Connect with us

Technology

Why US women are deleting their period tracking apps | Privacy

Voice Of EU

Published

on

Many American women in recent days have deleted period tracking apps from their cellphones, amid fears the data collected by the apps could be used against them in future criminal cases in states where abortion has become illegal.

The trend already started last month when a draft supreme court opinion that suggested the court was set to overturn Roe v Wade was leaked, and has only intensified since the court on Friday revoked the federal right to abortion.

These concerns are not baseless. As with various other apps, cycle trackers collect, retain and at times share some of their users’ data. In a state where abortion is a crime, prosecutors could request information collected by these apps when building a case against someone. “If they are trying to prosecute a woman for getting an illegal abortion, they can subpoena any app on their device, including period trackers,” said Sara Spector, a Texas-based criminal defense attorney, and ex-prosecutor.

“But every company has their individual storage and privacy policy about how they use and how long they store data,” Spector added.

Cycle trackers are popular for a reason. Nearly a third of American women have been using them, according to a 2019 survey published by the Kaiser Family Foundation. They have helped make women’s lives easier in many ways, from family planning and detecting early signs of health issues to choosing the perfect time for a holiday.

A 2019 study published in the British Medical Journal (BMJ) found that 79% of health apps available through the Google Play store that were related to medicine, including apps that help manage drugs, adherence, medicines, or prescribing information, regularly shared user data and were “far from transparent”. But many of the big players have made progress over the past years.

A smartphone sits on a light wooden table showing the period tracker app Clue in the Google Play store.
The Berlin-based period tracker app Clue says it does not store sensitive personal data without the user’s explicit permission. Photograph: Piotr Swat/Alamy

Two of the most popular period trackers in the US, Flo and Clue, have more than 55 million users combined. The Berlin-based app Clue said it was “committed to protecting” users’ private health data and that it was operating under strict European GDPR laws. The company’s website says the app collects device data, event and usage data, in addition to a user’s IP address, health and sensitive data it may use for the purpose of improving the app, the services, and preventing abusive use of its service. But Clue does not track users’ precise location, and says it does not store sensitive personal data without a user’s explicit permission. The company also tweeted that it would have a “primary legal duty under European law” not to disclose any private health data and it would “not respond to any disclosure request or attempted subpoena of their users’ health data by US authorities”.

But just because data is being processed by a European company, doesn’t mean that it is entirely immune from US prosecution, said Lucie Audibert, a lawyer at Privacy International, a global NGO that researches, litigates and advocates against abuses of technology and data by governments and corporations.

“The fact that GDPR applies is not that relevant in this case. When it comes to a legitimate legal request from US authorities European companies usually comply. Also, a European company may be hosting data outside the EU, making it subject to different legal frameworks and cross-border agreements,” Audibert added. She also stressed that using a Europe-based app won’t protect women from the courts requesting data from them directly. But it can be a slightly better option than using a US-based one because US companies are more easily compelled to comply with American authorities and courts’ requests. Enforcement is more difficult against European ones.

Flo has come under fire for sharing its users’ data before. The company says on its website it only uses data “for research activities” and that it only uses “de-identified or aggregated data, which cannot be associated” with specific users. But an investigative piece by the Wall Street Journal has found that the app informed Facebook when a user was on their period or if they intended to get pregnant. In 2021, the Federal Trade Commission (FTC) reached a settlement with Flo. Under the settlement, Flo must undergo an independent review of its privacy policy and obtain user permissions before sharing personal health information. Flo did not admit any wrongdoing.

On Friday, Flo announced that it will soon be launching an “Anonymous mode” that can help keep users’ data safe in any circumstances.

The company did not respond to a request for comment.

A relatively new, astrology-focused period tracker, Stardust, became the most downloaded free app on iOS in the days after the supreme court’s decision. Stardust’s Twitter bio says it is a “privacy first period tracking app”. But as Vice News reported, the company stated in its privacy policy that if authorities ask for user data, it will comply, whether legally required to or not. It said that the data was “anonymized” and “encrypted”.

“We may disclose your anonymized, encrypted information to third parties in order to protect the legal rights, safety and security of the company and the users of our services; enforce our terms of service; prevent fraud; and comply with or respond to law enforcement or a legal process or a request for cooperation by a government or other entity, whether or not legally required,” their privacy policy stated as of Monday.

Following Vice’s request for comment, Stardust changed its privacy policy to omit the phrase about cooperating with law enforcement “whether or not legally required” to “when legally required”.

Stardust did not immediately respond to a request for comment.

Planned Parenthood encourages people to use their app Spot On. “People who want to track their periods and birth control always have the option to remain anonymous by using the Spot On app without creating an account,” the organization said in a statement. “This way, period or birth control data is only saved locally to a person’s phone and can be deleted at any time by deleting the app.”

Third-party apps are not the only option when it comes to period trackers. Apple has a built-in cycle tracker in its Health app that offers more privacy than most external apps. With just a few steps, one can turn off the storing of their health data in iCloud, and it also has the option to store the encrypted data on their computer or phone.

Evan Greer, deputy director of the non-profit advocacy group Fight for the Future, said the best way to protect sensitive health data was to only use apps that store data locally rather than in the cloud. “Because any app where a company [that could receive a subpoena] has access to their users’ data could make it vulnerable for a legal request.”

An image of an Apple iPhone screen shows app icons, including the Health app.
Apple’s Health app has a built-in cycle tracker that offers users privacy. Photograph: Richard Sheppard/Alamy

Eva Blum-Dumontet, a tech policy consultant, said, “It is normal that in times of concern, people are looking differently at technology and apps that we trusted.

“I think when there is a discourse around whether women should delete these apps, we have to think about why they use them in the first place,” Blum-Dumontet said. “These trackers help them manage menstrual cycle when they are experiencing pain.”

Blum-Dumontet stressed that instead of asking users to change their behaviors, “it is period trackers that should change their practices”.

“They should never have owned so much data in the first place. If they adopted practices like storing data locally and minimizing the data to what’s strictly necessary we wouldn’t be having this debate now. It’s not too late for them to do the right thing,” she said.

“The companies that have been making a profit out of women’s bodies need to think very carefully about how they will protect their users,” she continued.They haven’t all been the best in the past when it comes to data sharing. The only way they can survive in this market, the only way they can make themselves trustworthy is by improving their privacy policy and giving users more control over their data,” she said. “If any of these apps will be used in court against their users, it will not be good PR for them.”

Melissa, a 27-year-old mother from Texas who is goingby only her first name to not jeopardize her employment, said she deleted the app because she fears that when she travels, her state could use her missed period data against her.

“I will miss using the app so much. I have used it for so many things, like tracking my ovulation or predicting my mood changes. Sometimes I wake up feeling irritable, and I don’t know why until my app tells me that this could be normal at this point of my cycle,” she added. Melissa also says she would have loved to use it for future conceptions, but now she can’t.

Although much of the warnings on Friday were focused on just period trackers these are not the only apps that can be used against users when it comes to criminal prosecution, experts warned.

“Google Maps or a random game on your phone could just as easily be weaponized against someone as a menstrual tracking app,” Greer said. “While we need to educate each other and take precautions, it’s not OK to put the responsibility solely on individuals. Companies and lawmakers need to act immediately to protect people.”

The concerns over period tracking data are part of a broader conversation about the amount of personal information smartphones collect. Women’s rights organizations all over the world are warning users to be more mindful of their digital presence, not just when it comes to period trackers.

Cycle tracking apps can be hugely useful for many women, said Jonathan Lord, UK medical director for MSI Reproductive Choices. “But all data can be used against you.”

According to Lord, this danger will remain until “we treat abortion like all other healthcare – regulated like all other medical procedures, but not criminalized”.



Source link

Technology

Meditation app Calm sacks one-fifth of staff | Meditation

Voice Of EU

Published

on

The US-based meditation app Calm has laid off 20% of its workforce, becoming the latest US tech startup to announce job cuts.

The firm’s boss, David Ko, said the company, which has now axed about 90 people from its 400-person staff, was “not immune” to the economic climate. “In building out our strategic and financial plan, we revisited the investment thesis behind every project and it became clear that we need to make changes,” he said in a memo to staff.

“I can assure you that this was not an easy decision, but it is especially difficult for a company like ours whose mission is focused on workplace mental health and wellness.”

The Calm app, founded in 2012, offers guided meditation and bedtime stories for people of all ages. It received a surge of downloads triggered by the 2020 Covid lockdowns. By the end of that year, the software company said the app had been downloaded more than 100 million times globally and had amassed over 4 million paying subscribers.

Investors valued the firm, which said it had been profitable since 2016, at $2bn.

In the memo, Ko went on: “We did not come to this decision lightly, but are confident that these changes will help us prioritize the future, focus on growth and become a more efficient organization.”

More than 500 startups have laid off staff this year, according to layoffs.fyi, a website that tracks such announcements.

Source link

Continue Reading

Technology

Let there be ambient light sensing, without data theft • The Register

Voice Of EU

Published

on

Six years after web security and privacy concerns surfaced about ambient light sensors in mobile phones and notebooks, browser boffins have finally implemented defenses.

The W3C, everyone’s favorite web standards body, began formulating an Ambient Light Events API specification back in 2012 to define how web browsers should handle data and events from ambient light sensors (ALS). Section 4 of the draft spec, “Security and privacy considerations,” was blank. It was a more carefree time.

Come 2015, the spec evolved to include acknowledgement of the possibility that ALS might allow data correlation and device fingerprinting, to the detriment of people’s privacy. And it suggested that browser makers might consider event rate limiting as a potential mitigation.

By 2016, it became clear that allowing web code to interact with device light sensors entailed privacy and security risks beyond fingerprinting. Dr Lukasz Olejnik, an independent privacy researcher and consultant, explored the possibilities in a 2016 blog post.

Olejnik cited a number of ways in which ambient light sensor readings might be abused, including data leakage, profiling, behavioral analysis, and various forms of cross-device communication.

He described a few proof-of-concept attacks, devised with the help of security researcher Artur Janc, in a 2017 post and delved into more detail in a 2020 paper [PDF].

“The attack we devised was a side-channel leak, conceptually very simple, taking advantage of the optical properties of human skin and its reflective properties,” Olejnik explained in his paper.

“Skin reflectance only accounts for the 4-7 percent emitted light but modern display screens emit light with significant luminance. We exploited these facts of nature to craft an attack that reasoned about the website content via information encoded in the light level and conveyed via the user skin, back to the browsing context tracking the light sensor readings.”

It was this technique that enabled the proof-of-concept attacks like stealing web history through inferences made from CSS changes and stealing cross origin resources, such as images or the contents of iframes.

Snail-like speed

Browser vendors responded in various ways. In May 2018, with the release of Firefox 60, Mozilla moved access to the W3C proximity and ambient light APIs behind flags, and applied further limitations in subsequent Firefox releases.

Apple simply declined to implement the API in WebKit, along with a number of other capabilities. Both Apple and Mozilla currently oppose a proposal for a generic sensor API.

Google took what Olejnik described his paper as a “more nuanced” approach, limiting the precision of sensor data.

But those working on the W3C specification and on the browsers implementing the spec recognized that such privacy protections should be formalized, to increase the likelihood the API will be widely adopted and used.

So they voted to make the imprecision of ALS data normative (standard for browsers) and to require the camera access permission as part of the ALS spec.

Those changes finally landed in the ALS spec this week. As a result, Google and perhaps other browser makers may choose to make the ALS API available by default rather than hiding it behind a flag or ignoring it entirely. ®



Source link

Continue Reading

Technology

4 supports that can help employees outside of work

Voice Of EU

Published

on

Everyone has different situations to deal with outside of the workplace. But that doesn’t mean the workplace can’t be a source of support.

Employers and governments alike are often striving to make workplaces better for everyone, whether it’s workplace wellbeing programmes or gender pay gap reporting.

However, life is about more than just the hours that are spent in work, and how an employer supports those other life challenges can be a major help.

Family-friendly benefits

Several companies have been launching new benefits and policies that help families and those trying to have children.

Job site Indeed announced a new ‘family forming’ benefit package earlier this year, which is designed to provide employees with family planning and fertility-related assistance.

The programme includes access to virtual care and a network of providers who can guide employees through their family-forming journey.

Vodafone Ireland introduced a new fertility and pregnancy policy in February 2022 that includes extended leave for pregnancy loss, fertility treatment and surrogacy.

And as of the beginning of 2022, Pinterest employees around the world started receiving a host of new parental benefits, including a minimum of 20 weeks’ parental leave, monetary assistance of up to $10,000 or local equivalent for adoptive parents, and four weeks of paid leave to employees who experience a loss through miscarriage at any point in a pregnancy.

Helping those experiencing domestic abuse

There are also ways to support employees going through a difficult time. Bank of Ireland introduced a domestic abuse leave policy earlier this year, which provides a range of supports to colleagues who may be experiencing domestic abuse.

Under the policy, the bank will provide both financial and non-financial support to colleagues, such as paid leave and flexibility with the work environment or schedule.

In emergency situations where an employee needs to immediately leave an abusive partner, the bank will help through paid emergency hotel accommodation or a salary advance.

In partnership with Women’s Aid, the company is also rolling out training to colleagues to help recognise the symptoms of abuse and provide guidance on how to take appropriate action.

Commenting on the policy, Women’s Aid CEO Sarah Benson said employers who implement policies and procedures for employees subjected to domestic abuse can help reduce the risk of survivors giving up work and increase “feelings of solidarity and support at a time when they may feel completely isolated and alone”.

A menopause policy

In 2021, Vodafone created a policy to support workers after a survey it commissioned revealed that nearly two-thirds of women who experienced menopause symptoms said it impacted them at work. A third of those who had symptoms also said they hid this at work. Half of those surveyed felt there is a stigma around talking about menopause, which is something Vodafone is seeking to combat through education for all staff.

Speaking to SiliconRepublic.com last year, Vodafone Ireland CEO Anne O’Leary said the company would roll out a training and awareness programme to all employees globally, including a toolkit to improve their understanding of menopause and provide guidance on how to support employees, colleagues and family members.

In Ireland, Vodafone employees are able to avail of leave for sickness and medical treatment, flexible working hours and additional care through the company’s employee assistance programme when going through the menopause.

Support hub for migrants

There are also initiatives to help people get their foot on the employment ladder.

Earlier this year, Tánaiste Leo Varadkar, TD launched a new service with education and employment supports for refugees, asylum-seekers and migrants.

The Pathways to Progress platform is part of the Open Doors Initiative supporting marginalised groups to access further education, employment and entrepreneurship in Ireland.

As part of the initiative, member company Siro offered a paid 12-week internship programme for six people who are refugees. The internships include job preparation, interview skills and access to the company’s online learning portals.

Open Doors Initiative CEO Jeanne McDonagh said the chance to land a meaningful job or establish a new business is key to people’s integration into Ireland, no matter what route they took to get here.

“Some are refugees, some are living in direct provision, some will have their status newly regularised, and others will come directly for work,” she said. “Our new service aims to support all migrants in finding a decent job as they prepare to enter the Irish workforce, and to support employers as they seek to build an inclusive culture in their workplaces.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!