical establishment as much as I can, partly for this reason.

  • Terr_ 12 hours ago

    > they (or any intermediary) could change tomorrow.

    Adding to this, my understanding (IANAL) is that any promises to delete or limit sharing of your data could be swept-aside by a bankruptcy judge, putting priority on liquidating the company and its assets for the maximum amount of money for creditors.

    If well-intentioned operators erase your data before the company falls into the hands of the trustee or creditors, an unsympathetic legal-system could end up charging them with crimes for it.

  • fsflover 4 hours ago

    > I would never trust any private health data to an app. I don't care what promises or claims they make.

    If the app is free software, then you don't need to trust; you can verify instead. See: apps on F-Droid.

bell-cot 22 hours ago

Only one (of the six reviewed) that I'd call acceptable -

> Euki is the only app Mozilla recommends without reservations. "Euki is special," Wodinsky* says.

> Unlike the other apps on this list, Mozilla says Euki keeps all your health information stored on your device, without even sending it to the company's servers.

> You don't even need to make an account, so you can stay completely anonymous. Euki also offers a "decoy" feature that shows fake, harmless information if someone gets your phone and tries to snoop.

*Shoshana Wodinsky, a privacy research analyst who tested 6 period tracker on behalf of the Mozilla Foundation

  • _def 22 hours ago

    It's really sad to see that this is not the usual kind of software people are exposed too.

  • _blk 22 hours ago

    It indeed looks like the rest are "you're the product" (tm) type apps. Honestly, I don't expect much from Play Store (or App Store for that matter) these days but as a developer it's terrible what hoops you have to go through to publish your app.. Endless forms to fill out manually and then the overall store quality is just disappointing. Ads, ads, more ads and privacy and security debacles. Now it also looks like locking down on outside app stores like F-Droid.. Developers and hackers will find solutions but for the general population I'm not very hopeful. As to the period apps:

    > This is also not Planned Parenthood's first run in with privacy criticisms. I wrote about similar problems four years ago, for example. The organisation didn't respond to a request for comment.

    .. And it doesn't look like they care to change anything about it. Who can end this on a positive note? I hate to be this negative but I don't see it.

like_any_other 4 hours ago

Ctrl+F "open source", "free software": 0 results

In contrast with the (single) mention of open-source on Mozilla's website that the BBC article cites: https://www.mozillafoundation.org/en/nothing-personal/period...

These articles are always so vague, never explaining the difference between proprietary and free software, and even treating sending data to company servers as some kind of acceptable default, only raising privacy alarms when the data is also sent (directly) to some 3rd party server. As if that makes any difference once the company has your data - they can sell it to whoever themselves.

elephant81 19 hours ago

What is the privacy concern vs a weight loss tracker?

  • tredre3 19 hours ago

    Nobody cares that you're fat. But apparently (some) Americans care if your tracker shows that you've missed your period for one or two months before resuming as normal (indicating a possible abortion).

    • TitaRusell 11 hours ago

      Ultimately the only protection for that is cultural. If a majority of the population is atheist and refuses to subjugate themselves to authority it doesn't matter what data is leaked. Will that day ever come for America? Unlikely.

      • psd1 9 hours ago

        It's not presently visible, agreed. Two problems with your gates: 1. "intolerant minority" - america's christ-reagan constituency is shrill enough to get its way without coming close to half the electorate, and 2. you can refuse social credit systems like you can punch mist. In other words, you only need perhaps 10% of the electorate to be utter cunts and you're fucked. I don't know what country has below 10% utter cunts... Bhutan?

scotty79 20 hours ago

Why not something p2p and encrypted? https://peerloomllc.com/pearpetal/ No servers, no problem. You fear losing your device? I'm sure you have more than one, any additional one you have is a fully functional backup.

The technology it is built on is extremely cool. http://pears.com/

Or better yet. Why trust this one (even though the source is on github)? You can just ask your AI agent to build you your custom one on the basis of this technology.

fragmede 20 hours ago

Period trackers are the perfect usecase for homomorphic encryption, where the system can operate on the data without knowing what the data says. It's slow and has a lot of overhead, but it's an active area of research. That way, the platform doesn't know what you're telling it. You have to trust the platform to have implemented it properly, and it's rather nerdy a detail, so it's no surprise there isn't one yet.

  • buredoranna 20 hours ago

    I love this stuff, even though its way over my head

    > We are a community of researchers and developers interested in advancing Fully Homomorphic Encryption (FHE) and other secure computation techniques.

    https://fhe.org/

    (edit: formatting)

guilhas 7 hours ago

On the other hand

Why are so many women saying their periods are suddenly late or irregular? Experts explain https://dailynews.co.za/lifestyle/health/2026-07-14-why-are-...

Your menstrual cycle may affect how well vaccines work https://www.newscientist.com/article/2532245-your-menstrual-...

COVID-19 vaccine 'disrupted the periods of thousands of women' - but changes 'short-lived' https://news.sky.com/story/covid-19-vaccine-disrupted-the-pe...

I always use open source apps, but at the same time I wonder how can my we all benefit from each other data respectfully of privacy, health or otherwise

And anyway the data that the other 50 apps are collecting on most people phones can be used to infer most of this. Your locations, what you bought recently, what you searched online, which sites have you been, what you asked your chat bot, what you liked or viewed in social media...

soumyadeb 21 hours ago

RudderStack founder here.

Although the article doesn't accuse us of doing anything improper, we weren't contacted for comment, so I'd like to clarify our role.

We are customer data infrastructure, not a data broker. We do not buy, sell or monetize the customer data that passes through our systems.

Our role is analogous to infrastructure: customers choose what data to send, and RudderStack routes that data to the destinations they configure (analytics tools, data warehouses, marketing platforms, etc.). The customer owns the data and decides where it goes; RudderStack does not repurpose it for its own business.

Infrastructure providers like us should be held to high standards for security and privacy, but we should not be confused with companies that collect or monetize end-user data.

  • _blk 21 hours ago

    Awesome insight. Thanks for clarifying! @bbc please update because there's definitely an implicit complicity in your article.

  • inigyou 21 hours ago

    Are analytics tools, data warehouses, and marketing platforms the only types of destinations you support? Because if that's the case then your system appears to only be useful for privacy invasions.

    • soumyadeb 19 hours ago

      And others - customer support, feature flags, personalization, data quality, machine learning, internal BI, operational databases, security systems etc.

      Ultimately, RudderStack is infrastructure that moves first-party data between systems more like message queues.

  • hluska 21 hours ago

    The article did not accuse you of anything and went so far as to say “There's nothing unlawful going on, and there's no reason to think RudderStack (or any company mentioned in this story) is doing something nefarious.”

    I’m struggling to understand why you would feel the need to comment. Or why you even think the BBC would have contacted you. This is one of those moments in PR where a response with no reason makes reasonable people wonder why.

    • soumyadeb 20 hours ago

      My concern is that terms like "data management company" (and another article described us as an "analytics company") are broad enough that many readers could reasonably infer we're collecting, storing, or monetizing sensitive end-user data.

      I wanted to clarify that distinction because we've already had people reach out asking whether we were involved in collecting or using this data.

      Its bad PR for us

    • wavemode 18 hours ago

      I disagree. The article very clearly makes it sound like there is some reason RudderStack ought to be listed by name in the privacy policy of the Stardust app. When in reality, it would make no more sense to list them by name, than it would make sense to list AWS or CloudFlare or any other technical infrastructure through which customer data passes.

      > Mozilla uncovered numerous privacy problems across various apps, but Stardust was the only one found sharing detailed reproductive health data with another company.

      > The report found that Stardust sends users' health information to a data management company called RudderStack, which isn't named in its privacy policy. That data includes pregnancy status, birth control, moods, alcohol consumption and specific symptoms like tender breasts and stomach cramps.

      > Companies often share data with outside services to process information and analyse user behaviour. There's nothing unlawful going on, and there's no reason to think RudderStack (or any company mentioned in this story) is doing something nefarious.

      > However, experts say it's inherently risky when your data spreads to more places. It creates another opportunity for security breaches or legal requests for information. Besides, you may just be uncomfortable with another company seeing your health data.

      > A Stardust spokesperson says the company only uses RudderStack as a "technical pipeline" to route data into its own analytics systems, and the app doesn't share anything that could allow RudderStack to identify your name or contact information. "Additionally, RudderStack is contractually prohibited from selling or using it for its own purposes," and RudderStack doesn't store the data long-term, the spokesperson says.

      > "People deserve better," says Shoshana Wodinsky, a privacy research analyst who conducted Mozilla's tests. At the very least, she says, you should know what's happening.

      • soumyadeb 18 hours ago

        Even the statement, "RudderStack is contractually prohibited from selling or using it for its own purposes," implies that the "contract" is what prevents us from selling customer data. In reality, that's not our business model and not how we operate.

        Granted, that statement came from our customer and not incorrect, but these small things can be mis-interpreted.

chambored 20 hours ago

As others in the thread have pointed out, Euki is a wonderful application and having interacted with members of their team, I know they are committed to maintaining their liberating privacy stances.